× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57059c6365d9bee877764262af85902c78cb612fc90d527643fb35180dc2c2e8
File name: 57059c6365d9bee877764262af85902c78cb612fc90d527643fb35180dc2c2e8
Detection ratio: 34 / 70
Analysis date: 2019-01-10 23:50:00 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.417862 20190110
ALYac Gen:Variant.Razy.417862 20190110
Arcabit Trojan.Razy.D66046 20190110
Avast Win32:Malware-gen 20190110
AVG Win32:Malware-gen 20190110
Avira (no cloud) HEUR/AGEN.1015984 20190110
BitDefender Gen:Variant.Razy.417862 20190110
CAT-QuickHeal Trojan.Razy 20190110
Comodo Malware@#3iywdgkqg4wif 20190110
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.446cc9 20190109
Cylance Unsafe 20190111
Cyren W32/Razy.BK.gen!Eldorado 20190110
Emsisoft Gen:Variant.Razy.417862 (B) 20190110
Endgame malicious (high confidence) 20181108
F-Prot W32/Razy.BK.gen!Eldorado 20190110
F-Secure Gen:Variant.Razy.417862 20190110
Fortinet PossibleThreat 20190110
GData Gen:Variant.Razy.417862 20190110
Sophos ML heuristic 20181128
MAX malware (ai score=100) 20190111
McAfee Artemis!99BB541446CC 20190111
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20190111
Microsoft Trojan:Win32/Occamy.C 20190110
eScan Gen:Variant.Razy.417862 20190110
Palo Alto Networks (Known Signatures) generic.ml 20190111
Panda Trj/GdSda.A 20190110
Qihoo-360 Win32/Trojan.66d 20190111
Rising Trojan.Tiggre!8.ED98 (CLOUD) 20190110
SentinelOne (Static ML) static engine - malicious 20181223
Symantec Trojan.Gen.2 20190110
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TROJ_GEN.F0C2C00LQ18 20190110
TrendMicro-HouseCall TROJ_GEN.F0C2C00LQ18 20190110
Acronis 20190110
AegisLab 20190110
AhnLab-V3 20190110
Alibaba 20180921
Antiy-AVL 20190110
Avast-Mobile 20190110
Babable 20180918
Baidu 20190110
Bkav 20190108
ClamAV 20190110
CMC 20190110
DrWeb 20190110
eGambit 20190111
ESET-NOD32 20190110
Ikarus 20190110
Jiangmin 20190110
K7AntiVirus 20190110
K7GW 20190110
Kaspersky 20190111
Kingsoft 20190111
Malwarebytes 20190111
NANO-Antivirus 20190110
Sophos AV 20190110
SUPERAntiSpyware 20190109
TACHYON 20190110
Tencent 20190111
TheHacker 20190106
TotalDefense 20190110
Trustlook 20190111
VBA32 20190110
ViRobot 20190110
Webroot 20190111
Yandex 20190110
Zillya 20190110
ZoneAlarm by Check Point 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product 山西米奥电子商务有限公司
Original name 店铺精灵.exe
Internal name 店铺精灵.exe
File version 0.0.0.0
Description Miao.DianTao
Comments 山西米奥电子商务有限公司
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 14:51:02
Entry Point 0x0010678E
Number of sections 3
.NET details
Module Version ID d5c148a5-a9e6-4e47-a8a3-0255ba43b7e3
TypeLib ID 3945612f-2a42-483d-9f7c-ccdaf908e17e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Miao.DianTao

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
22016

EntryPoint
0x10678e

OriginalFileName
.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
0.0.0.0

TimeStamp
2018:09:27 16:51:02+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1067008

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 99bb541446cc94980f325826aea997a8
SHA1 9c21f4e7ee196461355cf95d765b2ae68f4dcfc0
SHA256 57059c6365d9bee877764262af85902c78cb612fc90d527643fb35180dc2c2e8
ssdeep
24576:vCsQwst2iPjtCgyAa3ZIeiA/kUrym8VImnGvP/1K:DstJBCWagAscyOVvn1

authentihash 1be2bc037b308ec274fb4443ee3baf86b9a02a0a525367004d9d87dcb70c8467
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.0 MB ( 1089536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-12-26 14:11:52 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-23 02:51:07 UTC ( 3 weeks, 4 days ago )
File names zbetcheckin_tracker_jingling.exe
jingling.exe
店铺精灵.exe
output.114800734.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications