× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 808067918568f48d587493636f3ca1dcdb41f2e4149a53a5defe697613818727
File name: gXWNi.bin
Detection ratio: 14 / 65
Analysis date: 2018-10-29 00:34:36 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.MSIL.Gen 20181028
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cybereason malicious.8fc296 20180225
Cylance Unsafe 20181029
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.MSIL.Disfa.gen 20181028
McAfee-GW-Edition BehavesLike.Win32.Generic.fm 20181028
Microsoft Trojan:Win32/Fuerboos.C!cl 20181028
Palo Alto Networks (Known Signatures) generic.ml 20181029
Qihoo-360 HEUR/QVM03.0.D649.Malware.Gen 20181029
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181028
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Disfa.gen 20181028
Ad-Aware 20181028
AegisLab 20181028
AhnLab-V3 20181028
Alibaba 20180921
ALYac 20181028
Arcabit 20181029
Avast 20181029
Avast-Mobile 20181028
AVG 20181029
Babable 20180918
Baidu 20181026
BitDefender 20181028
Bkav 20181025
CAT-QuickHeal 20181028
ClamAV 20181028
CMC 20181028
Cyren 20181028
DrWeb 20181028
eGambit 20181029
Emsisoft 20181028
ESET-NOD32 20181028
F-Prot 20181028
F-Secure 20181028
Fortinet 20181028
GData 20181028
Ikarus 20181028
Jiangmin 20181028
K7AntiVirus 20181028
K7GW 20181025
Kingsoft 20181029
Malwarebytes 20181029
MAX 20181029
McAfee 20181028
eScan 20181028
NANO-Antivirus 20181028
Panda 20181028
Rising 20181028
Sophos AV 20181029
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181028
Tencent 20181029
TheHacker 20181025
TrendMicro 20181028
TrendMicro-HouseCall 20181029
Trustlook 20181029
VBA32 20181026
ViRobot 20181028
Webroot 20181029
Yandex 20181026
Zillya 20181028
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
fGMWKwDsXtCSTeD

Product ZbECSrTmBtNGYXa
Original name gXWNi.exe
Internal name gXWNi.exe
File version 6.9.5.4
Description sKGWfQbTCSSrpZD
Comments bMQKBeNzDYMsRtZ
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-28 22:11:36
Entry Point 0x0005400A
Number of sections 5
.NET details
Module Version ID 292153f9-c35c-4320-bffb-edf62be118a9
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
bMQKBeNzDYMsRtZ

InitializedDataSize
279040

ImageVersion
0.0

ProductName
ZbECSrTmBtNGYXa

FileVersionNumber
6.9.5.4

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
gXWNi.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.9.5.4

TimeStamp
2018:10:28 23:11:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gXWNi.exe

ProductVersion
6.9.5.4

FileDescription
sKGWfQbTCSSrpZD

OSVersion
4.0

FileOS
Win32

LegalCopyright
fGMWKwDsXtCSTeD

MachineType
Intel 386 or later, and compatibles

CompanyName
DbRgDGHtGCRjpYX

CodeSize
39936

FileSubtype
0

ProductVersionNumber
6.9.5.4

EntryPoint
0x5400a

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 699ef5c752e17dd85b6c985c815078d8
SHA1 7ed2d468fc2962085160ab0406ae9985d9bfd097
SHA256 808067918568f48d587493636f3ca1dcdb41f2e4149a53a5defe697613818727
ssdeep
3072:+Lsp+lJT8UWi/c2TGA/8e06ELKBDe5GMncd8jAb9eRxVC:Ws01p+qBDe5GMncdc6wxV

authentihash dfa723439443e71294d425bfa57a5a7bb2e82ffbe8af6e73d6e8bca7f9b249aa
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 312.5 KB ( 320000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-10-29 00:34:36 UTC ( 6 months, 3 weeks ago )
Last submission 2018-11-08 08:25:55 UTC ( 6 months, 2 weeks ago )
File names gXWNi.bin
gXWNi.exe
svchost.123
699ef5c752e17dd85b6c985c815078d8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections