× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d1d6a09771e44136766005d4f98b696817a2b8bdc7ea6103da54fbcee1d3357
File name: d86ea07f3d7c9d49c4365e5cf2e6b69a.virus
Detection ratio: 48 / 61
Analysis date: 2017-05-12 20:26:32 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.kshirTXRLffib 20170512
AegisLab W32.W.Bagle.l0vE 20170512
AhnLab-V3 HEUR/Fakon.mwf 20170512
Arcabit Trojan.Heur.kshirTXRLffib 20170512
Avast Win32:Rootkit-gen [Rtk] 20170512
AVG Worm/Generic.BRIF 20170512
Avira (no cloud) TR/Dropper.Gen 20170512
AVware Trojan.Win32.Generic!BT 20170512
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20170503
BitDefender Gen:Trojan.Heur.kshirTXRLffib 20170512
ClamAV Win.Trojan.Stray-1 20170512
Comodo TrojWare.Win32.VB.NIR 20170512
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Worm.OWTH-8657 20170512
DrWeb Trojan.Banyak 20170512
Emsisoft Gen:Trojan.Heur.kshirTXRLffib (B) 20170512
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/VB.NIR 20170512
F-Prot W32/Worm.MXX 20170512
F-Secure Gen:Trojan.Heur.kshirTXRLffib 20170512
Ikarus Packer.Expressor 20170512
Sophos ML generic.a 20170413
Jiangmin Trojan/DiskAutorun.azv 20170512
K7AntiVirus P2PWorm ( 0001261c1 ) 20170512
K7GW P2PWorm ( 0001261c1 ) 20170512
Kaspersky Worm.Win32.AutoRun.acq 20170512
Kingsoft Win32.Troj.VB.(kcloud) 20170512
McAfee W32/Autorun.worm.f 20170512
McAfee-GW-Edition BehavesLike.Win32.Yahlover.vz 20170512
Microsoft Worm:Win32/Nofupat.A 20170512
eScan Gen:Trojan.Heur.kshirTXRLffib 20170512
NANO-Antivirus Trojan.Win32.Rbot.dwyvu 20170512
Panda Trj/Astry.A 20170512
Qihoo-360 Malware.Radar01.Gen 20170512
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Behav-033 20170512
SUPERAntiSpyware Trojan.Agent/Gen-Falprod 20170512
Symantec Trojan.Astry 20170511
TheHacker Trojan/Refroso.drxr 20170508
TotalDefense Win32/Rbot.HQD 20170512
TrendMicro WORM_AUTORUN.MA 20170512
TrendMicro-HouseCall WORM_AUTORUN.MA 20170512
VBA32 Trojan.VBRA.03940 20170512
VIPRE Trojan.Win32.Generic!BT 20170512
ViRobot Trojan.Win32.Autorun.155476[h] 20170512
Yandex Trojan.VB!SyQ1hYk+1fg 20170512
Zillya Trojan.VB.Win32.26783 20170511
ZoneAlarm by Check Point Worm.Win32.AutoRun.acq 20170512
Alibaba 20170512
ALYac 20170512
Bkav None
CAT-QuickHeal 20170512
CMC 20170512
Fortinet 20170512
GData 20170512
Malwarebytes 20170512
nProtect 20170512
Palo Alto Networks (Known Signatures) 20170512
Rising None
Symantec Mobile Insight 20170512
Tencent 20170512
Webroot 20170512
WhiteArmor 20170512
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product scvhost
Original name u121.exe
Internal name u121
File version 1.02.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-03 05:52:15
Entry Point 0x0006B42C
Number of sections 4
PE sections
Overlays
MD5 212ff08390341a916f15b8074b4d639f
File type data
Offset 155476
Size 2121728
Entropy 2.09
PE imports
LoadLibraryExA
GetModuleHandleA
VirtualFree
ExitProcess
VirtualProtect
GetProcAddress
VirtualAlloc
GetModuleFileNameA
__vbaStrI2
MessageBoxA
Number of PE resources by type
RT_ICON 13
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4800

EntryPoint
0x6b42c

OriginalFileName
u121.exe

MIMEType
application/octet-stream

FileVersion
1.02.0001

TimeStamp
2007:04:03 06:52:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
u121

ProductVersion
1.02.0001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
0

ProductName
scvhost

ProductVersionNumber
1.2.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d86ea07f3d7c9d49c4365e5cf2e6b69a
SHA1 45495a721dd8c03f5808c1348c813208dd8dbe4a
SHA256 6d1d6a09771e44136766005d4f98b696817a2b8bdc7ea6103da54fbcee1d3357
ssdeep
12288:sj4B0rxx7X3wwGTf2YKLbadQ/0QfSiOa:6x7SybadG0QM

authentihash 6de351d5fc77a582e18bf436ef7c808db4480a78add0811ec60c75f157989284
imphash 68906ae7651124668e2dc5774a31ee42
File size 2.2 MB ( 2277204 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-05-12 20:26:32 UTC ( 1 year, 9 months ago )
Last submission 2017-05-12 20:26:32 UTC ( 1 year, 9 months ago )
File names u121
d86ea07f3d7c9d49c4365e5cf2e6b69a.virus
u121.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!