× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 618cc1db8b0225b15c13df19b184970c0dfc180415c572ee7a12433a106e41e4
File name: 10_MALWARE.exe
Detection ratio: 49 / 67
Analysis date: 2018-07-10 07:00:48 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31031190 20180710
AegisLab Backdoor.W32.Agent!c 20180710
AhnLab-V3 Trojan/Win32.Agent.C2593056 20180709
ALYac Trojan.GenericKD.31031190 20180710
Arcabit Trojan.Generic.D1D97F96 20180710
Avast Win32:GenX-RAT 20180710
AVG Win32:GenX-RAT 20180710
AVware Trojan.Win32.Generic!BT 20180710
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20180710
BitDefender Trojan.GenericKD.31031190 20180710
CAT-QuickHeal Trojan.Generic 20180709
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.72fedc 20180225
Cylance Unsafe 20180710
Cyren W32/Trojan.NQTA-0163 20180710
DrWeb BackDoor.Remcos.1 20180710
Emsisoft Trojan.GenericKD.31031190 (B) 20180710
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.DNB 20180710
Fortinet W32/Malicious_Behavior.VEX 20180710
GData Trojan.GenericKD.31031190 20180710
Ikarus Trojan-Dropper.MSIL.Agent 20180709
Sophos ML heuristic 20180601
Jiangmin Backdoor.Agent.cdo 20180710
K7AntiVirus Trojan ( 0052a44b1 ) 20180710
K7GW Trojan ( 0052a44b1 ) 20180710
Kaspersky HEUR:Backdoor.Win32.Agent.gen 20180710
Malwarebytes Trojan.KeyLogger.MSIL 20180710
MAX malware (ai score=96) 20180710
McAfee GenericRXGA-LN!25F290634A80 20180710
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180710
Microsoft Trojan:Win32/Occamy.C 20180710
eScan Trojan.GenericKD.31031190 20180710
NANO-Antivirus Trojan.Win32.Remcos.feqjor 20180710
Palo Alto Networks (Known Signatures) generic.ml 20180710
Panda Trj/GdSda.A 20180709
Qihoo-360 Win32/Backdoor.6e0 20180710
Rising Dropper.Agent!8.2F (CLOUD) 20180710
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180710
Symantec Trojan Horse 20180710
Tencent Win32.Trojan.Generic.Htmg 20180710
TrendMicro BKDR_ASDROP.SMZVP 20180710
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180710
VIPRE Trojan.Win32.Generic!BT 20180710
ViRobot Trojan.Win32.Z.Agent.223328 20180710
Webroot W32.Trojan.Gen 20180710
Yandex Trojan.DR.Agent!TntxrINqO1k 20180709
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Agent.gen 20180710
Antiy-AVL 20180710
Avast-Mobile 20180710
Avira (no cloud) 20180710
Babable 20180406
Bkav 20180706
ClamAV 20180710
CMC 20180710
Comodo 20180710
eGambit 20180710
F-Prot 20180710
Kingsoft 20180710
SUPERAntiSpyware 20180710
TACHYON 20180710
TheHacker 20180710
TotalDefense 20180710
Trustlook 20180710
VBA32 20180709
Zillya 20180709
Zoner 20180709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-27 10:31:59
Entry Point 0x000267A6
Number of sections 3
.NET details
Module Version ID f36b683e-aaca-43f1-8be3-48e2711b3654
PE sections
Overlays
MD5 655e39e80c93ed0c0313d0c1cf87fca8
File type ASCII text
Offset 219136
Size 4192
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:27 11:31:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
149504

LinkerVersion
8.0

EntryPoint
0x267a6

InitializedDataSize
69120

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 25f290634a8092cc13820b1ade6ec33c
SHA1 3d4913172fedc50d9654effeab0fdcec9bb36014
SHA256 618cc1db8b0225b15c13df19b184970c0dfc180415c572ee7a12433a106e41e4
ssdeep
3072:Pq/4dJ1qTbxl++yWnIq80YQH2Hl4SsAB01lJ9w/X1RbP4UYljpqSqm:Pe4dJ1Ubxh9K0YQWFKTx96LgF

authentihash e2683292e358c119443fcac52dc7bc79b5680b68a84254548a612a118bbc6355
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 218.1 KB ( 223328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-06-30 05:08:28 UTC ( 3 months, 3 weeks ago )
Last submission 2018-07-10 07:00:48 UTC ( 3 months, 1 week ago )
File names output.113570702.txt
KYC-INQUIRY847.exe
10_MALWARE.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!