× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65d7fc0bba6176b4d9e081fb04be4ceb3ae759dd7589aedcf46b2482663d6aca
File name: output.113958063.txt
Detection ratio: 35 / 68
Analysis date: 2018-08-31 01:48:06 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40436408 20180830
Arcabit Trojan.Generic.D26902B8 20180831
Avast Win32:Malware-gen 20180831
AVG Win32:Malware-gen 20180831
Avira (no cloud) TR/Kryptik.vzbtt 20180831
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180830
BitDefender Trojan.GenericKD.40436408 20180831
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180831
Cyren W32/MSIL_Agent.CM.gen!Eldorado 20180831
DrWeb Trojan.Inject1.54688 20180831
Emsisoft Trojan.GenericKD.40436408 (B) 20180831
ESET-NOD32 a variant of MSIL/Kryptik.PJS 20180830
F-Prot W32/MSIL_Agent.CM.gen!Eldorado 20180831
F-Secure Trojan.GenericKD.40436408 20180831
Fortinet MSIL/Kryptik.PJS!tr 20180831
GData Win32.Trojan.Agent.8LSHEI 20180831
Ikarus Trojan.MSIL.Crypt 20180830
Sophos ML heuristic 20180717
K7GW Trojan ( 0053b5881 ) 20180830
Kaspersky HEUR:Trojan-Spy.Win32.Agent.gen 20180831
McAfee RDN/Generic.grp 20180831
McAfee-GW-Edition RDN/Generic.grp 20180830
Microsoft Trojan:Win32/Tiggre!plock 20180831
eScan Trojan.GenericKD.40436408 20180831
Palo Alto Networks (Known Signatures) generic.ml 20180831
Panda Trj/GdSda.A 20180830
Qihoo-360 Win32/Trojan.Spy.203 20180831
Rising Trojan.Kryptik!8.8 (CLOUD) 20180830
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180831
Symantec Trojan Horse 20180830
TrendMicro TROJ_GEN.USHT18 20180830
TrendMicro-HouseCall TROJ_GEN.USHT18 20180830
ZoneAlarm by Check Point HEUR:Trojan-Spy.Win32.Agent.gen 20180830
AegisLab 20180831
AhnLab-V3 20180830
Alibaba 20180713
ALYac 20180831
Antiy-AVL 20180831
Avast-Mobile 20180830
AVware 20180823
Babable 20180822
Bkav 20180831
CAT-QuickHeal 20180830
ClamAV 20180830
CMC 20180830
Comodo 20180830
Cybereason 20180225
eGambit 20180831
Endgame 20180730
Jiangmin 20180830
K7AntiVirus 20180829
Kingsoft 20180831
Malwarebytes 20180831
MAX 20180831
NANO-Antivirus 20180830
SUPERAntiSpyware 20180831
Symantec Mobile Insight 20180829
TACHYON 20180831
Tencent 20180831
TheHacker 20180829
TotalDefense 20180830
Trustlook 20180831
VBA32 20180830
VIPRE 20180830
ViRobot 20180830
Webroot 20180831
Yandex 20180830
Zillya 20180830
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 BJ's Wholesale Club, Inc.

Product AD certmap authentication provider
Original name invoicee.exe
Internal name invoicee.exe
File version 5.8.31.4
Description AD certmap authentication provider
Comments ocivixoqamuvaluqebol
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-30 08:42:52
Entry Point 0x0006F53E
Number of sections 3
.NET details
Module Version ID 99cfcd8a-a582-4125-b96b-4afabce8ff1a
TypeLib ID 9415d383-24df-421b-a9be-3486d26a7e52
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
ocivixoqamuvaluqebol

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.8.31.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AD certmap authentication provider

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
372736

EntryPoint
0x6f53e

OriginalFileName
invoicee.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 BJ's Wholesale Club, Inc.

FileVersion
5.8.31.4

TimeStamp
2002:05:30 10:42:52+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
invoicee.exe

ProductVersion
5.8.31.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BJ's Wholesale Club, Inc.

CodeSize
448000

ProductName
AD certmap authentication provider

ProductVersionNumber
5.8.31.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 14e47d86364381ba663a9d652b70936d
SHA1 fc2bd392eac2de5fb3b79fdaf8c68cee3930c848
SHA256 65d7fc0bba6176b4d9e081fb04be4ceb3ae759dd7589aedcf46b2482663d6aca
ssdeep
12288:CGCCdvAft7X7rjy8U82vkLnfOOiml1bZ:CGdKfXyq2vk1ie

authentihash 70dcc5369b0a1951566fd477c0137b93b6ab1e4d2b8387dda51aa7743dc3b1b5
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 802.0 KB ( 821248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-08-29 19:14:00 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-31 01:48:06 UTC ( 6 months, 2 weeks ago )
File names invoicee.exe
output.113958063.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!