× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72dbccd101da722c7d572f79efa7c65c87968dee6a444a3c27a9c12876a929d1
File name: milano.exe
Detection ratio: 1 / 55
Analysis date: 2015-07-24 12:54:25 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.BackdoorNJRat.gc 20150724
Ad-Aware 20150724
AegisLab 20150724
Yandex 20150723
AhnLab-V3 20150723
Alibaba 20150724
ALYac 20150724
Antiy-AVL 20150724
Arcabit 20150724
Avast 20150724
AVG 20150724
Avira (no cloud) 20150724
AVware 20150724
Baidu-International 20150724
BitDefender 20150724
Bkav 20150724
ByteHero 20150724
CAT-QuickHeal 20150724
ClamAV 20150724
Comodo 20150724
Cyren 20150724
DrWeb 20150724
Emsisoft 20150724
ESET-NOD32 20150724
F-Prot 20150724
F-Secure 20150724
Fortinet 20150724
GData 20150724
Ikarus 20150724
Jiangmin 20150723
K7AntiVirus 20150724
K7GW 20150724
Kaspersky 20150724
Kingsoft 20150724
Malwarebytes 20150724
McAfee 20150724
Microsoft 20150724
eScan 20150724
NANO-Antivirus 20150724
nProtect 20150723
Panda 20150724
Qihoo-360 20150724
Rising 20150722
Sophos AV 20150724
SUPERAntiSpyware 20150724
Symantec 20150724
Tencent 20150724
TheHacker 20150723
TrendMicro 20150724
TrendMicro-HouseCall 20150724
VBA32 20150723
VIPRE 20150724
ViRobot 20150724
Zillya 20150724
Zoner 20150724
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-24 07:42:45
Entry Point 0x0004DB2E
Number of sections 3
.NET details
Module Version ID fe41c3ed-850e-44e0-b4d7-fb023338de29
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:24 08:42:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
310272

LinkerVersion
8.0

EntryPoint
0x4db2e

InitializedDataSize
138752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6b65d58031845f290f2a109ead245ab4
SHA1 60054f5e08983c148808d0e90bb16d9852779c12
SHA256 72dbccd101da722c7d572f79efa7c65c87968dee6a444a3c27a9c12876a929d1
ssdeep
6144:d51ZHokmD60tTgroWYrDfiY5vOpEVovXdmNa+mBV76w1sCeXLd3e/6MEi:vgO0tsro5Ph4mVovNmBIDeXLd386

authentihash 7414822f73156da33f63d74c434317d7835e93af2de7ed1abbfaa5c54b1dffb1
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 439.0 KB ( 449536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-07-24 12:54:25 UTC ( 2 years, 2 months ago )
Last submission 2016-10-17 11:40:24 UTC ( 11 months, 2 weeks ago )
File names milano.exe
6b65d58031845f290f2a109ead245ab4.exe
72dbccd101da722c7d572f79efa7c65c87968dee6a444a3c27a9c12876a929d1.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0DGT15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests