× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5835922b4ec7c00a6ada92b472ce1e202a3131e9337aea12b31a5502a5c1b32b
File name: 25969.exe
Detection ratio: 43 / 64
Analysis date: 2018-07-04 14:13:11 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
AhnLab-V3 Win-Trojan/Hupigon.Gen 20180704
ALYac Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
Antiy-AVL RiskWare[RiskTool]/Win32.BitMiner 20180704
Arcabit Trojan.Downloader.pmKfaa88GDhi 20180704
AVG FileRepMetagen [PUP] 20180704
Avira (no cloud) TR/Dldr.Delf.glbzt 20180704
AVware Trojan.Win32.Generic!BT 20180704
BitDefender Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
Bkav W32.eHeur.Malware14 20180704
CAT-QuickHeal Trojan.DelfInject 20180704
Cybereason malicious.687c98 20180225
Cyren W32/Agent.S.gen!Eldorado 20180704
DrWeb BACKDOOR.Trojan 20180704
Emsisoft Gen:Trojan.Downloader.pmKfaa88GDhi (B) 20180704
Endgame malicious (moderate confidence) 20180612
ESET-NOD32 a variant of Win32/TrojanDownloader.Delf.CJX 20180704
F-Prot W32/Agent.S.gen!Eldorado 20180704
F-Secure Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
Fortinet Riskware/BitMiner 20180704
GData Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
Ikarus Trojan-Downloader.BAT.Banload 20180704
K7AntiVirus Trojan-Downloader ( 0052dc081 ) 20180704
K7GW Trojan-Downloader ( 0052dc081 ) 20180704
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180704
MAX malware (ai score=100) 20180704
McAfee Artemis!8E4F898687C9 20180704
McAfee-GW-Edition PUP-XEU-AU 20180704
Microsoft VirTool:Win32/DelfInject 20180704
eScan Gen:Trojan.Downloader.pmKfaa88GDhi 20180704
NANO-Antivirus Riskware.Win32.BitMiner.famspu 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/CI.A 20180704
Qihoo-360 HEUR/QVM11.1.8B01.Malware.Gen 20180704
Sophos AV Mal/Emogen-Y 20180704
Symantec Backdoor.Trojan 20180704
Tencent Win32.Trojan.Inject.Auto 20180704
VBA32 BScope.Trojan.Genome 20180629
VIPRE Trojan.Win32.Generic!BT 20180704
Webroot W32.Malware.Gen 20180704
Yandex Trojan.DL.Delf!xcuvlHFdLR0 20180704
Zillya Downloader.Delf.Win32.56515 20180703
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180704
AegisLab 20180704
Avast 20180704
Avast-Mobile 20180704
Babable 20180406
Baidu 20180704
ClamAV 20180704
CMC 20180704
Comodo 20180704
CrowdStrike Falcon (ML) 20180530
eGambit 20180704
Sophos ML 20180601
Jiangmin 20180704
Kingsoft 20180704
Malwarebytes 20180704
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180704
TACHYON 20180704
TheHacker 20180628
TotalDefense 20180704
Trustlook 20180704
ViRobot 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 1998-2010 Codejock Software, All Rights Reserved.

Product Codejock Alert Application
Original name CodejockAlert.exe
Internal name CodejockAlert
File version 14, 0, 0, 0
Description Codejock Alert Application
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00091270
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
VariantCopy
ShellExecuteA
CharNextA
Number of PE resources by type
RT_ICON 45
RT_STRING 15
RT_GROUP_ICON 4
RT_DIALOG 2
RT_BITMAP 2
Struct(240) 1
RT_MANIFEST 1
RT_MENU 1
EXEFILE 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 58
NEUTRAL 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
Codejock Alert Application

FileVersionNumber
14.0.0.0

UninitializedDataSize
368640

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
CodejockAlert.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
14, 0, 0, 0

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CodejockAlert

ProductVersion
14, 0, 0, 0

FileDescription
Codejock Alert Application

OSVersion
4.0

FileOS
Win32

LegalCopyright
(c) 1998-2010 Codejock Software, All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
225280

FileSubtype
0

ProductVersionNumber
14.0.0.0

EntryPoint
0x91270

ObjectFileType
Executable application

Execution parents
File identification
MD5 8e4f898687c98ede7436c196531dc2ea
SHA1 81e4957cfb49fc24cee9adf4447382c9fd055900
SHA256 5835922b4ec7c00a6ada92b472ce1e202a3131e9337aea12b31a5502a5c1b32b
ssdeep
6144:zgTEAWowtXcE0a6aXQ39UnnZMyoYKAIpL6etK0:UTstXcE9XY9UZDo7

authentihash ef536ad2b679e8659a65441b15d42bddb995f4c48de8bcfdaf184cd9efb30dba
imphash 1062d41866b7447886323d8c30bae89f
File size 249.0 KB ( 254976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (58.5%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-04-16 23:32:16 UTC ( 1 year ago )
Last submission 2018-05-21 04:07:14 UTC ( 11 months, 1 week ago )
File names main.exe
output.113110263.txt
svchost.exe
svchost.exe
CodejockAlert.exe
CodejockAlert
svchost.exe
output.113089987.txt
main.exe
25969.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications