× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63293d7aef78136a323e219d42c0bf2ec4838a66ded6246fb027acfaed9f9426
File name: 66be6f3ce203531cb16ed6e64dbe12b04139e34c
Detection ratio: 44 / 56
Analysis date: 2017-01-25 18:50:01 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.18895869 20170125
AegisLab Backdoor.W32.Androm!c 20170125
AhnLab-V3 Backdoor/Win32.Androm.C1656813 20170125
ALYac Trojan.Generic.18895869 20170125
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170125
Arcabit Trojan.Generic.D12053FD 20170125
Avast Win32:Malware-gen 20170125
AVG MSIL10.BPJV 20170125
Avira (no cloud) TR/Downloader.Gen7 20170125
AVware Trojan.Win32.Generic!BT 20170125
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9973 20170125
BitDefender Trojan.Generic.18895869 20170125
CAT-QuickHeal Trojan.Ceatrg 20170125
Comodo Backdoor.Win32.Agent.xyutb 20170125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.JGWO-5999 20170125
DrWeb Trojan.Starter.6474 20170125
Emsisoft Trojan.Generic.18895869 (B) 20170125
ESET-NOD32 Win32/Delf.OGV 20170125
F-Secure Trojan.Generic.18895869 20170125
Fortinet W32/Androm.KVHQ!tr.bdr 20170125
GData Trojan.Generic.18895869 20170125
Ikarus Trojan-Ransom.JigSaw 20170125
Sophos ML trojan.win32.skeeyah.a!rfn 20170111
K7AntiVirus Trojan ( 700000121 ) 20170125
K7GW Trojan ( 700000121 ) 20170125
Kaspersky Backdoor.Win32.Androm.kvhq 20170125
McAfee RDN/Generic BackDoor 20170125
McAfee-GW-Edition RDN/Generic BackDoor 20170125
Microsoft Trojan:Win32/Ceatrg.A 20170125
eScan Trojan.Generic.18895869 20170125
NANO-Antivirus Trojan.Win32.Androm.egrghj 20170125
Panda Trj/GdSda.A 20170125
Qihoo-360 Win32/Trojan.Dropper.a9c 20170125
Rising Trojan.Win32.Injector.fr-sAgrLAEBioF (cloud) 20170125
Sophos AV Mal/Generic-S 20170125
Symantec Trojan.Gen 20170125
Tencent Win32.Backdoor.Androm.Edew 20170125
TrendMicro TROJ_GEN.R047C0DIS16 20170125
TrendMicro-HouseCall TROJ_GEN.R047C0DIS16 20170125
VIPRE Trojan.Win32.Generic!BT 20170125
ViRobot Trojan.Win32.Z.Starter.130560[h] 20170125
Yandex Backdoor.Androm!u6jI31ZhaeI 20170124
Zillya Backdoor.Androm.Win32.37044 20170125
Alibaba 20170122
ClamAV 20170125
CMC 20170125
F-Prot 20170125
Jiangmin 20170125
Kingsoft 20170125
Malwarebytes 20170125
nProtect 20170125
SUPERAntiSpyware 20170125
TheHacker 20170125
TotalDefense 20170125
Trustlook 20170125
VBA32 20170125
WhiteArmor 20170123
Zoner 20170125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Original name Whiteboy.exe
Internal name Whiteboy.exe
File version 1.0.0.0
Description Poison API
Comments Poison API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-24 17:23:16
Entry Point 0x0001FE7E
Number of sections 4
.NET details
Module Version ID f88db71f-2bac-48bb-9a15-f242eed2e376
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Poison API

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
6656

EntryPoint
0x1fe7e

OriginalFileName
Whiteboy.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:09:24 18:23:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Whiteboy.exe

ProductVersion
1.0.0.0

FileDescription
Poison API

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Poison API

CodeSize
122880

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 1deaf8f4ae99157faa436abd09a3f569
SHA1 66be6f3ce203531cb16ed6e64dbe12b04139e34c
SHA256 63293d7aef78136a323e219d42c0bf2ec4838a66ded6246fb027acfaed9f9426
ssdeep
3072:l9Ls+go3lekBYJyMxD7SE9O3XOgCQiXwtaygtKnUhIOp:PwzoVeDxD2t3X7CQiXwTWfC

authentihash dabfd61687974f5f67c20a98a8ccca43ac7cf8a5ddb3adeacab7601be42378a3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 127.5 KB ( 130560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-09-27 15:04:36 UTC ( 2 years, 6 months ago )
Last submission 2016-09-27 15:04:36 UTC ( 2 years, 6 months ago )
File names Whiteboy.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications