× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87feade22c18a0fc5ba3776af53704aa0c7bd2401151b05a76dc3fb99c8411ff
File name: poloport.exe
Detection ratio: 49 / 64
Analysis date: 2019-02-23 10:02:28 UTC ( 3 weeks, 6 days ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Razy.233808 20190301
AhnLab-V3 Trojan/Win32.Kryptik.C2400916 20190301
ALYac Trojan.MSIL.Crypt.gen 20190301
Antiy-AVL Trojan/MSIL.AGeneric 20190301
Arcabit Trojan.Razy.D39150 20190301
Avast Win32:Malware-gen 20190301
AVG Win32:Malware-gen 20190301
Avira (no cloud) HEUR/AGEN.1013206 20190301
BitDefender Gen:Variant.Razy.233808 20190301
CAT-QuickHeal Trojan.MSIL 20190228
Comodo Malware@#2l9iwyh9d4cfa 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.367d9e 20190109
Cyren W32/Trojan.GYRP-7680 20190301
DrWeb Trojan.PWS.Stealer.19347 20190301
eGambit Generic.Malware 20190301
Emsisoft Gen:Variant.Razy.233808 (B) 20190301
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/Kryptik.MAV 20190301
F-Secure Heuristic.HEUR/AGEN.1013206 20190301
Fortinet MSIL/Kryptik.MAV!tr 20190301
GData Gen:Variant.Razy.233808 20190301
Ikarus Trojan-Spy.Agent 20190301
Sophos ML heuristic 20181128
Jiangmin Trojan.MSIL.iejp 20190301
K7AntiVirus Trojan ( 005208091 ) 20190301
K7GW Trojan ( 005208091 ) 20190301
Kaspersky HEUR:Trojan.MSIL.Generic 20190301
MAX malware (ai score=100) 20190301
McAfee Artemis!CEFD943367D9 20190301
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20190301
Microsoft VirTool:MSIL/Injector.TQ!bit 20190301
eScan Gen:Variant.Razy.233808 20190301
NANO-Antivirus Trojan.Win32.Kryptik.ewysye 20190301
Palo Alto Networks (Known Signatures) generic.ml 20190301
Panda Trj/CI.A 20190301
Qihoo-360 Win32/Trojan.7c5 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190301
Symantec Trojan.Gen 20190301
Tencent Msil.Trojan.Generic.Tejl 20190301
TheHacker Trojan/Kryptik.mav 20190224
Trapmine malicious.high.ml.score 20190228
VBA32 TrojanPSW.Stealer 20190301
VIPRE Trojan.Win32.Generic!BT None
Webroot W32.Trojan.Gen 20190301
Yandex Trojan.Agent!j8sLi7m0TBY 20190301
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20190301
AegisLab 20190301
Alibaba 20180921
Avast-Mobile 20190301
Babable 20180917
Baidu 20190214
ClamAV 20190228
CMC 20190301
Kingsoft 20190301
Malwarebytes 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190228
TotalDefense 20190301
Trustlook 20190301
ViRobot 20190301
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) Computer Associates International

Product Computer Associates International Checker Arto
Original name poloport.exe
Internal name poloport.exe
File version 2.9.4.1
Description Computer Associates International
Comments Computer Associates International Arto
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-04 08:03:40
Entry Point 0x0003F35E
Number of sections 3
.NET details
Module Version ID 2a6cc8bd-b048-49cd-90e8-a464e824cd31
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_MANIFEST 2
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Computer Associates International Arto

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.9.4.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Computer Associates International

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
199168

EntryPoint
0x3f35e

OriginalFileName
poloport.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Computer Associates International

FileVersion
2.9.4.1

TimeStamp
2018:01:04 00:03:40-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
poloport.exe

ProductVersion
2.9.4.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Computer Associates International Company

CodeSize
250880

ProductName
Computer Associates International Checker Arto

ProductVersionNumber
2.9.4.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
11.19.16.19

File identification
MD5 cefd943367d9ebe51f30c18053812003
SHA1 79a7f9f8a27201a7a9c154ec8a939a5e78bd3405
SHA256 87feade22c18a0fc5ba3776af53704aa0c7bd2401151b05a76dc3fb99c8411ff
ssdeep
6144:oeortxP0Zsl0r7sMaO1YbmpgJhmAUVx56uob+9kZm6+tN9/0Kvv9K5pVm4s8/bVE:xQtR1Gs7O1YUgDeYu0eks6S/0Y+auG

authentihash efaa6b83e4ce1d406cac38037c1890e403c26f7ba4cc02cc747a647946ffb03f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 440.0 KB ( 450560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-01-06 16:55:43 UTC ( 1 year, 2 months ago )
Last submission 2018-07-23 03:45:33 UTC ( 8 months ago )
File names 79a7f9f8a27201a7a9c154ec8a939a5e78bd3405
cefd943367d9ebe51f30c18053812003.exe
jit.exe
output.112826518.txt
VirusShare_cefd943367d9ebe51f30c18053812003
poloport.exe
jit.exe
poloport.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!