× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ae327f79e4ee26f6850f9ad7a89fef6bbd3fbec3d2181fb48cba11141955002
File name: bad.exe
Detection ratio: 7 / 61
Analysis date: 2017-04-07 10:53:33 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170406
CAT-QuickHeal (Suspicious) - DNAScan 20170407
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170407
Sophos ML trojan.win32.sirefef.p 20170203
Qihoo-360 HEUR/QVM20.1.5286.Malware.Gen 20170407
Symantec ML.Attribute.HighConfidence 20170406
Ad-Aware 20170407
AegisLab 20170407
AhnLab-V3 20170407
Alibaba 20170407
ALYac 20170407
Antiy-AVL 20170407
Arcabit 20170407
Avast 20170407
AVG 20170407
Avira (no cloud) 20170407
AVware 20170407
BitDefender 20170407
Bkav 20170407
ClamAV 20170407
CMC 20170407
Comodo 20170407
Cyren 20170407
DrWeb 20170407
Emsisoft 20170407
ESET-NOD32 20170407
F-Prot 20170407
F-Secure 20170407
Fortinet 20170407
GData 20170407
Ikarus 20170407
Jiangmin 20170407
K7AntiVirus 20170407
K7GW 20170407
Kaspersky 20170407
Kingsoft 20170407
Malwarebytes 20170407
McAfee 20170407
McAfee-GW-Edition 20170407
Microsoft 20170407
eScan 20170407
NANO-Antivirus 20170407
nProtect 20170407
Palo Alto Networks (Known Signatures) 20170407
Panda 20170406
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170407
SUPERAntiSpyware 20170407
Symantec Mobile Insight 20170406
Tencent 20170407
TheHacker 20170406
TrendMicro 20170407
TrendMicro-HouseCall 20170407
Trustlook 20170407
VBA32 20170407
VIPRE 20170407
ViRobot 20170407
Webroot 20170407
WhiteArmor 20170327
Yandex 20170406
Zillya 20170406
ZoneAlarm by Check Point 20170407
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-07 01:40:17
Entry Point 0x00001910
Number of sections 10
PE sections
PE imports
GetUserNameW
ImmEnumRegisterWordA
ImmGetConversionListW
GetWriteWatch
GetDriveTypeW
OpenJobObjectW
FormatMessageW
GetTickCount
FreeConsole
GetCommandLineA
GetProcAddress
GetModuleHandleW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:04:07 02:40:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1910

InitializedDataSize
135168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 840d64d6e7671139194ea958af8ca457
SHA1 e329eedc437db8bbf9c9c00a18aff4630d982414
SHA256 7ae327f79e4ee26f6850f9ad7a89fef6bbd3fbec3d2181fb48cba11141955002
ssdeep
1536:oS/vPviuEVCotwOCezjKVm/BTbMtg1EJsheG5bYglxObGQ4/KoSfddI1gejiI:fXqtVbkQ2kTotSEJsCGOqQwYfdmjj

authentihash 9da6dcc2946cb9659623dbb9a15d67d3a13d0f0097fee61f9032768fe1b80c1e
imphash 6349a11e1e7950a4d3b43ebb73b4b715
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-07 10:53:33 UTC ( 1 year, 10 months ago )
Last submission 2017-08-19 00:17:53 UTC ( 1 year, 6 months ago )
File names bad.exe
redchip4.exe
0bcs53.dll
840d64d6e7671139194ea958af8ca457.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs