× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
File name: jh1f.exe
Detection ratio: 28 / 54
Analysis date: 2014-07-15 07:09:02 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Risktool.Miner.B 20140715
AhnLab-V3 Trojan/Win64.BitCoinMiner 20140714
AntiVir SPR/BitCoin.R 20140715
Antiy-AVL RiskWare[RiskTool:not-a-virus]/Win64.BitCoinMiner 20140715
Baidu-International Trojan.Win64.BitCoinMiner.awY 20140714
BitDefender Trojan.Risktool.Miner.B 20140715
Commtouch W64/BitCoinMiner.B 20140715
DrWeb Program.PrimeCoinMiner.5 20140715
ESET-NOD32 a variant of Win64/BitCoinMiner.Z 20140715
Emsisoft Trojan.Risktool.Miner.B (B) 20140715
F-Prot W64/BitCoinMiner.B 20140715
F-Secure Trojan.Risktool.Miner.B 20140715
GData Trojan.Risktool.Miner.B 20140715
Ikarus not-a-virus:RiskTool.Win64 20140715
Kaspersky not-a-virus:RiskTool.Win64.BitCoinMiner.k 20140715
Malwarebytes Trojan.BitCoinMiner 20140715
McAfee Artemis!B10230D34CC5 20140715
McAfee-GW-Edition BehavesLike.Win64.BadFile.ch 20140715
MicroWorld-eScan Trojan.Risktool.Miner.B 20140715
Panda HackTool/BitCoinMiner.A 20140714
Rising PE:Trojan.Win32.Generic.162A1480!371856512 20140713
Symantec WS.Reputation.1 20140715
Tencent Win64.Risk.Bitcoinminer.Ksza 20140715
TrendMicro HKTL_BITCOINMINE 20140715
TrendMicro-HouseCall HKTL_BITCOINMINE 20140715
VIPRE Trojan.Win32.Generic!BT 20140715
ViRobot Trojan.Win64.S.BitCoinMiner.147968 20140715
nProtect Trojan.Risktool.Miner.B 20140714
AVG 20140715
AegisLab 20140715
Agnitum 20140714
Avast 20140715
Bkav 20140714
ByteHero 20140715
CAT-QuickHeal 20140715
CMC 20140714
ClamAV 20140714
Comodo 20140715
Fortinet 20140715
Jiangmin 20140715
K7AntiVirus 20140714
K7GW 20140714
Kingsoft 20140715
Microsoft 20140715
NANO-Antivirus 20140715
Norman 20140715
Qihoo-360 20140715
SUPERAntiSpyware 20140715
Sophos 20140715
TheHacker 20140714
TotalDefense 20140715
VBA32 20140714
Zillya 20140714
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-11-23 23:37:18
Link date 12:37 AM 11/24/2013
Entry Point 0x0000BA38
Number of sections 7
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
RtlVirtualUnwind
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
IsValidCodePage
CompareStringW
CreateThread
GetModuleFileNameW
TlsFree
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
RtlUnwindEx
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
socket
WSAIoctl
closesocket
inet_addr
send
WSAStartup
gethostbyname
connect
htons
recv
WSAGetLastError
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
2013:11:24 00:37:18+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
98816

LinkerVersion
11.0

FileAccessDate
2014:07:15 08:10:26+01:00

EntryPoint
0xba38

InitializedDataSize
190976

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2014:07:15 08:10:26+01:00

UninitializedDataSize
0

File identification
MD5 b10230d34cc5a690883aea6e6a9f79d9
SHA1 a673adf5a38cbfe683d829be71fa6f63258cacca
SHA256 865b480f7ec90ffb8738f581658f24b6f81cbc6fefb0f540f01644a51e51f167
ssdeep
3072:V2cQVntYl+YiYiJ68d7odsIZTG66etk3ZaEYraLyMVw:YVn0+YxisdDZTGdeEHYeZ

imphash f6426da8c01b148f5ace3bf605de4dcc
File size 144.5 KB ( 147968 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2013-11-24 00:02:28 UTC ( 1 year, 5 months ago )
Last submission 2014-07-15 07:09:02 UTC ( 9 months, 2 weeks ago )
File names B10230D34CC5A690883AEA6E6A9F79D9.bin
jh1e.exe
jh1f.exe
file-6252318_exe
jh1f.rar
jh1e.exe..exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!