× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74b3f09b811b1bf51682b1361e9b105df4715488734fdc503e985d8e9980c672
File name: SYM10001.exe_
Detection ratio: 38 / 68
Analysis date: 2018-08-14 04:05:34 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.Xorist.79 20180814
ALYac Gen:Variant.Ransom.Xorist.79 20180814
Arcabit Trojan.Ransom.Xorist.79 20180814
Avast Win32:LokiBot-A [Trj] 20180813
AVG Win32:LokiBot-A [Trj] 20180813
Avira (no cloud) HEUR/AGEN.1014551 20180813
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180814
BitDefender Gen:Variant.Ransom.Xorist.79 20180814
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.53372e 20180225
Cylance Unsafe 20180814
Cyren W32/Ransom.AY.gen!Eldorado 20180814
Emsisoft Gen:Variant.Ransom.Xorist.79 (B) 20180814
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.PBW 20180814
F-Prot W32/Ransom.AY.gen!Eldorado 20180814
F-Secure Gen:Variant.Ransom.Xorist.79 20180814
Fortinet MSIL/GenKryptik.BLNS!tr 20180814
GData Gen:Variant.Ransom.Xorist.79 20180814
Ikarus Trojan.MSIL.Injector 20180813
Sophos ML heuristic 20180717
Kaspersky HEUR:Backdoor.MSIL.Agent.gen 20180814
MAX malware (ai score=100) 20180814
McAfee Trojan-FGZT!B599D7B91385 20180814
McAfee-GW-Edition Trojan-FGZT!B599D7B91385 20180814
Microsoft Trojan:Win32/Occamy.C 20180814
eScan Gen:Variant.Ransom.Xorist.79 20180814
Palo Alto Networks (Known Signatures) generic.ml 20180814
Panda Trj/GdSda.A 20180813
Qihoo-360 Win32/Trojan.Ransom.0d9 20180814
Rising Backdoor.Agent!8.C5D (CLOUD) 20180814
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180814
Symantec ML.Attribute.HighConfidence 20180813
Tencent Msil.Backdoor.Agent.Pfsz 20180814
TrendMicro TROJ_GEN.R002C0PHD18 20180814
TrendMicro-HouseCall TROJ_GEN.R002C0PHD18 20180814
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.Agent.gen 20180814
AegisLab 20180814
AhnLab-V3 20180813
Alibaba 20180713
Antiy-AVL 20180814
Avast-Mobile 20180813
AVware 20180814
Babable 20180725
Bkav 20180813
CAT-QuickHeal 20180813
ClamAV 20180814
CMC 20180812
Comodo 20180814
DrWeb 20180814
eGambit 20180814
Jiangmin 20180814
K7AntiVirus 20180813
K7GW 20180814
Kingsoft 20180814
Malwarebytes 20180813
NANO-Antivirus 20180814
SUPERAntiSpyware 20180814
Symantec Mobile Insight 20180812
TACHYON 20180814
TheHacker 20180813
TotalDefense 20180813
Trustlook 20180814
VBA32 20180813
VIPRE 20180814
ViRobot 20180813
Webroot 20180814
Yandex 20180810
Zillya 20180812
Zoner 20180813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
F799v8rdEfHH

Product yyNMuy0LFBJF
Original name SYM10001.exe
Internal name SYM10001.exe
File version 87.24.49.47
Description M3Z99zienL7o
Comments qmxcparvNxBk
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-13 01:49:04
Entry Point 0x0004021E
Number of sections 3
.NET details
Module Version ID 152d34ba-a0b2-495c-a8e6-22546527ba05
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
qmxcparvNxBk

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
87.24.49.47

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
M3Z99zienL7o

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x4021e

OriginalFileName
SYM10001.exe

MIMEType
application/octet-stream

LegalCopyright
F799v8rdEfHH

FileVersion
87.24.49.47

TimeStamp
2018:08:13 02:49:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SYM10001.exe

ProductVersion
87.24.49.47

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
jVwxhFZX4DQk

CodeSize
254976

ProductName
yyNMuy0LFBJF

ProductVersionNumber
87.24.49.47

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
27.28.93.8

File identification
MD5 b599d7b91385fce1c4c7affe485e4f55
SHA1 68b078753372e747326ed92107747577cdd483d7
SHA256 74b3f09b811b1bf51682b1361e9b105df4715488734fdc503e985d8e9980c672
ssdeep
6144:vz33fqgdFMgQEbQ6rO8wOXipG85LNuQ0PAcpV4x6mYVPUdc78bY6FIraevzZ1FpD:vz33ycvOR6iB0qo78bY6FIraevzZ1LeQ

authentihash a750ad4b64c0261166fd70645d2641e95fe9d355ba72371ce3c1a381b698957a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 254.0 KB ( 260096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-08-13 20:59:50 UTC ( 1 month, 1 week ago )
Last submission 2018-08-13 20:59:50 UTC ( 1 month, 1 week ago )
File names SYM10001.exe_
SYM10001.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections