× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ebee481f938b4bcab768a6419f77d42058612d18e6e4a6272d0df34abbf158d
File name: output.114999307.txt
Detection ratio: 43 / 71
Analysis date: 2019-01-23 11:37:49 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.31543961 20190123
ALYac Trojan.GenericKD.31543961 20190123
Arcabit Trojan.Generic.D1E15299 20190123
Avast Win32:Trojan-gen 20190122
AVG Win32:Trojan-gen 20190123
BitDefender Trojan.GenericKD.31543961 20190123
Comodo Malware@#rgy55bs2r8w4 20190123
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.c15d2d 20190109
Cylance Unsafe 20190123
Cyren W32/MSIL_Injector.PY.gen!Eldorado 20190123
DrWeb Trojan.Fbng.8 20190123
Emsisoft Trojan.GenericKD.31543961 (B) 20190123
ESET-NOD32 a variant of MSIL/Kryptik.QPE 20190123
F-Prot W32/MSIL_Injector.PY.gen!Eldorado 20190123
F-Secure Trojan.GenericKD.31543961 20190123
Fortinet MSIL/Kryptik.QPE!tr 20190122
GData Trojan.GenericKD.31543961 20190123
Ikarus Trojan.MSIL.Crypt 20190123
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545e451 ) 20190123
K7GW Trojan ( 00545e451 ) 20190123
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen 20190123
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20190123
MAX malware (ai score=100) 20190123
McAfee RDN/Generic.grp 20190123
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190122
Microsoft Trojan:Win32/Occamy.C 20190122
eScan Trojan.GenericKD.31543961 20190123
NANO-Antivirus Trojan.Win32.Fbng.fmglgk 20190123
Palo Alto Networks (Known Signatures) generic.ml 20190123
Panda Trj/GdSda.A 20190122
Qihoo-360 HEUR/QVM03.0.A2DB.Malware.Gen 20190123
Rising Backdoor.NanoBot!8.28C (TFE:D:90d2P7PhqDP) 20190123
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Generic-S 20190123
Symantec Trojan.Gen.2 20190122
Tencent Win32.Trojan.Inject.Auto 20190123
TrendMicro TrojanSpy.Win32.NANOCORE.THABBAI 20190122
TrendMicro-HouseCall TrojanSpy.Win32.NANOCORE.THABBAI 20190122
VBA32 TScope.Trojan.MSIL 20190123
ZoneAlarm by Check Point HEUR:Trojan-Spy.MSIL.Noon.gen 20190123
AegisLab 20190123
AhnLab-V3 20190123
Alibaba 20180921
Antiy-AVL 20190123
Avast-Mobile 20190123
Avira (no cloud) 20190122
AVware 20180925
Babable 20180917
Baidu 20190122
Bkav 20190123
CAT-QuickHeal 20190122
ClamAV 20190122
CMC 20190123
eGambit 20190123
Endgame 20181108
Jiangmin 20190122
Kingsoft 20190123
SUPERAntiSpyware 20190116
TACHYON 20190122
TheHacker 20190118
TotalDefense 20190122
Trapmine 20190123
Trustlook 20190123
ViRobot 20190123
Webroot 20190123
Yandex 20190122
Zillya 20190122
Zoner 20190122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 Port of Lisbon

Product Custom error handler
Original name sysmain.exe
Internal name sysmain.exe
File version 8.1.19.2
Description Custom error handler
Comments ogihizezevabahunewus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-18 10:41:07
Entry Point 0x0005DDDE
Number of sections 3
.NET details
Module Version ID bb43b074-d28c-4b6d-8ac8-c3dfeeab9d5e
TypeLib ID 7e20c752-25d6-4df9-bd5e-a9ecab4b08c0
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
ogihizezevabahunewus

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.1.19.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Custom error handler

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x5ddde

OriginalFileName
sysmain.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Port of Lisbon

FileVersion
8.1.19.2

TimeStamp
2008:12:18 11:41:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sysmain.exe

ProductVersion
8.1.19.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Port of Lisbon

CodeSize
376320

ProductName
Custom error handler

ProductVersionNumber
8.1.19.2

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 1953c505eda03015431675f6265635bc
SHA1 aef478dc15d2db2bfb3618c113e4fee6d8f04f3d
SHA256 6ebee481f938b4bcab768a6419f77d42058612d18e6e4a6272d0df34abbf158d
ssdeep
6144:6GCkmXcNj8QqFsGD/fKiKzqGSwxXBy/dpc+hShLpwAElA7m/qPvg5+4:eXcNGjAYMX8/mpwAEV4g

authentihash d6d80c1681cccbb138a8ee0d45c124d5ec5d803da67d4a4e264ad16edff11333
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 370.5 KB ( 379392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2019-01-18 23:51:42 UTC ( 4 months, 1 week ago )
Last submission 2019-01-23 11:53:17 UTC ( 4 months ago )
File names output.114998774.txt
21754268
output.114999307.txt
sysmain.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!