× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623
File name: 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623.bin
Detection ratio: 36 / 56
Analysis date: 2015-10-26 04:11:31 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.88191 20151026
AVG MSIL3.HRA 20151026
AVware Trojan.Win32.Generic!BT 20151026
Ad-Aware Gen:Variant.Zusy.88191 20151026
Agnitum Trojan.Blocker!dOSHRD7965Q 20151025
AhnLab-V3 Malware/Win32.Generic 20151026
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20151026
Arcabit Trojan.Zusy.D1587F 20151026
Avast MSIL:Crypt-UE [Trj] 20151026
Avira TR/Dropper.MSIL.27882 20151026
Baidu-International Trojan.Win32.Ransomlock.eeza 20151026
BitDefender Gen:Variant.Zusy.88191 20151026
CAT-QuickHeal TrojanRansom.Blocker.r3 20151026
Comodo UnclassifiedMalware 20151026
ESET-NOD32 a variant of MSIL/Injector.DGF 20151026
Emsisoft Gen:Variant.Zusy.88191 (B) 20151026
F-Secure Gen:Variant.Zusy.88191 20151026
Fortinet MSIL/Injector.DIH!tr 20151026
GData Gen:Variant.Zusy.88191 20151026
Ikarus Backdoor.Win32.Androm 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151026
Malwarebytes Backdoor.DCRND.Gen 20151026
McAfee Artemis!80EDD02E85F7 20151026
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20151026
MicroWorld-eScan Gen:Variant.Zusy.88191 20151026
Microsoft Backdoor:Win32/NetWiredRC.B 20151026
NANO-Antivirus Trojan.Win32.Androm.cwybnp 20151026
Panda Generic Malware 20151026
Qihoo-360 Win32/Trojan.Ransom.c77 20151026
Rising PE:Malware.RDM.25!5.1F[F1] 20151025
Sophos Mal/Generic-S 20151026
Symantec Trojan.Gen 20151026
Tencent Win32.Trojan.Blocker.Eaxh 20151026
VBA32 Hoax.Blocker 20151026
VIPRE Trojan.Win32.Generic!BT 20151026
nProtect Trojan/W32.Blocker.266240.N 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151026
CMC 20151026
ClamAV 20151026
Cyren 20151026
DrWeb 20151026
F-Prot 20151026
Jiangmin 20151025
K7AntiVirus 20151026
K7GW 20151026
SUPERAntiSpyware 20151025
TheHacker 20151026
TotalDefense 20151026
TrendMicro 20151026
TrendMicro-HouseCall 20151026
ViRobot 20151026
Zillya 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 14:03:50
Link date 3:03 PM 4/1/2014
Entry Point 0x000123BE
Number of sections 3
.NET details
Module Version ID c4fd62ee-928a-4348-bece-9d3eacc4c7a2
TypeLib ID b0e29188-0ac0-4d01-8f86-3095ee7920c5
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:04:01 15:03:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
8.0

EntryPoint
0x123be

InitializedDataSize
192512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 80edd02e85f7e980d97b1138a5758158
SHA1 2a57dcc790c467e1722f73759ae69373eaab2b33
SHA256 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623
ssdeep
3072:gQbXwMylJLgxcZ1VReaBVF3nPWlVQ9CKQ0UUVUUXjNBv2t5DkfM:xX1ylJLgza1nE6gKot

authentihash 051c4d8a975c9c7ee1311ad46cf7a5f11cd537c0d702990f34de4afd0fd2af65
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-04-01 14:29:05 UTC ( 1 year, 10 months ago )
Last submission 2014-04-02 12:11:36 UTC ( 1 year, 10 months ago )
File names asdf.exe
Chrome_Plug-in_EN-US_WOL_WIN.exe
file-6798616_exe
6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests