× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 923302a9ceb5303d715f4a615a7d438cf8ee9ed3754462bb98efbb86cd2c5910
File name: CSAW.exe.000
Detection ratio: 5 / 65
Analysis date: 2018-07-28 11:46:15 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Bkav W32.FamVT.ExpiroPC.PE 20180728
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180728
TheHacker W32/Behav-Heuristic-CorruptFile-EP 20180727
Ad-Aware 20180728
AegisLab 20180728
AhnLab-V3 20180728
ALYac 20180728
Antiy-AVL 20180728
Arcabit 20180728
Avast 20180728
Avast-Mobile 20180728
AVG 20180728
Avira (no cloud) 20180728
AVware 20180727
Babable 20180725
Baidu 20180726
BitDefender 20180728
CAT-QuickHeal 20180725
ClamAV 20180728
CMC 20180728
Comodo 20180728
Cybereason 20180225
Cylance 20180728
Cyren 20180728
DrWeb 20180728
eGambit 20180728
Emsisoft 20180728
Endgame 20180711
ESET-NOD32 20180728
F-Prot 20180728
F-Secure 20180728
Fortinet 20180728
GData 20180728
Jiangmin 20180728
K7AntiVirus 20180727
K7GW 20180727
Kaspersky 20180728
Kingsoft 20180728
Malwarebytes 20180728
MAX 20180728
McAfee 20180728
Microsoft 20180728
eScan 20180728
NANO-Antivirus 20180728
Palo Alto Networks (Known Signatures) 20180728
Panda 20180728
Qihoo-360 20180728
Rising 20180728
SentinelOne (Static ML) 20180701
Sophos AV 20180728
SUPERAntiSpyware 20180728
Symantec 20180727
TACHYON 20180728
Tencent 20180728
TrendMicro 20180728
TrendMicro-HouseCall 20180728
Trustlook 20180728
VBA32 20180727
VIPRE 20180728
ViRobot 20180728
Webroot 20180728
Yandex 20180725
ZoneAlarm by Check Point 20180728
Zoner 20180727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-10 18:42:48
Entry Point 0x0051BE2E
Number of sections 3
PE sections
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:10 20:42:48+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5349376

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x51be2e

InitializedDataSize
161280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f5696a7eb106d6a35739831c6f768f30
SHA1 9b002352d5ca1ac4bec6c5b908b75ffb0cff91b9
SHA256 923302a9ceb5303d715f4a615a7d438cf8ee9ed3754462bb98efbb86cd2c5910
ssdeep
12288:eb0eZ2zlx5BT8i78eWtERFH34qJWnEURiUXY75/ax766I2wK:q0QC/ZXX3dWFRRYQJ66wK

authentihash b1074eb1ac4054330379abc2ffd6040e12613d849b75bffa6340dd8045adfca4
File size 1.0 MB ( 1048576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
corrupt peexe assembly

VirusTotal metadata
First submission 2018-05-16 19:13:35 UTC ( 10 months, 1 week ago )
Last submission 2018-12-24 12:16:02 UTC ( 2 months, 3 weeks ago )
File names HTTP-FTgPFb1P17QB9XNt8g.txt
CSAW.exe.000
CSAW.exe (1).000
Malware_MSEXE_923302a9ceb5303d715f4a615a7d438cf8ee9ed3754462bb98efbb86cd2c5910
CSAW.bin
sa.bclab.local_2018-05-16T15.23.50-0500_192.168.168.228-2820_23.202.232.156-80_f5696a7eb106d6a35739831c6f768f30_1.000
CSAW.exe (2).000
f5696a7eb106d6a35739831c6f768f30.virobj
CSAW.exe.000
CSAW.exe.000.octet-stream
partmgr.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!