× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ef5cb13e0289194103ec83404dbc8539eb99788f0991bd1febb551ebb9e9bef
File name: 256d4639b4514c420f482cc9e795cac3
Detection ratio: 55 / 68
Analysis date: 2017-10-27 04:24:02 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Generic.MSIL.PasswordStealerA.691FB1D3 20171027
AegisLab Troj.W32.Agent.mCnJ 20171027
AhnLab-V3 Trojan/Win32.Subti.C1663822 20171027
ALYac Generic.MSIL.PasswordStealerA.691FB1D3 20171027
Antiy-AVL Trojan/MSIL.Agent 20171027
Arcabit Generic.MSIL.PasswordStealerA.691FB1D3 20171027
Avast MSIL:Rat-B [Trj] 20171027
AVG MSIL:Rat-B [Trj] 20171027
Avira (no cloud) TR/Dropper.MSIL.xtzdz 20171027
AVware Trojan.Win32.Generic!BT 20171027
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9853 20171026
BitDefender Generic.MSIL.PasswordStealerA.691FB1D3 20171027
CAT-QuickHeal Trojan.Generic.FC.1191 20171026
ClamAV Win.Trojan.Generic-6295765-0 20171027
Comodo UnclassifiedMalware 20171026
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171027
Cyren W32/MSIL_Mintluks.A.gen!Eldorado 20171027
DrWeb Trojan.DownLoader22.22548 20171027
eGambit Unsafe.AI_Score_100% 20171027
Emsisoft Generic.MSIL.PasswordStealerA.691FB1D3 (B) 20171027
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20171027
F-Prot W32/MSIL_Mintluks.A.gen!Eldorado 20171027
F-Secure Generic.MSIL.PasswordStealerA.691FB1D3 20171027
Fortinet MSIL/Generic.AP.17852C!tr 20171027
GData Generic.MSIL.PasswordStealerA.691FB1D3 20171027
Ikarus Trojan.MSIL.Spy 20171026
Sophos ML heuristic 20170914
Jiangmin Trojan.MSIL.gggj 20171027
K7AntiVirus Spyware ( 004bf53c1 ) 20171026
K7GW Spyware ( 004bf53c1 ) 20171027
Kaspersky Trojan.MSIL.Agent.foww 20171027
Malwarebytes Spyware.PasswordStealer 20171027
MAX malware (ai score=100) 20171027
McAfee GenericRXAG-WH!256D4639B451 20171027
McAfee-GW-Edition BehavesLike.Win32.Generic.fh 20171027
Microsoft Backdoor:Win32/Xiclog.A 20171026
eScan Generic.MSIL.PasswordStealerA.691FB1D3 20171027
NANO-Antivirus Trojan.Win32.Ric.etlcua 20171027
Palo Alto Networks (Known Signatures) generic.ml 20171027
Panda Trj/CI.A 20171026
Qihoo-360 Win32/Trojan.4bf 20171027
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Troj/Subti-A 20171027
Symantec Trojan.Gen 20171027
TrendMicro TSPY_TINCLEX.SM1 20171027
TrendMicro-HouseCall TSPY_TINCLEX.SM1 20171027
VBA32 Trojan.MSIL.Agent 20171026
VIPRE Trojan.Win32.Generic!BT 20171027
ViRobot Trojan.Win32.Z.Agent.356352.ALF 20171027
Webroot W32.Trojan.Gen 20171027
Zillya Trojan.Agent.Win32.845616 20171026
ZoneAlarm by Check Point Trojan.MSIL.Agent.foww 20171027
Alibaba 20170911
Avast-Mobile 20171026
Bkav 20171025
CMC 20171026
Kingsoft 20171027
nProtect 20171027
Rising 20171027
SUPERAntiSpyware 20171027
Symantec Mobile Insight 20171026
Tencent 20171027
TheHacker 20171024
TotalDefense 20171026
Trustlook 20171027
WhiteArmor 20171024
Yandex 20171026
Zoner 20171027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Client.exe
Internal name Client.exe
File version 1.3.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-09 15:06:41
Entry Point 0x0005823E
Number of sections 3
.NET details
Module Version ID 7e063bd5-5264-40d2-a105-a5bdd99eb09f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.3.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x5823e

OriginalFileName
Client.exe

MIMEType
application/octet-stream

FileVersion
1.3.0.0

TimeStamp
2017:10:09 16:06:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Client.exe

ProductVersion
1.3.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
353280

FileSubtype
0

ProductVersionNumber
1.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.3.0.0

Compressed bundles
File identification
MD5 256d4639b4514c420f482cc9e795cac3
SHA1 103667324e0c5cc4e670176a3c4bcfcbad06abba
SHA256 8ef5cb13e0289194103ec83404dbc8539eb99788f0991bd1febb551ebb9e9bef
ssdeep
6144:dLwb/c2L0tkLDqEPbwgCoUjT+Vutwp0a5:BH2LZqEEg2T0utwpv5

authentihash fc6b39e4876aafe97e29c299246627f9ead30e2731facdab37fc24bf5e31da11
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-10-09 19:41:27 UTC ( 1 year, 2 months ago )
Last submission 2018-07-23 15:36:31 UTC ( 4 months, 3 weeks ago )
File names Client.exe
256d4639b4514c420f482cc9e795cac3.vir
256d4639b4514c420f482cc9e795cac3.vir
pputty.exe
pputty.exe
win.Budgetshowdown.com_80_443_8080.exe
VirusShare_256d4639b4514c420f482cc9e795cac3
256d4639b4514c420f482cc9e795cac3.vir
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!