× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d7d709a9e7222161ff0c53da6d362f243109b91d58b80f77224b94fa42c7182
File name: kresss23.exe
Detection ratio: 43 / 70
Analysis date: 2018-11-27 07:40:13 UTC ( 5 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40778947 20181127
AegisLab Trojan.Win32.Generic.4!c 20181127
AhnLab-V3 Malware/Win32.Generic.C2854551 20181127
ALYac Trojan.GenericKD.40778947 20181127
Arcabit Trojan.Generic.D26E3CC3 20181127
Avast Win32:Malware-gen 20181127
AVG Win32:Malware-gen 20181127
Avira (no cloud) TR/AD.Sagonaire.avuvg 20181127
BitDefender Trojan.GenericKD.40778947 20181127
CAT-QuickHeal Trojan.Azden 20181126
CMC Virus.Win32.Sality!O 20181126
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cylance Unsafe 20181127
Cyren W32/Trojan.DIEZ-6515 20181127
DrWeb Trojan.PWS.Stealer.23680 20181127
Emsisoft Trojan.GenericKD.40778947 (B) 20181127
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EBUI 20181127
F-Secure Trojan.GenericKD.40778947 20181127
Fortinet W32/Injector.EBUI!tr 20181127
GData Trojan.GenericKD.40778947 20181127
Ikarus Trojan.Win32.Injector 20181126
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00541e151 ) 20181127
K7GW Trojan ( 00541e151 ) 20181127
Kaspersky Trojan.Win32.Hesv.dsri 20181127
McAfee RDN/Generic.dx 20181127
McAfee-GW-Edition RDN/Generic.dx 20181127
Microsoft Trojan:Win32/Occamy.C 20181127
eScan Trojan.GenericKD.40778947 20181127
NANO-Antivirus Trojan.Win32.Hesv.fkofxg 20181127
Palo Alto Networks (Known Signatures) generic.ml 20181127
Panda Trj/CI.A 20181126
Qihoo-360 Win32/Trojan.783 20181127
Rising Backdoor.Noancooe!8.176 (TFE:3:HlI9D0vndMQ) 20181127
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181127
Symantec Trojan Horse 20181127
Trapmine malicious.moderate.ml.score 20181126
TrendMicro TROJ_GEN.F0C2C00KO18 20181127
TrendMicro-HouseCall TROJ_GEN.F0C2C00KO18 20181127
VIPRE Trojan.Win32.Generic!BT 20181127
ZoneAlarm by Check Point Trojan.Win32.Hesv.dsri 20181127
Alibaba 20180921
Antiy-AVL 20181127
Avast-Mobile 20181127
Babable 20180918
Baidu 20181127
Bkav 20181126
ClamAV 20181127
Comodo 20181127
Cybereason 20180225
eGambit 20181127
F-Prot 20181127
Jiangmin 20181127
Kingsoft 20181127
Malwarebytes 20181127
MAX 20181127
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181127
Tencent 20181127
TheHacker 20181126
TotalDefense 20181127
Trustlook 20181127
VBA32 20181126
ViRobot 20181127
Webroot 20181127
Yandex 20181123
Zillya 20181126
Zoner 20181127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Java(TM) Platform SE 8
Original name keytool.exe
Internal name keytool
File version 8.0.1810.13
Description Java(TM) Platform SE binary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00153344
Number of sections 3
PE sections
PE imports
GetProcAddress
GetModuleHandleA
SHGetFolderPathA
RegCloseKey
ImageList_Add
GetSaveFileNameA
SaveDC
GradientFill
SysFreeString
ShellExecuteA
CharNextA
VerQueryValueA
Number of PE resources by type
RT_ICON 32
RT_RCDATA 27
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 2
RT_VERSION 2
RT_GROUP_ICON 2
IMAGE 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 48
RUSSIAN 35
ENGLISH US 25
PE resources
ExifTool file metadata
UninitializedDataSize
0

FileDescription
Java(TM) Platform SE binary

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.1810.13

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.8.0_181-b13

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, No debug, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
748544

EntryPoint
0x153344

OriginalFileName
keytool.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
8.0.1810.13

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
keytool

ProductVersion
8.0.1810.13

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
598528

ProductName
Java(TM) Platform SE 8

ProductVersionNumber
8.0.1810.13

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 07908b35d62a253c010bb49b93928a8b
SHA1 b340714367f4cf69e8af1e9d12150e42e620ea10
SHA256 6d7d709a9e7222161ff0c53da6d362f243109b91d58b80f77224b94fa42c7182
ssdeep
12288:8b1FSg/wFnnoLhPuORUDzq0wZA4HYvlgyyN3WgiS4Q:Q1tYCLhXeDYZVHsZsWA4

authentihash 1a585a7198aa5a19836075ade9039b3236597c944959806927b6feb8251a61b1
imphash acf02fe5982712525f30954e5648fb18
File size 716.0 KB ( 733184 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-21 16:59:15 UTC ( 6 months ago )
Last submission 2018-12-22 12:24:54 UTC ( 5 months ago )
File names 07908b35d62a253c010bb49b93928a8b
keytool
kresss23.exe
keytool.exe
6d7d709a9e7222161ff0c53da6d362f243109b91d58b80f77224b94fa42c7182.sample
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs