× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8428aa9dfa69438d98b0008b0dc7c9e8135889d893a77d5536aacf8b7e1ad6e7
File name: VPN-Pro.randpad.exe
Detection ratio: 7 / 46
Analysis date: 2013-10-25 05:42:11 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
AVG Generic33.BIGC 20131024
Yandex Trojan.Blocker!QGeiRRIY22g 20131024
AntiVir TR/Spy.Gen 20131025
Avast MSIL:BackDoor-C [Trj] 20131025
DrWeb Trojan.DownLoader10.15702 20131025
Jiangmin Trojan/Blocker.hbg 20131025
Rising Backdoor.Shadow!55A1 20131025
AhnLab-V3 20131024
Antiy-AVL 20131025
Baidu-International 20131024
BitDefender 20090218
Bkav 20131024
ByteHero 20131024
CAT-QuickHeal 20131023
ClamAV 20131025
Commtouch 20131025
Comodo 20131025
ESET-NOD32 20131024
Emsisoft 20131025
F-Prot 20131025
F-Secure 20131025
Fortinet 20131025
GData 20131025
Ikarus 20131025
K7AntiVirus 20131024
K7GW 20131024
Kaspersky 20131025
Kingsoft 20130829
Malwarebytes 20131025
McAfee 20131025
McAfee-GW-Edition 20131025
eScan 20131025
Microsoft 20131025
NANO-Antivirus 20131025
Norman 20131024
Panda 20131024
SUPERAntiSpyware 20131025
Sophos 20131025
Symantec 20131025
TheHacker 20131024
TotalDefense 20131024
TrendMicro 20131025
TrendMicro-HouseCall 20131025
VBA32 20131024
VIPRE 20131025
ViRobot 20131025
nProtect 20131025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013

Product VPN-Pro
Original name VPN-Pro.exe
Internal name VPN-Pro.exe
File version 1.0.0.0
Description VPN-Pro
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-15 21:41:31
Entry Point 0x001E849E
Number of sections 4
.NET details
Module Version ID e95ce212-f0ef-464f-953b-0e6d97ad60df
TypeLib ID b51b89fd-27d1-4631-a8ab-848220782cdb
PE sections
Overlays
MD5 377f5c18dd14640e584e397b88017c44
File type data
Offset 2065408
Size 1384
Entropy 7.86
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
72192

ImageVersion
0.0

ProductName
VPN-Pro

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
VPN-Pro.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2013:06:15 22:41:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VPN-Pro.exe

ProductVersion
1.0.0.0

FileDescription
VPN-Pro

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
1992192

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1e849e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 fc47a96e7617dbaef5890802ba99aa51
SHA1 5b0cac316763091f2c961f68b963b43234e435db
SHA256 8428aa9dfa69438d98b0008b0dc7c9e8135889d893a77d5536aacf8b7e1ad6e7
ssdeep
49152:JaaQPYYOQrEtAVy5/r56qfxpAFhrlfteP1BD4EaaQO:AaQPYYd8EOAqfxpehrdtePL4naQO

authentihash 8edae25e50e1873573212185dc80e8ed9a5c55cef66cea88a494fc0c92eb3e63
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.0 MB ( 2066792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe assembly overlay suspicious-udp

VirusTotal metadata
First submission 2013-10-25 05:42:11 UTC ( 3 years, 4 months ago )
Last submission 2016-01-01 05:00:48 UTC ( 1 year, 1 month ago )
File names VPN-Pro.randpad.exe
8428aa9dfa69438d98b0008b0dc7c9e8135889d893a77d5536aacf8b7e1ad6e7.vir
VPN-Pro.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications