× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
File name: 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
Detection ratio: 42 / 68
Analysis date: 2018-10-10 11:56:29 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4714131 20181010
AegisLab Trojan.Win32.Generic.4!c 20181010
ALYac Trojan.GenericKD.4714131 20181010
Antiy-AVL Trojan/MSIL.Packed.Confuser.P 20181010
Arcabit Trojan.Generic.D47EE93 20181010
Avast Win32:Malware-gen 20181010
AVG Win32:Malware-gen 20181010
Avira (no cloud) TR/Dropper.MSIL.Gen2 20181010
BitDefender Trojan.GenericKD.4714131 20181010
CAT-QuickHeal Trojan.Generic 20181008
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.506204 20180225
Cylance Unsafe 20181010
Cyren W32/Trojan.PUQN-8480 20181010
Emsisoft Trojan.GenericKD.4714131 (B) 20181010
Endgame malicious (high confidence) 20180730
F-Secure Trojan.GenericKD.4714131 20181010
GData Trojan.GenericKD.4714131 20181010
Ikarus Trojan.Dropper 20181010
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20181010
MAX malware (ai score=99) 20181010
McAfee RDN/Generic Dropper 20181010
McAfee-GW-Edition RDN/Generic Dropper 20181010
Microsoft Trojan:Win32/Tiggre!rfn 20181010
eScan Trojan.GenericKD.4714131 20181010
NANO-Antivirus Trojan.Win32.PUQN8480.ezglse 20181010
Palo Alto Networks (Known Signatures) generic.ml 20181010
Panda Trj/CI.A 20181009
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20181010
Rising Trojan.Generic!8.C3 (TFE:C:jAA6KaZaPrR) 20181010
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181010
Symantec ML.Attribute.HighConfidence 20181010
Tencent Win32.Trojan.Generic.Szlh 20181010
TrendMicro TROJ_GEN.R002C0PID18 20181010
TrendMicro-HouseCall TROJ_GEN.R002C0PID18 20181010
VIPRE Trojan.Win32.Generic!BT 20181009
Webroot W32.Trojan.Gen 20181010
Yandex Trojan.DR.MSIL!A4TCyczXN8M 20181010
Zillya Trojan.GenericKD.Win32.6743 20181010
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181010
AhnLab-V3 20181010
Alibaba 20180921
Avast-Mobile 20181010
Babable 20180918
Baidu 20181010
Bkav 20181009
ClamAV 20181010
CMC 20181010
Comodo 20181010
DrWeb 20181010
eGambit 20181010
ESET-NOD32 20181010
F-Prot 20181010
Fortinet 20181010
Jiangmin 20181009
K7AntiVirus 20181010
K7GW 20181010
Kingsoft 20181010
Malwarebytes 20181010
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181010
TheHacker 20181008
TotalDefense 20181010
Trustlook 20181010
VBA32 20181010
ViRobot 20181010
Zoner 20181010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product GrabHWID
Original name OERegistration.exe
Internal name OERegistration.exe
File version 1.0.0.0
Description GrabHWID
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 17:17:49
Entry Point 0x00048CEE
Number of sections 4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
GrabHWID

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
230912

EntryPoint
0x48cee

OriginalFileName
OERegistration.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2015:04:02 19:17:49+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
OERegistration.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
290304

ProductName
GrabHWID

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Execution parents
Compressed bundles
File identification
MD5 cb59ba1506204e720978fd84ec80eab2
SHA1 5487f5cef62479380d9e3661179c9347cf32699f
SHA256 8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
ssdeep
12288:jayJ4MYENS73qAE0scV/MGKd93EmPEJb1hBSPZk5YfJVw2eiqw:XHYENSjvyGIEm6hWw

authentihash 2f6be7c094b4026e3d16e542a105a2773fb2514d19d1210c68ca4c0787f406da
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 510.0 KB ( 522240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
Win16/32 Executable Delphi generic (4.1%)
OS/2 Executable (generic) (4.0%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2015-04-04 14:55:21 UTC ( 3 years, 11 months ago )
Last submission 2019-02-25 03:15:17 UTC ( 4 weeks, 1 day ago )
File names svch.exe
eqnedt.exe
output.113193052.txt
taller.exe
HWID.exe
obc.exe
output.113193050.txt
EQNEDT.exe
output.113297028.txt
PPT.EXE
OERegistration.exe
8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23
output.113193046.txt
taller.exe
OE Registration.exe
output.112921270.txt
Win32.Trojan.Agent@8a2fa0e118969347159d257cf22ebab66867599d6dae20e69b4ff71bbb2d0f23.bin
best.exe
vbc6.exe
output.113110800.txt
pt.exe
vbc7.exe
pt.exe
vbc4.exe
output.113193048.txt
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R08JC0OG715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!