× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81e882a394af440cea06cb490105efd721ffba30ca88ea92573d2f9ef27d2c86
File name: AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe
Detection ratio: 49 / 67
Analysis date: 2018-11-07 01:42:28 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.182576 20181107
AhnLab-V3 Trojan/Win32.Bladabindi.C891026 20181106
ALYac Spyware.AgentTesla 20181106
Antiy-AVL Trojan[Spy]/MSIL.AgentTesla 20181106
Arcabit Trojan.Razy.D2C930 20181106
Avast MSIL:Crypt-AAL [Trj] 20181107
AVG MSIL:Crypt-AAL [Trj] 20181107
Avira (no cloud) TR/Dropper.Gen 20181106
BitDefender Gen:Variant.Razy.182576 20181106
CAT-QuickHeal Backdoor.Androm.FC.738 20181105
ClamAV Win.Dropper.Razy-6519812-0 20181107
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.4e5ce6 20180225
Cylance Unsafe 20181107
Cyren W32/MSIL_Troj.CT.gen!Eldorado 20181107
DrWeb Trojan.PWS.Stealer.19347 20181107
Emsisoft Gen:Variant.Razy.182576 (B) 20181107
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20181107
F-Prot W32/MSIL_Troj.CT.gen!Eldorado 20181107
F-Secure Gen:Variant.Razy.182576 20181106
Fortinet MSIL/Injector.PE!tr 20181107
GData Gen:Variant.Razy.182576 20181107
Ikarus Trojan-Spy.Keylogger.AgentTesla 20181106
Sophos ML heuristic 20180717
Jiangmin Trojan.MSIL.kgzf 20181106
K7AntiVirus Trojan ( 0052d5341 ) 20181106
K7GW Trojan ( 0052d5341 ) 20181106
Kaspersky HEUR:Trojan.MSIL.Generic 20181106
Malwarebytes Trojan.Agent.Gen 20181106
MAX malware (ai score=100) 20181107
McAfee Trojan-FPEL!38D1A9D4E5CE 20181107
McAfee-GW-Edition BehavesLike.Win32.Generic.cm 20181106
Microsoft TrojanSpy:MSIL/AgentTesla.gen!bit 20181106
eScan Gen:Variant.Razy.182576 20181107
NANO-Antivirus Trojan.Win32.Stealer.fgazgi 20181107
Palo Alto Networks (Known Signatures) generic.ml 20181107
Panda Trj/GdSda.A 20181106
Qihoo-360 Win32/Trojan.8a8 20181107
Rising Spyware.Agent!8.C6 (CLOUD) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181106
Symantec Trojan Horse 20181106
Tencent Win32.Trojan.Generic.Lmur 20181107
TrendMicro TSPY_NEGASTEAL.SMILA 20181107
TrendMicro-HouseCall TSPY_NEGASTEAL.SMILA 20181107
Webroot W32.Trojan.Gen 20181107
Yandex Trojan.Agent!QvSqDP1ZAoU 20181106
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20181107
AegisLab 20181107
Alibaba 20180921
Avast-Mobile 20181106
Babable 20180918
Baidu 20181106
Bkav 20181106
CMC 20181106
eGambit 20181107
Kingsoft 20181107
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181105
TACHYON 20181107
TheHacker 20181104
TotalDefense 20181106
Trustlook 20181107
VBA32 20181106
ViRobot 20181106
Zillya 20181106
Zoner 20181107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe
Internal name AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-01 11:55:58
Entry Point 0x0003183E
Number of sections 3
.NET details
Module Version ID e10228b9-7747-4831-8b66-3bc04f64e773
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x3183e

OriginalFileName
AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:08:01 12:55:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
195072

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 38d1a9d4e5ce632d0b9d0e12c34f99f9
SHA1 8d4ae688a0837087cec61a9c1d3206339c5804cc
SHA256 81e882a394af440cea06cb490105efd721ffba30ca88ea92573d2f9ef27d2c86
ssdeep
3072:jxa8G/8T3SDXUZGZkH+kf1Fg8WurbB9GUudzQQ1alX2oBvOolYZ/rg:s8G/2SDXUL1bB9Gbql1HQ

authentihash 0bcbbae791cd3e84c6583c68ac0bf7b7260e3cf431618c58fa567f409eeb29ff
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-08-01 19:34:50 UTC ( 4 months, 1 week ago )
Last submission 2018-08-27 14:48:26 UTC ( 3 months, 2 weeks ago )
File names a.gif
extracted.vir
extracted-1.exe
AEKLSAVAKHVJCZNJNHQCXBZOFUDUJKYVQTHMKQUZ.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections