× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85dd1f03eaf0bc5cc5505a4338615bcb67ae438166e05ed83656e2cb36ce8a33
File name: Ya Houssen.exe
Detection ratio: 44 / 62
Analysis date: 2017-03-31 04:18:58 UTC ( 3 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.352490 20170330
AegisLab Troj.Notifier.MSIL.Agent.j!c 20170330
AhnLab-V3 Trojan/Win32.HDC.C347460 20170330
ALYac Gen:Variant.Kazy.352490 20170330
Antiy-AVL Trojan[Notifier]/MSIL.Agent 20170330
Arcabit Trojan.Kazy.D560EA 20170330
Avast Win32:Dropper-gen [Drp] 20170330
AVG Generic35.CJPS 20170330
Avira (no cloud) TR/Notif.MSIL.Agent.j 20170330
AVware Trojan.Win32.Generic!BT 20170330
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20170330
BitDefender Gen:Variant.Kazy.352490 20170330
CAT-QuickHeal Trojan.Dynamer 20170330
Comodo UnclassifiedMalware 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/GenBl.4141842E!Olympus 20170330
Emsisoft Gen:Variant.Kazy.352490 (B) 20170330
ESET-NOD32 a variant of MSIL/Bladabindi.DD 20170331
F-Secure Gen:Variant.Kazy.352490 20170330
Fortinet W32/Agent.J!tr 20170330
GData Gen:Variant.Kazy.352490 20170330
Ikarus Trojan-Notifier.MSIL 20170330
Invincea trojan.win32.skeeyah.a!rfn 20170203
Jiangmin Trojan/MSIL.fbtz 20170330
K7AntiVirus Trojan ( 004b489a1 ) 20170330
K7GW Trojan ( 004b489a1 ) 20170330
Kaspersky Trojan-Notifier.MSIL.Agent.j 20170330
McAfee Artemis!4141842E30ED 20170330
McAfee-GW-Edition Artemis!Trojan 20170331
eScan Gen:Variant.Kazy.352490 20170331
NANO-Antivirus Trojan.Win32.Bladabindi.dzttja 20170331
Palo Alto Networks (Known Signatures) generic.ml 20170331
Panda Generic Malware 20170330
Qihoo-360 HEUR/Malware.QVM03.Gen 20170331
Rising Trojan.Generic (cloud:fpLNhqgwSpO) 20170330
Sophos Mal/Generic-S 20170331
Symantec Trojan.Gen 20170330
Tencent Msil.Trojan.Agent.Ozrt 20170331
VBA32 TrojanNotifier.MSIL.Agent 20170330
VIPRE Trojan.Win32.Generic!BT 20170331
Webroot W32.Malware.Heur 20170331
Yandex Trojan.Agent!RRO7D2HV8+I 20170327
Zillya Trojan.Agent.Win32.470313 20170329
ZoneAlarm by Check Point Trojan-Notifier.MSIL.Agent.j 20170331
Alibaba 20170331
Bkav 20170330
ClamAV 20170330
CMC 20170330
DrWeb 20170330
Endgame 20170330
F-Prot 20170330
Kingsoft 20170331
Malwarebytes 20170330
Microsoft 20170330
nProtect 20170331
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
TheHacker 20170330
TotalDefense 20170330
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
ViRobot 20170331
WhiteArmor 20170327
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product Ya Houssen
Original name Ya Houssen.exe
Internal name Ya Houssen.exe
File version 1.0.0.0
Description Ya Houssen
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-23 14:19:07
Entry Point 0x00005A8E
Number of sections 4
.NET details
Module Version ID 31b04a7c-3505-4e9b-8d43-926b1f1db340
TypeLib ID 6cb59f56-1bef-405b-ab2d-fe7e5aca5658
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x5a8e

OriginalFileName
Ya Houssen.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2014:01:23 15:19:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ya Houssen.exe

ProductVersion
1.0.0.0

FileDescription
Ya Houssen

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
15360

ProductName
Ya Houssen

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 4141842e30edaf429309ea6bc2374ef5
SHA1 6eacbfd34a8ca27da54ba7b82910d0dfd11b1c9d
SHA256 85dd1f03eaf0bc5cc5505a4338615bcb67ae438166e05ed83656e2cb36ce8a33
ssdeep
384:BweSa82wbKffUGeuTLffAnYE2R46q+LRFBTf71F8lucSEV:Ke63b2UAHXNll6lum

authentihash 25ca89a554d55ec3c95457f4c77110e47e03496f7591040c76d4c124068916b2
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-02-11 11:20:29 UTC ( 3 years, 2 months ago )
Last submission 2016-10-04 17:49:08 UTC ( 6 months, 3 weeks ago )
File names 4141842e30edaf429309ea6bc2374ef5
411dce86-b45c-464a-9b14-9d4e0980427d
06
Attack.m.exe
4141842e30edaf429309ea6bc2374ef5.exe
1.exe
4141842e30edaf429309ea6bc2374ef5.exe
867d9af4-2d69-430b-8a54-0d2398b992ea
vti-rescan
mau virus so (31).bin
VigenTests (8029).exe
Attack.m.exe
Ya Houssen.exe
file-6921359_
7.exe
runme.exe
4141842e30edaf429309ea6bc2374ef5
VigenTests (182).exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0C1C0EG715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!