× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d1b27abc609ea31079556615da8108947a23713a9f94ffe713b615d23eaeb5c
File name: Adsshow_installer.exe
Detection ratio: 44 / 65
Analysis date: 2017-07-31 03:04:36 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5670527 20170731
AegisLab Uds.Dangerousobject.Multi!c 20170731
ALYac Trojan.GenericKD.5670527 20170731
Antiy-AVL Trojan/Win32.TSGeneric 20170731
Arcabit Trojan.Generic.D56867F 20170731
Avast Win32:Malware-gen 20170731
AVG Win32:Malware-gen 20170731
Avira (no cloud) TR/Downloader.jwcol 20170730
AVware Trojan.Win32.Generic!BT 20170731
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9521 20170728
BitDefender Trojan.GenericKD.5670527 20170731
Comodo UnclassifiedMalware 20170731
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
Cyren W32/Trojan.QZIW-6289 20170731
DrWeb Trojan.DownLoader25.11350 20170731
Emsisoft Trojan.GenericKD.5670527 (B) 20170731
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.DHZ 20170731
F-Secure Trojan.GenericKD.5670527 20170731
Fortinet MSIL/Agent.DKV!tr.dldr 20170731
GData Trojan.GenericKD.5670527 20170731
Ikarus Trojan-Downloader.MSIL.Agent 20170730
K7AntiVirus Trojan-Downloader ( 0050c83b1 ) 20170730
K7GW Trojan-Downloader ( 0050c83b1 ) 20170731
Kaspersky UDS:DangerousObject.Multi.Generic 20170731
MAX malware (ai score=100) 20170731
McAfee RDN/Generic Downloader.x 20170731
McAfee-GW-Edition RDN/Generic Downloader.x 20170731
Microsoft TrojanDownloader:MSIL/Worfload.A!bit 20170730
eScan Trojan.GenericKD.5670527 20170731
NANO-Antivirus Trojan.Win32.GenericKD.eoucic 20170731
Palo Alto Networks (Known Signatures) generic.ml 20170731
Panda Trj/GdSda.A 20170730
Rising Downloader.Agent!8.B23 (cloud:1cGjToJuKC) 20170731
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170731
Symantec Trojan.Gen.2 20170730
Tencent Msil.Trojan-downloader.Agent.Hpsh 20170731
TrendMicro TROJ_CLICKER.GPVH 20170731
TrendMicro-HouseCall TROJ_CLICKER.GPVH 20170731
VIPRE Trojan.Win32.Generic!BT 20170731
Webroot W32.Adware.Gen 20170731
Yandex Trojan.DL.Agent!PV8Ttxkrlxk 20170728
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170731
AhnLab-V3 20170730
Alibaba 20170731
Bkav 20170729
CAT-QuickHeal 20170729
ClamAV 20170731
CMC 20170730
Cylance 20170731
F-Prot 20170731
Sophos ML 20170607
Jiangmin 20170731
Kingsoft 20170731
Malwarebytes 20170731
nProtect 20170731
Qihoo-360 20170731
SUPERAntiSpyware 20170730
Symantec Mobile Insight 20170730
TheHacker 20170730
TotalDefense 20170730
Trustlook 20170731
VBA32 20170728
ViRobot 20170730
WhiteArmor 20170730
Zillya 20170728
Zoner 20170731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product IShow
Original name IShow.exe
Internal name IShow.exe
File version 1.0.0.0
Description IShow
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-21 08:50:51
Entry Point 0x00003AA2
Number of sections 3
.NET details
Module Version ID 5b1b7e09-4f93-44dd-93b1-0e648e5c1c87
TypeLib ID fcf0b788-7d14-474b-a1cc-88c42a60249c
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x3aa2

OriginalFileName
IShow.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:07:21 09:50:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IShow.exe

ProductVersion
1.0.0.0

FileDescription
IShow

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
7168

ProductName
IShow

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 291f15f1851c0d273f88e8d006ae5cb4
SHA1 6b4706efe088e49943b3a2c75a54cc27807bdbde
SHA256 6d1b27abc609ea31079556615da8108947a23713a9f94ffe713b615d23eaeb5c
ssdeep
192:NEb4zVJeVMNH6EV5YBAW+TofN+5+8m+Q+Pm+9++m+WfN+gh5ye:NEsJePEV58XZVoChjE0fVhh5y

authentihash ab5b13a2283dc73245b9b7d4e4360ec959c4c6aa1d5245b1210b13eb8341b058
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 9.5 KB ( 9728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-07-21 10:01:33 UTC ( 1 year, 4 months ago )
Last submission 2017-11-08 22:42:30 UTC ( 1 year, 1 month ago )
File names IShow.exe
Adsshow_installer.exe
AfficheOne.exe
adsshow_installer.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications