× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725
File name: asdqw4727319084772952101234.exe
Detection ratio: 47 / 61
Analysis date: 2017-03-14 10:35:43 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.115015 20170314
AegisLab Troj.W32.Generic!c 20170314
AhnLab-V3 Spyware/Win32.Limitail.R128819 20170314
ALYac Gen:Variant.Zusy.115015 20170314
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20170314
Arcabit Trojan.Zusy.D1C147 20170314
Avast Win32:Malware-gen 20170314
AVG Zbot.URE 20170314
Avira (no cloud) TR/Kazy.792122 20170314
AVware Trojan.Win32.Generic!BT 20170314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9974 20170314
BitDefender Gen:Variant.Zusy.115015 20170314
Comodo UnclassifiedMalware 20170314
CrowdStrike Falcon (ML) malicious_confidence_99% (W) 20170130
DrWeb Trojan.PWS.Stealer.13319 20170314
Emsisoft Gen:Variant.Zusy.115015 (B) 20170314
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/PSW.Fareit.A 20170314
F-Secure Gen:Variant.Zusy.115015 20170314
Fortinet W32/Fareit.A!tr.pws 20170314
GData Gen:Variant.Zusy.115015 20170314
Ikarus Trojan-PSW.Win32.Fareit 20170313
Sophos ML trojan.win32.dacic.a!rfn 20170203
Jiangmin Trojan/PSW.Tepfer.ccmp 20170314
K7AntiVirus Trojan ( 700000121 ) 20170314
K7GW Trojan ( 700000121 ) 20170314
Kaspersky HEUR:Trojan.Win32.Generic 20170314
McAfee Generic.uo 20170314
McAfee-GW-Edition Generic.uo 20170314
Microsoft PWS:Win32/Fareit 20170314
eScan Gen:Variant.Zusy.115015 20170314
NANO-Antivirus Trojan.Win32.Stealer.diwoss 20170314
nProtect Trojan-PWS/W32.Tepfer.792122 20170314
Palo Alto Networks (Known Signatures) generic.ml 20170314
Panda Trj/CI.A 20170313
Qihoo-360 Win32/Trojan.fff 20170314
Rising Trojan.Generic (cloud:RfELOfx6zML) 20170314
Sophos AV Troj/MSIL-BAG 20170314
Symantec Trojan.Gen.2 20170313
Tencent Win32.Trojan-qqpass.Qqrob.Phqd 20170314
TheHacker Trojan/Fareit.a 20170311
TrendMicro TROJ_MOSERAN.BMI 20170314
VBA32 TrojanPSW.Fareit 20170313
VIPRE Trojan.Win32.Generic!BT 20170314
Webroot Malicious 20170314
Yandex Trojan.PWS.Fareit!1cgkKTaSq94 20170312
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170314
Alibaba 20170228
Bkav 20170313
CAT-QuickHeal 20170314
ClamAV 20170314
CMC 20170314
Cyren 20170314
F-Prot 20170314
Kingsoft 20170314
Malwarebytes 20170314
SUPERAntiSpyware 20170314
TrendMicro-HouseCall 20170314
Trustlook 20170314
ViRobot 20170314
WhiteArmor 20170303
Zillya 20170313
Zoner 20170314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ATI

Product ATI
Original name Private Diary.exe
Internal name Private Diary.exe
File version 1.0.0.0
Description ATI
Comments ATI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-12 19:49:10
Entry Point 0x000A41BE
Number of sections 3
.NET details
Module Version ID 5c219562-a933-4f5a-8897-63bb1b2050da
TypeLib ID 2cdd6003-c34f-4ac5-9339-9436c1371940
PE sections
Overlays
MD5 e27d4c9199edca5223c8f4299b189fcb
File type ASCII text
Offset 669184
Size 122938
Entropy 6.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
ATI

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ATI

CharacterSet
Unicode

InitializedDataSize
668160

EntryPoint
0xa41be

OriginalFileName
Private Diary.exe

MIMEType
application/octet-stream

LegalCopyright
ATI

FileVersion
1.0.0.0

TimeStamp
2014:11:12 20:49:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Private Diary.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ATI

CodeSize
664064

ProductName
ATI

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 b5e7cd42b45f8670adaf96bbca5ae2d0
SHA1 5c9c4348c30f53492ddb70064ee393d9b0590ef5
SHA256 91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725
ssdeep
12288:JoGNWq2XMSHoQ7xUwz3ke6OlysZ0oc+kIXV8XTyy6ufLaqbOYZfWtW0hv2:qGN+M6oExU8H9lpjcDoW6p8Eh+

authentihash d3abe2e1d66228d492fbe1c1a9e472dd419fc4e460a95cfaad027b797470360e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 773.6 KB ( 792122 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2014-11-17 03:21:30 UTC ( 3 years, 7 months ago )
Last submission 2017-03-14 10:35:43 UTC ( 1 year, 3 months ago )
File names Private Diary.exe
asdqw4727319084772952101234.exe
asdqw4727319084772952101234.ex
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections