× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 754456c2ab37d8001d04e5317aca0d2973378dc02bf7d8e254944ace89399f4e
File name: 4261b93f020833764be8f970f817c4ca.exe
Detection ratio: 37 / 55
Analysis date: 2016-12-26 10:12:18 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware Generic.MSIL.Bladabindi.9424B9D7 20161226
AhnLab-V3 Backdoor/Win32.Bladabindi.C880567 20161226
Arcabit Generic.MSIL.Bladabindi.9424B9D7 20161226
Avast MSIL:Bladabindi-JK [Trj] 20161226
AVG Win32/Hedo 20161226
Avira (no cloud) TR/ATRAPS.Gen 20161226
Baidu MSIL.Backdoor.Bladabindi.a 20161207
BitDefender Generic.MSIL.Bladabindi.9424B9D7 20161226
CAT-QuickHeal Backdoor.Bladabindi.B3 20161226
ClamAV Win.Trojan.B-468 20161226
Comodo TrojWare.MSIL.Spy.Agent.CP 20161226
Cyren W32/MSIL_Troj.AP.gen!Eldorado 20161226
DrWeb Win32.HLLW.Autoruner2.26602 20161226
Emsisoft Generic.MSIL.Bladabindi.9424B9D7 (B) 20161226
ESET-NOD32 a variant of MSIL/Bladabindi.AS 20161226
F-Prot W32/MSIL_Troj.AP.gen!Eldorado 20161226
F-Secure Generic.MSIL.Bladabindi.9424B9D7 20161226
Fortinet MSIL/Generic.AP.1609D6!tr 20161226
GData Generic.MSIL.Bladabindi.9424B9D7 20161226
Ikarus Backdoor.MSIL 20161226
Sophos ML backdoor.msil.bladabindi.aa 20161216
K7AntiVirus Trojan ( 700000121 ) 20161226
K7GW Trojan ( 700000121 ) 20161226
Kaspersky HEUR:Trojan.Win32.Generic 20161226
Malwarebytes Backdoor.NJRat 20161226
McAfee Trojan-FIGN 20161226
McAfee-GW-Edition BehavesLike.Win32.BackdoorNJRat.nm 20161226
Microsoft Backdoor:MSIL/Bladabindi.B 20161225
eScan Generic.MSIL.Bladabindi.9424B9D7 20161226
NANO-Antivirus Trojan.Win32.Autoruner2.ebrjyu 20161226
Panda Trj/GdSda.A 20161225
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20161226
Rising Backdoor.MSIL.Bladabindi!1.9E49 (classic) 20161226
Sophos AV Mal/MSIL-BA 20161226
Symantec Heur.AdvML.B 20161226
TrendMicro BKDR_BLADABI.SMC 20161226
TrendMicro-HouseCall BKDR_BLADABI.SMC 20161226
AegisLab 20161226
Alibaba 20161223
Antiy-AVL 20161226
AVware 20161226
Bkav 20161224
CMC 20161226
CrowdStrike Falcon (ML) None
Jiangmin 20161226
Kingsoft 20161226
nProtect 20161226
SUPERAntiSpyware 20161226
Tencent 20161226
TheHacker 20161222
TotalDefense 20161226
Trustlook 20161226
VBA32 20161223
VIPRE 20161226
ViRobot 20161226
WhiteArmor 20161221
Yandex 20161225
Zillya 20161223
Zoner 20161226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-26 04:07:50
Entry Point 0x0000ABFE
Number of sections 3
.NET details
Module Version ID 88ed7db4-b10b-413c-9444-8624bcee5c45
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:26 05:07:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36352

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
1536

SubsystemVersion
4.0

EntryPoint
0xabfe

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 5800048191d96b9105d2ffe9db33057c
SHA1 fd80c8e20157d156d5f770c75ab03fb2b3cb3792
SHA256 754456c2ab37d8001d04e5317aca0d2973378dc02bf7d8e254944ace89399f4e
ssdeep
384:AAUroWm6i/CzjxAdjYWaSyFzRcPL28mMjh6rAF+rMRTyN/0L+EcoinblneHQM3eK:PUHaC+mNhFzRcS1MorM+rMRa8Nu/Wt

authentihash 8203d15c8edcc6e0ac9dbb8ad986a315b412037353cd4d3dee20d4e7db7e15de
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 37.5 KB ( 38400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-12-26 10:12:18 UTC ( 2 years, 2 months ago )
Last submission 2016-12-26 10:12:18 UTC ( 2 years, 2 months ago )
File names 4261b93f020833764be8f970f817c4ca.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!