× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
File name: jh1f.exe
Detection ratio: 30 / 56
Analysis date: 2015-10-27 01:23:55 UTC ( 7 months ago )
Antivirus Result Update
ALYac Trojan.Risktool.Miner.B 20151027
AVware Trojan.Win32.Generic!BT 20151027
Ad-Aware Trojan.Risktool.Miner.B 20151027
AhnLab-V3 Trojan/Win64.BitCoinMiner 20151027
Antiy-AVL RiskWare[RiskTool:not-a-virus]/Win64.BitCoinMiner 20151027
Arcabit Trojan.Risktool.Miner.B 20151027
Avira (no cloud) SPR/BitCoin.R 20151027
Baidu-International Hacktool.Win64.BitCoinMiner.k 20151026
BitDefender Trojan.Risktool.Miner.B 20151027
Cyren W64/BitCoinMiner.B 20151027
DrWeb Program.PrimeCoinMiner.5 20151027
ESET-NOD32 a variant of Win64/BitCoinMiner.K potentially unsafe 20151027
Emsisoft Trojan.Risktool.Miner.B (B) 20151027
F-Prot W64/BitCoinMiner.B 20151027
F-Secure Trojan.Risktool.Miner.B 20151027
GData Trojan.Risktool.Miner.B 20151027
Ikarus not-a-virus:RiskTool.Win64 20151027
Kaspersky not-a-virus:RiskTool.Win64.BitCoinMiner.k 20151027
Malwarebytes Trojan.BitCoinMiner 20151026
McAfee Artemis!B10230D34CC5 20151027
eScan Trojan.Risktool.Miner.B 20151027
Panda Generic Malware 20151026
Rising PE:Trojan.Win32.Generic.162A1480!371856512 [F] 20151026
Symantec Trojan.Gen.2 20151026
Tencent Win64.Risk.Bitcoinminer.Ksza 20151027
TrendMicro HKTL_BITCOINMINE 20151027
TrendMicro-HouseCall HKTL_BITCOINMINE 20151027
VIPRE Trojan.Win32.Generic!BT 20151027
ViRobot Trojan.Win64.S.BitCoinMiner.147968[h] 20151026
nProtect Trojan.Risktool.Miner.B 20151026
AVG 20151026
AegisLab 20151026
Yandex 20151026
Alibaba 20151027
Avast 20151027
Bkav 20151026
ByteHero 20151027
CAT-QuickHeal 20151027
CMC 20151026
ClamAV 20151027
Comodo 20151027
Fortinet 20151026
Jiangmin 20151026
K7AntiVirus 20151026
K7GW 20151027
McAfee-GW-Edition 20151030
Microsoft 20151027
NANO-Antivirus 20151026
Qihoo-360 20151027
SUPERAntiSpyware 20151027
Sophos 20151027
TheHacker 20151026
TotalDefense 20151026
VBA32 20151026
Zillya 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-11-23 23:37:18
Entry Point 0x0000BA38
Number of sections 7
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
RtlVirtualUnwind
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
IsValidCodePage
CompareStringW
CreateThread
GetModuleFileNameW
TlsFree
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
RtlUnwindEx
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
socket
WSAIoctl
closesocket
inet_addr
send
WSAStartup
gethostbyname
connect
htons
recv
WSAGetLastError
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2013:11:24 00:37:18+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
98816

LinkerVersion
11.0

EntryPoint
0xba38

InitializedDataSize
190976

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 b10230d34cc5a690883aea6e6a9f79d9
SHA1 a673adf5a38cbfe683d829be71fa6f63258cacca
SHA256 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
ssdeep
3072:V2cQVntYl+YiYiJ68d7odsIZTG66etk3ZaEYraLyMVw:YVn0+YxisdDZTGdeEHYeZ

authentihash 603478ab07e69e36e4431b86ce62e15e8bdacbd2606f51b41b735a0f937fae65
imphash f6426da8c01b148f5ace3bf605de4dcc
File size 144.5 KB ( 147968 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2013-11-24 00:02:28 UTC ( 2 years, 6 months ago )
Last submission 2014-07-15 07:09:02 UTC ( 1 year, 10 months ago )
File names B10230D34CC5A690883AEA6E6A9F79D9.bin
jh1e.exe
jh1f.exe
file-6252318_exe
jh1f.rar
jh1e.exe..exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!