× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61ef11626cd475b45528a82f17693e0941536c4f0be26d01636f85c7eb56ce7c
File name: output.106726565.txt
Detection ratio: 45 / 58
Analysis date: 2017-02-09 16:12:46 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.117997 20170209
AegisLab Troj.W32.Generic!c 20170209
AhnLab-V3 Trojan/Win32.VenusLocker.R193149 20170209
ALYac Trojan.Injector.835584 20170209
Antiy-AVL Trojan/Win32.AGeneric 20170209
Arcabit Trojan.Razy.D1CCED 20170209
Avast Win32:Malware-gen 20170209
AVG Atros4.BWED 20170209
Avira (no cloud) TR/Dropper.MSIL.cjhui 20170209
AVware Trojan.Win32.Generic!BT 20170209
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20170209
BitDefender Gen:Variant.Razy.117997 20170209
CAT-QuickHeal Trojan.Injector 20170209
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Injector.IC.gen!Eldorado 20170209
DrWeb Trojan.DownLoader17.15248 20170209
Emsisoft Gen:Variant.Razy.117997 (B) 20170209
Endgame malicious (high confidence) 20170208
ESET-NOD32 a variant of MSIL/Injector.RBY 20170209
F-Prot W32/MSIL_Injector.HR.gen!Eldorado 20170209
F-Secure Gen:Variant.Razy.117997 20170209
Fortinet MSIL/Injector.RBY!tr 20170209
GData Gen:Variant.Razy.117997 20170209
Ikarus Trojan.MSIL.Krypt 20170209
Sophos ML trojan.win32.radonskra.b 20170203
Jiangmin Trojan.Generic.aqzkz 20170209
K7AntiVirus Trojan ( 005021871 ) 20170209
K7GW Trojan ( 005021871 ) 20170209
Kaspersky HEUR:Trojan.Win32.Generic 20170209
McAfee Packed-JC!2D048154D6CD 20170209
McAfee-GW-Edition Packed-JC!2D048154D6CD 20170209
Microsoft Trojan:MSIL/Injector.SO!bit 20170209
eScan Gen:Variant.Razy.117997 20170209
NANO-Antivirus Trojan.Win32.Razy.ekkwls 20170209
Panda Trj/GdSda.A 20170209
Rising Trojan.Injector!8.C4-DEMBYnpA4oI (cloud) 20170209
Sophos AV Mal/Generic-S 20170209
Symantec Trojan.Gen.2 20170209
Tencent Win32.Trojan.Falsesign.Hqvk 20170209
TrendMicro TROJ_GEN.R01BC0DAB17 20170209
TrendMicro-HouseCall Ransom_HPEXMAS.SM 20170209
VIPRE Trojan.Win32.Generic!BT 20170209
ViRobot Trojan.Win32.Z.Razy.685496[h] 20170209
Yandex Trojan.Agent!YS9+zTQRgMw 20170208
Zillya Trojan.Injector.Win32.463388 20170208
Alibaba 20170122
Bkav 20170209
ClamAV 20170209
CMC 20170209
Comodo 20170209
Kingsoft 20170209
Malwarebytes 20170209
nProtect 20170209
Qihoo-360 20170209
SUPERAntiSpyware 20170209
TheHacker 20170209
TotalDefense 20170209
Trustlook 20170209
VBA32 20170209
WhiteArmor 20170202
Zoner 20170209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name YimtLNWO.exe
Internal name YimtLNWO.exe
File version 0.0.0.0
Description
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:00 PM 8/9/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-08 15:43:08
Entry Point 0x00077D4E
Number of sections 3
.NET details
Module Version ID bfc0d929-533e-4bfd-b4a8-e78d822e4ad4
PE sections
Overlays
MD5 ae27594c131a78c4ceb26e398faff2f9
File type data
Offset 679936
Size 5560
Entropy 7.15
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
192512

EntryPoint
0x77d4e

OriginalFileName
YimtLNWO.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:01:08 16:43:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
YimtLNWO.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
483328

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 2d048154d6cd12361174c98335ba5666
SHA1 2f3389e95df45b0c0098ef1cd109bc5289b49d95
SHA256 61ef11626cd475b45528a82f17693e0941536c4f0be26d01636f85c7eb56ce7c
ssdeep
12288:u7puP7oQVPJY1WYUTC3nI8W/E+ttdVPywy3KbsQP06:u7puMQVhVTsQjdVPO3msO06

authentihash 79b719d9bffa50863e19e243b82dc9b4213737046d1f0d27f816d089a25da5f6
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 669.4 KB ( 685496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2017-01-10 06:07:39 UTC ( 2 years, 1 month ago )
Last submission 2017-02-09 16:12:46 UTC ( 2 years ago )
File names fD8AJY9QF.kwu
aa
output.106726565.txt
VirusShare_2d048154d6cd12361174c98335ba5666
2d048154d6cd12361174c98335ba5666.exe
61ef11626cd475b45528a82f17693e0941536c4f0be26d01636f85c7eb56ce7c
YimtLNWO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications