× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54aae5641d6d15c7c8942610e92b514cae0c81210cef000338ce8ef413d8c650
File name: a866ba0b03514d771c433279e27d096a.virus
Detection ratio: 51 / 66
Analysis date: 2019-02-21 21:56:09 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190221
Ad-Aware Trojan.GenericKD.40280435 20190221
AhnLab-V3 Trojan/Win32.Korat.C2571733 20190221
ALYac Trojan.GenericKD.40280435 20190221
Antiy-AVL Trojan/Win32.AGeneric 20190221
Arcabit Trojan.Generic.D266A173 20190221
Avast Win32:BackdoorX-gen [Trj] 20190221
AVG Win32:BackdoorX-gen [Trj] 20190221
Avira (no cloud) HEUR/AGEN.1032151 20190221
BitDefender Trojan.GenericKD.40280435 20190221
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4 20190221
ClamAV Win.Packed.Bladabindi-6717505-0 20190221
Comodo TrojWare.MSIL.Injector.OQB@7xhkt9 20190221
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.b03514 20190109
Cylance Unsafe 20190221
Cyren W32/MSIL_Injector.CB.gen!Eldorado 20190221
DrWeb BackDoor.Orcus.14 20190221
Emsisoft Trojan.GenericKD.40280435 (B) 20190221
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/Kryptik.OQB 20190221
F-Secure Heuristic.HEUR/AGEN.1032151 20190221
Fortinet MSIL/Kryptik.PDP!tr 20190220
GData Trojan.GenericKD.40280435 20190221
Ikarus Trojan.MSIL.Krypt 20190221
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cgitk 20190221
K7AntiVirus Trojan ( 0051b5d71 ) 20190221
K7GW Trojan ( 0051b5d71 ) 20190221
Kaspersky HEUR:Trojan.Win32.Generic 20190221
Malwarebytes Backdoor.Bladabindi 20190221
MAX malware (ai score=80) 20190221
McAfee Packed-FHH!A866BA0B0351 20190221
McAfee-GW-Edition BehavesLike.Win32.Generic.nm 20190221
Microsoft Backdoor:MSIL/Bladabindi 20190221
eScan Trojan.GenericKD.40280435 20190221
NANO-Antivirus Trojan.Win32.Orcus.ffvlkl 20190221
Qihoo-360 HEUR/QVM03.0.6279.Malware.Gen 20190221
Rising Trojan.MSIL/Kryptik!1.B5B8 (CLASSIC) 20190221
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Rennes-A 20190221
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20190220
Symantec Backdoor.Ratenjay 20190221
TheHacker Trojan/Kryptik.oqb 20190217
Trapmine malicious.high.ml.score 20190123
VBA32 TScope.Trojan.MSIL 20190221
VIPRE Trojan.Win32.Generic!BT 20190221
ViRobot Backdoor.Win32.Agent.102336 20190221
Webroot W32.Adware.Gen 20190221
Yandex Trojan.Agent!5WAK4DHEsrQ 20190221
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190221
AegisLab 20190221
Alibaba 20180921
Avast-Mobile 20190221
Babable 20180918
Baidu 20190215
CMC 20190221
eGambit 20190221
Kingsoft 20190221
Palo Alto Networks (Known Signatures) 20190221
Panda 20190221
Symantec Mobile Insight 20190220
TACHYON 20190221
Tencent 20190221
TotalDefense 20190221
Trustlook 20190221
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
aluminium © gluttonous

Product frozen
Original name 1.exe
Internal name 1.exe
File version 1.28.14.52
Description approximation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-11 17:07:31
Entry Point 0x0001965E
Number of sections 3
.NET details
Module Version ID d7a67fae-d774-43ac-8204-24f9b04cb84b
TypeLib ID 68a8b8f3-4e11-4b3e-a19e-f1d3d4ed8161
PE sections
Overlays
MD5 c6963e262f21954fa0b68e399556d1b6
File type data
Offset 98304
Size 2112
Entropy 7.91
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

ProductName
frozen

FileVersionNumber
1.28.14.52

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1536

FileTypeExtension
exe

OriginalFileName
1.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.28.14.52

TimeStamp
2018:06:11 19:07:31+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
1.exe

ProductVersion
1.28.14.52

FileDescription
approximation

OSVersion
4.0

FileOS
Win32

LegalCopyright
aluminium gluttonous

MachineType
Intel 386 or later, and compatibles

CompanyName
chieftain

CodeSize
96256

FileSubtype
0

ProductVersionNumber
1.28.14.52

EntryPoint
0x1965e

ObjectFileType
Executable application

AssemblyVersion
1.28.14.52

File identification
MD5 a866ba0b03514d771c433279e27d096a
SHA1 6c11fb4e12fc625a2837a3f1ec98090328a3ed22
SHA256 54aae5641d6d15c7c8942610e92b514cae0c81210cef000338ce8ef413d8c650
ssdeep
1536:WAp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4LmA:d5eznsjsguGDFqGCA

authentihash 75c8e69eb6936ccc518c0911843e09d8edffe4e70a3ab6a60da4f5d4771fd339
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 98.1 KB ( 100416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2019-02-21 21:56:09 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-21 21:56:09 UTC ( 1 month, 3 weeks ago )
File names a866ba0b03514d771c433279e27d096a.virus
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!