× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7011a0de5db5033a13c844f7a73be6a1d5100fb5815d0afe6f177b7bd29eb823
File name: jtfscr.scr.exe
Detection ratio: 44 / 63
Analysis date: 2019-02-23 09:58:31 UTC ( 4 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Razy.251561 20190301
AhnLab-V3 Trojan/Win32.Kryptik.C2403373 20190301
Arcabit Trojan.Razy.D3D6A9 20190301
Avast Win32:Malware-gen 20190301
AVG Win32:Malware-gen 20190301
Avira (no cloud) HEUR/AGEN.1013212 20190301
BitDefender Gen:Variant.Razy.251561 20190301
CAT-QuickHeal Trojan.Generic 20190228
Comodo Malware@#3dcottefbh2vh 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.9d01b6 20190109
Cyren W32/Trojan.TVTW-8672 20190301
DrWeb Trojan.PWS.Stealer.19347 20190301
eGambit Generic.Malware 20190301
Emsisoft Gen:Variant.Razy.251561 (B) 20190301
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/Kryptik.MKV 20190301
F-Secure Heuristic.HEUR/AGEN.1013212 20190301
Fortinet MSIL/Kryptik.MKV!tr 20190301
GData Gen:Variant.Razy.251561 20190301
Ikarus Trojan.VB.Crypt 20190301
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005263901 ) 20190301
K7GW Trojan ( 005263901 ) 20190301
Kaspersky HEUR:Trojan.Win32.Generic 20190301
Malwarebytes Spyware.AgentTesla.Generic 20190301
McAfee Packed-VL!9F855AE9D01B 20190301
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190301
Microsoft Trojan:Win32/Dynamer!rfn 20190301
eScan Gen:Variant.Razy.251561 20190301
NANO-Antivirus Trojan.Win32.Stealer.exuuco 20190301
Palo Alto Networks (Known Signatures) generic.ml 20190301
Panda Trj/GdSda.A 20190301
Qihoo-360 Win32/Trojan.616 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190301
Symantec ML.Attribute.HighConfidence 20190301
Tencent Win32.Trojan.Generic.Hxgf 20190301
Trapmine malicious.high.ml.score 20190301
VBA32 TrojanPSW.Stealer 20190301
Webroot W32.Trojan.Dynamer 20190301
Yandex Trojan.Agent!D2e3xutleCs 20190301
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190301
AegisLab 20190301
Alibaba 20180921
Antiy-AVL 20190301
Avast-Mobile 20190301
Babable 20180918
Baidu 20190215
ClamAV 20190228
CMC 20190301
Jiangmin 20190301
Kingsoft 20190301
MAX 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190301
TheHacker 20190225
TotalDefense 20190301
Trustlook 20190301
VIPRE 20190301
ViRobot 20190301
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2015 Amtran

Product Amtran Dc Noobb
Original name jtfscr.scr.exe
Internal name jtfscr.scr.exe
File version 14.2.6.12
Description Amtran
Comments Amtran Noobb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-05 21:37:40
Entry Point 0x0003F29E
Number of sections 3
.NET details
Module Version ID f4246f80-9e01-4aac-a7b8-b3e2d90aa308
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Amtran Noobb

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.2.6.12

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Amtran

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x3f29e

OriginalFileName
jtfscr.scr.exe

MIMEType
application/octet-stream

LegalCopyright
(c) 2015 Amtran

FileVersion
14.2.6.12

TimeStamp
2018:02:05 22:37:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jtfscr.scr.exe

ProductVersion
14.2.6.12

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Amtran

CodeSize
253952

ProductName
Amtran Dc Noobb

ProductVersionNumber
14.2.6.12

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.17.19.11

File identification
MD5 9f855ae9d01b630feee03c25d9fc01b6
SHA1 936598d10e5866272ddecb03e355be0b10e3a07a
SHA256 7011a0de5db5033a13c844f7a73be6a1d5100fb5815d0afe6f177b7bd29eb823
ssdeep
6144:sfAdvrBHUwgltmzQjQBq/3owEi+FTGw0PvB8JbRYj7:pdvFHAj0oYjtZGLPqJbRY

authentihash 91f0f0852d1d7cb17cbe6874d631631f5045c372dce2201ad2da203bddae74ca
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly nxdomain via-tor

VirusTotal metadata
First submission 2018-02-08 01:38:11 UTC ( 1 year, 1 month ago )
Last submission 2018-02-11 23:51:26 UTC ( 1 year, 1 month ago )
File names VirusShare_9f855ae9d01b630feee03c25d9fc01b6
jtfscr.scr.exe
sepprod.com__jtfscr.scr.exe
505f0e02be9a831c629162503dc8c8a48ebde366
output.112823784.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications