× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7546aeef6e1418a051434a7440f8a30eb33fc35ed83ded7540d23aa12d5918d4
File name: NEWPO.exe
Detection ratio: 24 / 67
Analysis date: 2018-05-10 12:23:12 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MSIL.C2212204 20180510
Avira (no cloud) TR/Dropper.Gen 20180510
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180510
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180510
Cyren W32/Ursu.F.gen!Eldorado 20180510
eGambit Unsafe.AI_Score_80% 20180510
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Injector.SHI 20180510
Fortinet MSIL/Injector.TAH!tr 20180510
Ikarus Trojan-Spy.Agent 20180509
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005265a71 ) 20180510
K7GW Trojan ( 005265a71 ) 20180510
Kaspersky HEUR:Trojan.Win32.Generic 20180510
McAfee Packed-XI!FC0241391F00 20180510
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20180510
Qihoo-360 HEUR/QVM03.0.11E8.Malware.Gen 20180510
SentinelOne (Static ML) static engine - malicious 20180225
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180510
Symantec ML.Attribute.HighConfidence 20180510
TrendMicro BKDR_ASDROP.SMZVP 20180510
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180510
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180510
Ad-Aware 20180510
AegisLab 20180510
Alibaba 20180510
ALYac 20180510
Antiy-AVL 20180510
Arcabit 20180510
Avast 20180510
Avast-Mobile 20180509
AVG 20180510
AVware 20180428
Babable 20180406
BitDefender 20180510
Bkav 20180510
CAT-QuickHeal 20180510
ClamAV 20180510
CMC 20180510
Comodo 20180510
Cybereason None
DrWeb 20180510
Emsisoft 20180510
F-Prot 20180510
F-Secure 20180510
GData 20180510
Jiangmin 20180510
Kingsoft 20180510
Malwarebytes 20180510
MAX 20180510
Microsoft 20180510
eScan 20180510
NANO-Antivirus 20180510
nProtect 20180510
Palo Alto Networks (Known Signatures) 20180510
Panda 20180509
Rising 20180510
Sophos AV 20180510
Symantec Mobile Insight 20180509
Tencent 20180510
TheHacker 20180509
TotalDefense 20180510
Trustlook 20180510
VBA32 20180510
VIPRE 20180510
ViRobot 20180510
Webroot 20180510
Yandex 20180508
Zillya 20180508
Zoner 20180509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004-2018 by Sandboxie Holdings, LLC

Product Sandboxie
Original name SandboxieBITS.exe
Internal name BITS
File version 5.24
Description Sandboxie COM Services (BITS)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-10 10:58:03
Entry Point 0x000A765E
Number of sections 4
.NET details
Module Version ID d411148f-1c98-4cfd-85be-d2b9de716089
PE sections
Overlays
MD5 20509c26c1dd210a110304f2fb775a69
File type ASCII text
Offset 724480
Size 5240
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.24.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sandboxie COM Services (BITS)

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
45568

EntryPoint
0xa765e

OriginalFileName
SandboxieBITS.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2018 by Sandboxie Holdings, LLC

FileVersion
5.24

TimeStamp
2018:05:10 11:58:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BITS

ProductVersion
5.24

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sandboxie Holdings, LLC

CodeSize
677888

ProductName
Sandboxie

ProductVersionNumber
5.24.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 fc0241391f00a07807f2d0a6562521d3
SHA1 ffb44799b1aa0f014ea5e0e94a9267d69aac4482
SHA256 7546aeef6e1418a051434a7440f8a30eb33fc35ed83ded7540d23aa12d5918d4
ssdeep
12288:Kkrb0dvb0PwBwSUUUPtsSdMCwQk5rr8rBIv4KPscYE6/oqTmHi9U+paU/djqGXLQ:pb4wm8OS+Vf8FIv4q/6/faHwIkdjDLv

authentihash ccf526850d3c6239f35666809983da768dada6808e485e7fe0286527386a2e53
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 712.6 KB ( 729720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-10 12:23:12 UTC ( 11 months, 2 weeks ago )
Last submission 2018-05-16 12:12:01 UTC ( 11 months, 1 week ago )
File names SandboxieBITS.exe
NEWPO.exe
BITS
52d4589b28c993f1dec48644d1e6dca3aebe1dd3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!