× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bcbe24949951d8aae6018b87b5ca799efe47aeb623e6e5d3665814c6d59aeae
File name: 1.exe
Detection ratio: 48 / 65
Analysis date: 2018-11-15 06:19:26 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11459041 20181115
AegisLab Trojan.Multi.Generic.4!c 20181115
AhnLab-V3 Trojan/Win32.StartPage.C26214 20181114
Antiy-AVL Trojan/Win32.TSGeneric 20181115
Arcabit Trojan.Generic.DAED9E1 20181115
Avast FileRepMalware 20181115
AVG FileRepMalware 20181115
Avira (no cloud) HEUR/AGEN.1022519 20181115
BitDefender Trojan.Generic.11459041 20181115
CAT-QuickHeal Udsdangerousobject.Multi 20181114
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cybereason malicious.697df5 20180225
Cylance Unsafe 20181115
Cyren W32/Trojan.MBIK-3125 20181115
DrWeb Trojan.Click3.12740 20181115
Emsisoft Trojan.Generic.11459041 (B) 20181115
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/TrojanClicker.Agent.NVM 20181115
F-Secure Trojan.Generic.11459041 20181115
Fortinet W32/Agent.NVM!tr 20181115
GData Trojan.Generic.11459041 20181115
Ikarus Trojan.Win32.TrojanClicker 20181114
Sophos ML heuristic 20181108
Jiangmin Trojan.Generic.fxlq 20181115
K7AntiVirus Spyware ( 0049d4ae1 ) 20181113
K7GW Spyware ( 0049d4ae1 ) 20181115
Kaspersky UDS:DangerousObject.Multi.Generic 20181115
Malwarebytes RiskWare.Agent.MWLA 20181115
MAX malware (ai score=100) 20181115
McAfee GenericRXEE-YS!AE4CA70697DF 20181115
McAfee-GW-Edition GenericRXEE-YS!AE4CA70697DF 20181115
Microsoft Trojan:Win32/Occamy.C 20181115
eScan Trojan.Generic.11459041 20181115
NANO-Antivirus Trojan.Win32.RP.cwxtpf 20181115
Palo Alto Networks (Known Signatures) generic.ml 20181115
Qihoo-360 Win32/Trojan.5c4 20181115
Rising Trojan.Clicker-Agent!8.13 (CLOUD) 20181115
Sophos AV Mal/Generic-S 20181115
Symantec Trojan.Gen.2 20181115
Tencent Win32.Trojan.Rogue.Lohw 20181115
TrendMicro TROJ_GEN.R002C0OF618 20181115
TrendMicro-HouseCall TROJ_GEN.R002C0OF618 20181115
VBA32 Trojan.Click 20181114
ViRobot Trojan.Win32.S.StartPage.16384.C 20181115
Webroot W32.Malware.Heur 20181115
Yandex Trojan.CL.Agent!ZgGH3jU2az8 20181113
Zillya Trojan.Agent.Win32.557086 20181114
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181115
Alibaba 20180921
Avast-Mobile 20181114
Babable 20180918
Baidu 20181115
Bkav 20181114
ClamAV 20181115
CMC 20181115
eGambit 20181115
F-Prot 20181115
Kingsoft 20181115
Panda 20181114
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181115
TheHacker 20181113
Trustlook 20181115
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-19 16:10:41
Entry Point 0x00001190
Number of sections 3
PE sections
PE imports
CreateServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA
OpenMutexA
CreateMutexA
SystemTimeToFileTime
CreateThread
WaitForSingleObject
ExitProcess
CreateWaitableTimerA
GetModuleFileNameA
SetWaitableTimer
_except_handler3
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
__p___initenv
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
__set_app_type
InternetOpenUrlA
InternetOpenA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:01:19 17:10:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1190

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ae4ca70697df5506bc610172cfc288e7
SHA1 31e8a82e497058ff14049cf283b337ec51504819
SHA256 8bcbe24949951d8aae6018b87b5ca799efe47aeb623e6e5d3665814c6d59aeae
ssdeep
48:a2SWLML7kulJknJmD+jtx7MBqc9xDsYjWHlJR:6Rj/kJs+jtx7MIc9xD1jWHj

authentihash 34bb0bf94ab5c78a2b54166094562652a5d3b6b55488c6b2d73a88447d15c191
imphash 546068cc295ad7d6b32786401b41bdb8
File size 16.0 KB ( 16384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-07-04 21:38:34 UTC ( 7 years, 5 months ago )
Last submission 2018-11-15 06:19:26 UTC ( 3 weeks, 3 days ago )
File names test.exe
Lab01-02-unpacked.exe
ImgBurnUnpacked.exe
Lab01-02 - upacked.exe
Lab01-02.exe_unpacked
newLab01-02.exe
abc.exe
sample4.exe
Lab01-02_unpacked.exe
Lab01-02_detest
static_lab_1_2.exe
task2de.exe
lab01-02U.exe
Lab01-02-Unpacked.exe
Lab02.exe
lab2unpacked.exe
Labupx.exe
Mal01-02.exe
Lab1-02upx.exe
hw1.exe
Lab01-02_unpack.exe
Mal01-02.exe.dis
iblees2-unpack.exe
Lab01-02.dec.exe
Lab01-02.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EFE15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!