× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 661a5127de9ff5e24a4deda086873656ff6e1d0233c51ca56c358221c2feb00b
File name: codexgigas_a7d34845c9a6ecd1183d48d2da3104c3a7af51de
Detection ratio: 40 / 67
Analysis date: 2018-05-01 22:52:23 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.91343 20180501
AhnLab-V3 Win-Trojan/NjRAT03.Exp 20180501
ALYac Gen:Variant.Ursu.91343 20180501
Arcabit Trojan.Ursu.D164CF 20180501
Avast MSIL:Crypt-AAL [Trj] 20180501
AVG MSIL:Crypt-AAL [Trj] 20180501
Avira (no cloud) TR/Dropper.MSIL.xtzef 20180501
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180428
BitDefender Gen:Variant.Ursu.91343 20180501
CAT-QuickHeal Backdoor.Androm.FC.738 20180501
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180501
DrWeb Trojan.PWS.Stealer.19347 20180501
eGambit Unsafe.AI_Score_91% 20180501
Emsisoft Gen:Variant.Ursu.91343 (B) 20180501
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20180501
F-Secure Gen:Variant.Ursu.91343 20180501
Fortinet MSIL/Injector.PE!tr 20180501
GData Gen:Variant.Ursu.91343 20180501
Ikarus Trojan-Spy.Keylogger.AgentTesla 20180501
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052d5341 ) 20180501
K7GW Trojan ( 0052d5341 ) 20180501
Kaspersky Trojan.MSIL.Starter.el 20180501
MAX malware (ai score=82) 20180501
McAfee Trojan-FPEL!387A91B88388 20180501
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180425
Microsoft PUA:Win32/Presenoker 20180501
eScan Gen:Variant.Ursu.91343 20180501
Panda Trj/GdSda.A 20180501
Qihoo-360 Win32/Trojan.8a8 20180501
Rising Spyware.Agent!8.C6 (TFE:D:Pcqn0OXnr3D) 20180501
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Gen.2 20180501
TrendMicro TROJ_GEN.R061C0DE118 20180501
TrendMicro-HouseCall TROJ_GEN.R061C0DE118 20180501
VBA32 TScope.Trojan.MSIL 20180428
Webroot W32.Trojan.Gen 20180501
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20180501
AegisLab 20180501
Alibaba 20180428
Antiy-AVL 20180501
Avast-Mobile 20180501
AVware 20180428
Babable 20180406
Bkav 20180426
ClamAV 20180501
CMC 20180501
Comodo 20180501
Cybereason None
Cyren 20180501
F-Prot 20180501
Jiangmin 20180501
Kingsoft 20180501
Malwarebytes 20180501
NANO-Antivirus 20180501
nProtect 20180501
Palo Alto Networks (Known Signatures) 20180501
Sophos AV 20180501
SUPERAntiSpyware 20180501
Symantec Mobile Insight 20180501
Tencent 20180501
TheHacker 20180430
TotalDefense 20180501
Trustlook 20180501
VIPRE 20180501
ViRobot 20180501
Yandex 20180428
Zillya 20180430
Zoner 20180501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-30 18:10:58
Entry Point 0x00033EFE
Number of sections 3
.NET details
Module Version ID 8da2431a-7500-4555-b104-194d422f87dd
PE sections
PE imports
_CorExeMain
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:30 11:10:58-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
204800

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x33efe

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 387a91b8838822545a839dda83b9c57d
SHA1 a7d34845c9a6ecd1183d48d2da3104c3a7af51de
SHA256 661a5127de9ff5e24a4deda086873656ff6e1d0233c51ca56c358221c2feb00b
ssdeep
3072:VZ2xdFrJ1clU3VWkH+FRd0H/QQIEOYnCLULGxud6JQ1alX2oUvORlYG:GxdFrvclU2gIQIEOCXLGLXl1x5

authentihash f53a69f1b4c32982abe5f28bd5e8bb7f1296dbb813ffbc1cb6cd2359d8ff00d8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 202.0 KB ( 206848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-01 22:52:23 UTC ( 11 months, 3 weeks ago )
Last submission 2018-05-06 18:56:09 UTC ( 11 months, 2 weeks ago )
File names codexgigas_a7d34845c9a6ecd1183d48d2da3104c3a7af51de
Docs.exe
output.113228838.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections