× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
File name: output.113110800.txt
Detection ratio: 42 / 67
Analysis date: 2018-04-16 19:48:49 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4714131 20180416
AegisLab Troj.Dropper.Msil!c 20180416
ALYac Trojan.GenericKD.4714131 20180416
Antiy-AVL Trojan/MSIL.Packed.Confuser.P 20180416
Arcabit Trojan.Generic.D47EE93 20180416
Avast Win32:Malware-gen 20180416
AVG Win32:Malware-gen 20180416
Avira (no cloud) TR/Dropper.MSIL.Gen2 20180416
AVware Trojan.Win32.Generic!BT 20180416
BitDefender Trojan.GenericKD.4714131 20180416
CAT-QuickHeal Trojan.Generic 20180416
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180416
Cyren W32/Trojan.PUQN-8480 20180416
eGambit Unsafe.AI_Score_98% 20180416
Emsisoft Trojan.GenericKD.4714131 (B) 20180416
Endgame malicious (high confidence) 20180403
F-Secure Trojan.GenericKD.4714131 20180416
GData Trojan.GenericKD.4714131 20180416
Ikarus Trojan.Dropper 20180416
Sophos ML heuristic 20180121
Kaspersky HEUR:Trojan.Win32.Generic 20180416
MAX malware (ai score=99) 20180416
McAfee RDN/Generic Dropper 20180416
McAfee-GW-Edition BehavesLike.Win32.Generic.hh 20180416
Microsoft Trojan:Win32/Tiggre!rfn 20180416
eScan Trojan.GenericKD.4714131 20180416
NANO-Antivirus Trojan.Win32.PUQN8480.ezglse 20180416
Palo Alto Networks (Known Signatures) generic.ml 20180416
Panda Trj/CI.A 20180416
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20180416
Rising Trojan.Generic!8.C3 (TFE:C:jAA6KaZaPrR) 20180416
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180416
Symantec Trojan.Gen 20180416
TrendMicro TROJ_GEN.R002C0DAG18 20180416
TrendMicro-HouseCall TROJ_GEN.R002C0DAG18 20180416
VIPRE Trojan.Win32.Generic!BT 20180416
Webroot W32.Trojan.Gen 20180416
Yandex Trojan.DR.MSIL!A4TCyczXN8M 20180414
Zillya Trojan.GenericKD.Win32.6743 20180416
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180416
AhnLab-V3 20180416
Alibaba 20180416
Avast-Mobile 20180416
Baidu 20180416
Bkav 20180410
ClamAV 20180416
CMC 20180416
Comodo 20180416
Cybereason None
DrWeb 20180416
ESET-NOD32 20180416
F-Prot 20180416
Fortinet 20180416
Jiangmin 20180416
K7AntiVirus 20180416
K7GW 20180416
Kingsoft 20180416
Malwarebytes 20180416
nProtect 20180416
SUPERAntiSpyware 20180416
Symantec Mobile Insight 20180412
Tencent 20180416
TheHacker 20180415
TotalDefense 20180416
Trustlook 20180416
VBA32 20180414
ViRobot 20180416
WhiteArmor 20180408
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product GrabHWID
Original name OERegistration.exe
Internal name OERegistration.exe
File version 1.0.0.0
Description GrabHWID
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 17:17:49
Entry Point 0x00048CEE
Number of sections 4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
GrabHWID

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
230912

EntryPoint
0x48cee

OriginalFileName
OERegistration.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2015:04:02 19:17:49+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
OERegistration.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
290304

ProductName
GrabHWID

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Execution parents
Compressed bundles
File identification
MD5 cb59ba1506204e720978fd84ec80eab2
SHA1 5487f5cef62479380d9e3661179c9347cf32699f
SHA256 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
ssdeep
12288:jayJ4MYENS73qAE0scV/MGKd93EmPEJb1hBSPZk5YfJVw2eiqw:XHYENSjvyGIEm6hWw

authentihash 2f6be7c094b4026e3d16e542a105a2773fb2514d19d1210c68ca4c0787f406da
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 510.0 KB ( 522240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
Win16/32 Executable Delphi generic (4.1%)
OS/2 Executable (generic) (4.0%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2015-04-04 14:55:21 UTC ( 3 years, 10 months ago )
Last submission 2018-09-15 18:50:28 UTC ( 5 months ago )
File names svch.exe
eqnedt.exe
output.113193052.txt
HWID.exe
obc.exe
output.113193050.txt
EQNEDT.exe
output.113297028.txt
PPT.EXE
OERegistration.exe
output.113193046.txt
OE Registration.exe
output.112921270.txt
Win32.Trojan.Agent@8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23.bin
8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
vbc6.exe
output.113110800.txt
pt.exe
vbc7.exe
pt.exe
vbc4.exe
output.113193048.txt
ppt.exe
jpg.exe
OE Registration.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08JC0OG715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!