× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
File name: jh1f.rar
Detection ratio: 26 / 50
Analysis date: 2014-02-22 13:53:15 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Risktool.Miner.B 20140222
AhnLab-V3 Trojan/Win64.BitCoinMiner 20140222
AntiVir SPR/BitCoin.R 20140222
Antiy-AVL RiskWare[RiskTool:not-a-virus]/Win64.BitCoinMiner 20140219
Baidu-International Trojan.Win64.BitCoinMiner.aKI 20140222
BitDefender Trojan.Risktool.Miner.B 20140222
Commtouch W64/BitCoinMiner.B 20140222
ESET-NOD32 a variant of Win64/BitCoinMiner.S 20140222
Emsisoft Trojan.Risktool.Miner.B (B) 20140222
F-Prot W64/BitCoinMiner.B 20140222
F-Secure Trojan.Risktool.Miner.B 20140222
GData Trojan.Risktool.Miner.B 20140222
Ikarus not-a-virus:RiskTool.Win64 20140222
K7AntiVirus Trojan ( 004905a71 ) 20140221
Kaspersky not-a-virus:RiskTool.Win64.BitCoinMiner.k 20140222
Malwarebytes Trojan.BitCoinMiner 20140222
McAfee Artemis!B10230D34CC5 20140222
McAfee-GW-Edition Artemis!B10230D34CC5 20140222
MicroWorld-eScan Trojan.Risktool.Miner.B 20140222
Panda HackTool/BitCoinMiner.A 20140222
Rising PE:Trojan.Win32.Generic.162A1480!371856512 20140222
TrendMicro HKTL_BITCOINMINE 20140222
TrendMicro-HouseCall HKTL_BITCOINMINE 20140222
VIPRE Trojan.Win32.Generic!BT 20140222
ViRobot Trojan.Win64.S.BitCoinMiner.147968 20140222
nProtect Trojan.Risktool.Miner.B 20140221
AVG 20140222
Agnitum 20140221
Avast 20140222
Bkav 20140222
ByteHero 20140222
CAT-QuickHeal 20140222
CMC 20140220
ClamAV 20140222
Comodo 20140222
DrWeb 20140222
Fortinet 20140222
Jiangmin 20140222
K7GW 20140220
Kingsoft 20140222
Microsoft 20140222
NANO-Antivirus 20140222
Norman 20140222
Qihoo-360 20140222
SUPERAntiSpyware 20140222
Sophos 20140222
Symantec 20140222
TheHacker 20140220
TotalDefense 20140222
VBA32 20140221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-11-23 23:37:18
Link date 12:37 AM 11/24/2013
Entry Point 0x0000BA38
Number of sections 7
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
RtlVirtualUnwind
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
IsValidCodePage
CompareStringW
CreateThread
GetModuleFileNameW
TlsFree
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
RtlUnwindEx
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
socket
WSAIoctl
closesocket
inet_addr
send
WSAStartup
gethostbyname
connect
htons
recv
WSAGetLastError
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
2013:11:24 00:37:18+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
98816

LinkerVersion
11.0

FileAccessDate
2014:02:22 14:53:28+01:00

EntryPoint
0xba38

InitializedDataSize
190976

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2014:02:22 14:53:28+01:00

UninitializedDataSize
0

File identification
MD5 b10230d34cc5a690883aea6e6a9f79d9
SHA1 a673adf5a38cbfe683d829be71fa6f63258cacca
SHA256 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
ssdeep
3072:V2cQVntYl+YiYiJ68d7odsIZTG66etk3ZaEYraLyMVw:YVn0+YxisdDZTGdeEHYeZ

imphash f6426da8c01b148f5ace3bf605de4dcc
File size 144.5 KB ( 147968 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2013-11-24 00:02:28 UTC ( 4 months, 3 weeks ago )
Last submission 2014-02-22 13:53:15 UTC ( 1 month, 3 weeks ago )
File names jh1f.exe
jh1f.rar
jh1e.exe..exe
jh1e.exe
file-6252318_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!