× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623
File name: 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623.bin
Detection ratio: 28 / 51
Analysis date: 2014-04-12 09:05:16 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1628601 20140412
Agnitum Trojan.Blocker!dOSHRD7965Q 20140411
AntiVir TR/Dropper.MSIL.27882 20140412
Avast Win32:Malware-gen 20140412
Baidu-International Trojan.MSIL.Injector.DGF 20140412
BitDefender Trojan.GenericKD.1628601 20140412
ESET-NOD32 a variant of MSIL/Injector.DIH 20140412
Emsisoft Trojan.GenericKD.1628601 (B) 20140412
F-Secure Trojan.GenericKD.1628601 20140412
Fortinet MSIL/Injector.DGF!tr 20140412
GData Trojan.GenericKD.1628601 20140412
Ikarus Trojan.SuspectCRC 20140412
Kaspersky Trojan-Ransom.Win32.Blocker.eeza 20140412
Kingsoft Win32.Troj.Undef.(kcloud) 20140412
Malwarebytes Backdoor.Bot 20140412
McAfee RDN/Ransom!ec 20140412
McAfee-GW-Edition RDN/Ransom!ec 20140412
MicroWorld-eScan Trojan.GenericKD.1628601 20140412
Norman Suspicious_Gen4.GCWZH 20140412
Panda Generic Malware 20140411
Qihoo-360 HEUR/Malware.QVM03.Gen 20140412
Sophos Mal/Generic-S 20140412
Symantec WS.Reputation.1 20140412
TrendMicro TROJ_GEN.R0CBC0PD814 20140412
TrendMicro-HouseCall TROJ_GEN.R0CBC0PD814 20140412
VBA32 Hoax.Blocker 20140411
VIPRE Trojan.Win32.Generic!BT 20140412
nProtect Trojan.GenericKD.1628601 20140411
AVG 20140412
AegisLab 20140412
AhnLab-V3 20140411
Antiy-AVL 20140412
Bkav 20140411
ByteHero 20140412
CAT-QuickHeal 20140412
CMC 20140411
ClamAV 20140412
Commtouch 20140412
Comodo 20140412
DrWeb 20140412
F-Prot 20140412
Jiangmin 20140412
K7AntiVirus 20140411
K7GW 20140411
Microsoft 20140412
NANO-Antivirus 20140412
Rising 20140411
SUPERAntiSpyware 20140412
TheHacker 20140411
TotalDefense 20140412
ViRobot 20140412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-01 14:03:50
Link date 3:03 PM 4/1/2014
Entry Point 0x000123BE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:01 15:03:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
8.0

FileAccessDate
2014:04:12 10:08:09+01:00

EntryPoint
0x123be

InitializedDataSize
192512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:12 10:08:09+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 80edd02e85f7e980d97b1138a5758158
SHA1 2a57dcc790c467e1722f73759ae69373eaab2b33
SHA256 6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623
ssdeep
3072:gQbXwMylJLgxcZ1VReaBVF3nPWlVQ9CKQ0UUVUUXjNBv2t5DkfM:xX1ylJLgza1nE6gKot

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-04-01 14:29:05 UTC ( 1 year, 1 month ago )
Last submission 2014-04-02 12:11:36 UTC ( 1 year, 1 month ago )
File names asdf.exe
Chrome_Plug-in_EN-US_WOL_WIN.exe
file-6798616_exe
6b2066583926fbc9bbcfd05072f4a6d068dcb162ab1824c1d9c09a7c1a5d2623.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests