× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54bfdb4ad8b1eb345a4df83aad9cfde729477931899d7d8b19d427534006e2b4
File name: datacol.exe
Detection ratio: 32 / 62
Analysis date: 2017-04-29 19:19:56 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4953190 20170429
AegisLab Ml.Attribute.Gen!c 20170429
AhnLab-V3 PUP/Win32.BundleInstaller.C1744477 20170429
Antiy-AVL Trojan[Downloader]/Win32.Adload 20170429
Arcabit Trojan.Generic.D4B9466 20170429
Avast Win32:Rootkit-gen [Rtk] 20170429
AVG Downloader.MSIL.CDSN 20170429
Avira (no cloud) TR/Downloader.oftrz 20170429
AVware Trojan.Win32.Generic!BT 20170429
BitDefender Trojan.GenericKD.4953190 20170429
CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20170130
Cyren W32/Trojan.VEMF-2402 20170429
Emsisoft Trojan.GenericKD.4953190 (B) 20170429
Endgame malicious (moderate confidence) 20170419
ESET-NOD32 MSIL/TrojanDownloader.Agent.DHW 20170429
F-Secure Trojan.GenericKD.4953190 20170429
Fortinet MSIL/Agent.DHS!tr.dldr 20170429
GData Trojan.GenericKD.4953190 20170429
Ikarus AdWare.MSIL.Csdimonetize 20170429
Sophos ML trojan.win32.skeeyah.a!rfn 20170413
Kaspersky Trojan-Downloader.Win32.Adload.pyuo 20170429
McAfee RDN/Generic.grp 20170429
McAfee-GW-Edition RDN/Generic.grp 20170429
eScan Trojan.GenericKD.4953190 20170429
NANO-Antivirus Trojan.Win32.Agent.eobohs 20170429
Rising Downloader.Agent!8.B23 (cloud:63zCb5FzG6K) 20170429
Sophos AV Mal/Generic-S 20170429
Symantec Trojan.Gen.2 20170429
TrendMicro-HouseCall Suspicious_GEN.F47V0428 20170429
VIPRE Trojan.Win32.Generic!BT 20170429
ViRobot Trojan.Win32.Z.Agent.14336.BCS[h] 20170429
ZoneAlarm by Check Point Trojan-Downloader.Win32.Adload.pyuo 20170429
Alibaba 20170428
ALYac 20170429
Baidu 20170428
Bkav 20170428
CAT-QuickHeal 20170429
ClamAV 20170429
CMC 20170427
Comodo 20170429
DrWeb 20170429
F-Prot 20170429
Jiangmin 20170428
K7AntiVirus 20170429
K7GW 20170426
Kingsoft 20170429
Malwarebytes 20170429
Microsoft 20170429
nProtect 20170429
Palo Alto Networks (Known Signatures) 20170429
Panda 20170429
Qihoo-360 20170429
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170429
Symantec Mobile Insight 20170428
Tencent 20170429
TheHacker 20170428
TotalDefense 20170426
TrendMicro 20170429
Trustlook 20170429
VBA32 20170429
Webroot 20170429
WhiteArmor 20170409
Yandex 20170428
Zillya 20170428
Zoner 20170429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product A-Full-Inst
Original name A-Full-Inst.exe
Internal name A-Full-Inst.exe
File version 1.0.0.0
Description A-Full-Inst
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-28 10:26:40
Entry Point 0x00004192
Number of sections 3
.NET details
Module Version ID 553d8cf0-8993-44ff-8e31-c8afc572dca2
TypeLib ID a61a0dcb-7316-4b93-9ccc-b888e35434c9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
5120

EntryPoint
0x4192

OriginalFileName
A-Full-Inst.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:04:28 11:26:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
A-Full-Inst.exe

ProductVersion
1.0.0.0

FileDescription
A-Full-Inst

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8704

ProductName
A-Full-Inst

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 f65ca29befbd247e222c6d2450f20520
SHA1 2148d4211a8797c6ac2df4fffc9474a711690b19
SHA256 54bfdb4ad8b1eb345a4df83aad9cfde729477931899d7d8b19d427534006e2b4
ssdeep
192:T5qAWEKvH6UJewiGymnyn8IGoGKhClp2o8dzYcLeUagvJsM:0EaaUJewVnyn8IGoGKhClp2oiYcLdaF

authentihash 62fcc691c26b8e54d636b2bff8b41e7fa730396fc959ea1c775b558d06ec1581
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 14.0 KB ( 14336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-04-28 10:35:21 UTC ( 1 year, 10 months ago )
Last submission 2017-04-28 10:35:21 UTC ( 1 year, 10 months ago )
File names A-Full-Inst.exe
datacol.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications