× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7996756b93e4fdb5481096edfcf26ca938e99efe66112a4a7cc7d2cff86d65c5
File name: crypted.120.exe_akE
Detection ratio: 2 / 57
Analysis date: 2015-08-19 20:45:52 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
McAfee Packed-FF!7AB7E455FE58 20150819
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150819
Ad-Aware 20150819
AegisLab 20150819
Yandex 20150819
AhnLab-V3 20150819
Alibaba 20150819
ALYac 20150819
Antiy-AVL 20150819
Arcabit 20150819
Avast 20150819
AVG 20150819
Avira (no cloud) 20150819
AVware 20150819
Baidu-International 20150819
BitDefender 20150819
Bkav 20150819
ByteHero 20150819
CAT-QuickHeal 20150819
ClamAV 20150819
CMC 20150819
Comodo 20150819
Cyren 20150819
DrWeb 20150819
Emsisoft 20150819
ESET-NOD32 20150819
F-Prot 20150819
F-Secure 20150819
Fortinet 20150819
GData 20150819
Ikarus 20150819
Jiangmin 20150819
K7AntiVirus 20150819
K7GW 20150819
Kaspersky 20150819
Kingsoft 20150819
Malwarebytes 20150819
McAfee-GW-Edition 20150819
Microsoft 20150819
eScan 20150819
NANO-Antivirus 20150819
nProtect 20150819
Panda 20150819
Rising 20150817
Sophos AV 20150819
SUPERAntiSpyware 20150818
Symantec 20150819
Tencent 20150819
TheHacker 20150818
TotalDefense 20150819
TrendMicro 20150819
TrendMicro-HouseCall 20150819
VBA32 20150819
VIPRE 20150819
ViRobot 20150819
Zillya 20150819
Zoner 20150819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-21 10:39:01
Entry Point 0x000315BE
Number of sections 3
.NET details
Module Version ID d37d6aea-3ff9-49f4-b20e-48a3dd63d2cd
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
CHINESE HONGKONG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
11776

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

riendDispelContestantsexe
4

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
97.84.2.

TimeStamp
2008:10:21 11:39:01+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BefriendDispelContestants.exe

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
194048

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x315be

ObjectFileType
Executable application

File identification
MD5 7ab7e455fe58b23f821602144113e9f4
SHA1 4e3a4b2663b8cd29c1199b9e025c26c7ff5e9f18
SHA256 7996756b93e4fdb5481096edfcf26ca938e99efe66112a4a7cc7d2cff86d65c5
ssdeep
6144:r5OCtcQH3G9F7Ix41awzFVkyXelU7PVpK:dcG3GrIoRFVku1

authentihash 81d3e4153888834cf29427a16dd1b09d04476244a3ddb0f184b7402016fb4f71
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 201.5 KB ( 206336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-08-19 17:54:39 UTC ( 2 years, 12 months ago )
Last submission 2015-08-21 03:09:19 UTC ( 2 years, 12 months ago )
File names crypted.120.exe_akE
crypted.120.exe
jRHp90.ini
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!