× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68dfd40b34c71726609bbc91e9724a759c83a42964257421ea4045f13b01db4d
File name: Scan_094002.exe
Detection ratio: 44 / 66
Analysis date: 2018-06-18 03:06:00 UTC ( 2 days, 14 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.289475 20180617
AegisLab Gen.Troj.Heur!c 20180618
AhnLab-V3 Trojan/Win32.Infostealer.R230113 20180617
ALYac Gen:Variant.Zusy.289475 20180617
Antiy-AVL Trojan[Backdoor]/Win32.Agent 20180618
Arcabit Trojan.Zusy.D46AC3 20180618
Avast Win32:Malware-gen 20180617
AVG Win32:Malware-gen 20180617
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9960 20180615
BitDefender Gen:Variant.Zusy.289475 20180617
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.d740ad 20180225
Cylance Unsafe 20180618
Cyren W32/Downloader.KU.gen!Eldorado 20180617
DrWeb Trojan.PWS.Stealer.23680 20180617
Emsisoft Gen:Variant.Zusy.289475 (B) 20180617
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/Kryptik.ONB 20180617
F-Prot W32/Downloader.KU.gen!Eldorado 20180617
F-Secure Gen:Variant.Zusy.289475 20180618
Fortinet MSIL/Kryptik.OMM!tr 20180617
GData Gen:Variant.Zusy.289475 20180617
Ikarus Trojan.MSIL.Crypt 20180617
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005345821 ) 20180618
K7GW Trojan ( 005345821 ) 20180618
Kaspersky HEUR:Backdoor.Win32.Agent.gen 20180618
Malwarebytes Spyware.LokiBot 20180618
MAX malware (ai score=98) 20180618
McAfee Artemis!AC21318D740A 20180618
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20180618
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180618
eScan Gen:Variant.Zusy.289475 20180618
NANO-Antivirus Trojan.Win32.Kryptik.feahzh 20180618
Panda Trj/RnkBend.A 20180617
Qihoo-360 HEUR/QVM03.0.CF3D.Malware.Gen 20180618
SentinelOne (Static ML) static engine - malicious 20180617
Sophos AV Mal/Kryptik-BZ 20180618
Symantec Trojan.Gen.2 20180617
Tencent Win32.Backdoor.Agent.Lmub 20180618
TrendMicro TSPY_LOKI.NSFACAH 20180617
TrendMicro-HouseCall TSPY_LOKI.NSFACAH 20180618
Webroot W32.Malware.Gen 20180618
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Agent.gen 20180617
Alibaba 20180615
Avast-Mobile 20180617
Avira (no cloud) 20180617
AVware 20180617
Bkav 20180616
CAT-QuickHeal 20180617
ClamAV 20180617
CMC 20180617
Comodo 20180618
eGambit 20180618
Jiangmin 20180618
Kingsoft 20180618
Rising 20180618
SUPERAntiSpyware 20180617
Symantec Mobile Insight 20180614
TACHYON 20180618
TheHacker 20180613
TotalDefense 20180617
Trustlook 20180618
VBA32 20180615
VIPRE 20180618
ViRobot 20180617
Yandex 20180615
Zillya 20180615
Zoner 20180617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-12 22:28:09
Entry Point 0x0001AE0E
Number of sections 3
.NET details
Module Version ID ec5b8ff4-6e14-4b15-862d-6afc6c2150f5
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_HTML 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
GERMAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:12 23:28:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
6.0

EntryPoint
0x1ae0e

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 ac21318d740ad83e21191c1040d04076
SHA1 1b166aba184c94c18469445c78fad700741b95cc
SHA256 68dfd40b34c71726609bbc91e9724a759c83a42964257421ea4045f13b01db4d
ssdeep
6144:C6hDSDGjUjQrtYJb94kT69oEt7nAxvE5bqq+5e5+7FCr:uDGjUjQJa94669RApqmX7FCr

authentihash ac29300b690d4ec0c72daf352bea986e50fe45eb8a79767d08b817dc2414cfa1
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 224.5 KB ( 229888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-06-13 09:07:43 UTC ( 1 week ago )
Last submission 2018-06-13 09:52:39 UTC ( 1 week ago )
File names Scan_094002.exe
scan_094002[1].exe
MSMDJJFJFJJDLLLALKKK.EXE
FKEOu68xwR3TFlXMf
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!