× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64ec4da30676e611734af0dec906b667715fccdce5a1dbe9efcea2c92dc7e385
File name: explorer.exe
Detection ratio: 22 / 66
Analysis date: 2018-05-16 11:59:39 UTC ( 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.185134 20180516
AhnLab-V3 Trojan/Win32.Kryptik.R226752 20180516
ALYac Gen:Variant.Ursu.185134 20180516
Arcabit Trojan.Ursu.D2D32E 20180516
BitDefender Gen:Variant.Ursu.185134 20180516
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180418
Cylance Unsafe 20180516
Emsisoft Gen:Variant.Ursu.185134 (B) 20180516
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Kryptik.NUV 20180516
F-Secure Gen:Variant.Ursu.185134 20180516
Fortinet MSIL/Kryptik.NUV!tr 20180516
GData Gen:Variant.Ursu.185134 20180516
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052f1161 ) 20180516
K7GW Trojan ( 0052f1161 ) 20180516
Kaspersky HEUR:Trojan.MSIL.Generic 20180516
MAX malware (ai score=83) 20180516
eScan Gen:Variant.Ursu.185134 20180516
Qihoo-360 HEUR/QVM03.0.3352.Malware.Gen 20180516
SentinelOne (Static ML) static engine - malicious 20180225
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20180516
AegisLab 20180516
Alibaba 20180516
Antiy-AVL 20180516
Avast 20180516
Avast-Mobile 20180516
AVG 20180516
Avira (no cloud) 20180516
AVware 20180428
Babable 20180406
Baidu 20180511
Bkav 20180516
CAT-QuickHeal 20180516
ClamAV 20180516
CMC 20180516
Comodo 20180516
Cybereason None
Cyren 20180516
eGambit 20180516
F-Prot 20180516
Ikarus 20180516
Jiangmin 20180516
Kingsoft 20180516
Malwarebytes 20180516
McAfee 20180516
McAfee-GW-Edition 20180516
Microsoft 20180516
NANO-Antivirus 20180516
nProtect 20180516
Palo Alto Networks (Known Signatures) 20180516
Panda 20180516
Rising 20180516
Sophos AV 20180515
SUPERAntiSpyware 20180516
Symantec 20180516
Symantec Mobile Insight 20180516
Tencent 20180516
TheHacker 20180516
TotalDefense 20180516
TrendMicro 20180516
TrendMicro-HouseCall 20180516
Trustlook 20180516
VBA32 20180516
VIPRE 20180516
ViRobot 20180516
Webroot 20180516
Yandex 20180516
Zillya 20180516
Zoner 20180515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2018 Microsoft Corporation. All rights reserved.

Product VS Code By Microsoft
Original name VS_Code.exe
Internal name VS_Code.exe
File version 1.22.0.0
Comments VS Code By Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-16 10:05:08
Entry Point 0x0007424E
Number of sections 3
.NET details
Module Version ID b11e746c-d548-4d56-8d58-a55d1a3df597
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
VS Code By Microsoft

InitializedDataSize
2560

ImageVersion
0.0

ProductName
VS Code By Microsoft

FileVersionNumber
1.22.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
VS_Code.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.22.0.0

TimeStamp
2018:05:16 10:05:08+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
VS_Code.exe

ProductVersion
1.22.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
2018 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
467968

FileSubtype
0

ProductVersionNumber
1.22.0.0

EntryPoint
0x7424e

ObjectFileType
Executable application

AssemblyVersion
1.22.0.0

File identification
MD5 ed96bed2f59703da86395b2fb600f2ed
SHA1 902ae431f1fcccddba4a18a130be5f40c519f4d9
SHA256 64ec4da30676e611734af0dec906b667715fccdce5a1dbe9efcea2c92dc7e385
ssdeep
12288:u0zJa0I7zDZ180m+6KmXoIXwbnFMQ4V+GFzCU:uCJ1I7vwr+6hIz6RV+mP

authentihash 53d94384f909a71b43ed12132ecad518c643579ec2c02315eee5edf919aa91cc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 460.0 KB ( 471040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (61.0%)
Win64 Executable (generic) (23.0%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Win16/32 Executable Delphi generic (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-16 11:59:39 UTC ( 9 months ago )
Last submission 2018-05-16 11:59:39 UTC ( 9 months ago )
File names VS_Code.exe
explorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications