× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 928cc4aed8f8abf2863f49142dcf4ee4bee558e21161ed0296a32216eaa256d1
File name: IijnR0Dysu.exe
Detection ratio: 14 / 68
Analysis date: 2018-12-17 23:10:55 UTC ( 2 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181217
Bkav HW32.Packed. 20181217
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.20b124 20180225
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20181217
Microsoft Trojan:Win32/Fuerboos.A!cl 20181217
Qihoo-360 HEUR/QVM20.1.EF76.Malware.Gen 20181218
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazre/xd7R3bD717dWxfBJaeN) 20181217
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181217
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181218
Ad-Aware 20181217
AegisLab 20181217
AhnLab-V3 20181217
Alibaba 20180921
ALYac 20181217
Antiy-AVL 20181217
Arcabit 20181217
Avast 20181217
Avast-Mobile 20181217
Avira (no cloud) 20181217
Babable 20180918
Baidu 20181207
BitDefender 20181217
CAT-QuickHeal 20181217
ClamAV 20181217
CMC 20181217
Comodo 20181217
Cyren 20181217
DrWeb 20181217
eGambit 20181218
Emsisoft 20181217
ESET-NOD32 20181217
F-Prot 20181217
F-Secure 20181217
Fortinet 20181217
GData 20181217
Ikarus 20181217
Jiangmin 20181217
K7AntiVirus 20181217
K7GW 20181217
Kaspersky 20181217
Kingsoft 20181218
Malwarebytes 20181217
MAX 20181218
McAfee 20181217
eScan 20181217
NANO-Antivirus 20181217
Palo Alto Networks (Known Signatures) 20181218
Panda 20181217
Sophos AV 20181217
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181217
Tencent 20181218
TheHacker 20181216
TotalDefense 20181217
TrendMicro 20181217
TrendMicro-HouseCall 20181217
Trustlook 20181218
VBA32 20181217
ViRobot 20181217
Yandex 20181217
Zillya 20181217
ZoneAlarm by Check Point 20181217
Zoner 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name necko
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-05 08:41:07
Entry Point 0x000026AA
Number of sections 6
PE sections
PE imports
IsValidAcl
GetCurrentHwProfileA
CryptHashSessionKey
AreAllAccessesGranted
Chord
ExtTextOutW
EndPage
SetViewportExtEx
GetWorldTransform
DeleteObject
SetBrushOrgEx
LineDDA
Rectangle
GetSystemTime
DeviceIoControl
GetStdHandle
FindFirstFileExA
GetCPInfo
LoadResource
VirtualProtectEx
GetSystemDefaultUILanguage
GetConsoleCursorInfo
GetConsoleCP
GetCommandLineW
GetCurrentConsoleFont
GetEnvironmentVariableW
FillConsoleOutputCharacterW
GlobalFree
GetUserPreferredUILanguages
CloseHandle
CreateMutexExA
IsValidLanguageGroup
FindActCtxSectionStringW
MprAdminInterfaceCreate
VarBoolFromI8
ExtractIconExW
IsClipboardFormatAvailable
GetClipCursor
GetScrollRange
GetLastActivePopup
IsWindowVisible
LoadIconW
GetWindowTextLengthW
GetMenuBarInfo
GetShellWindow
GetProcessWindowStation
LoadMenuW
GetClipboardData
TrackPopupMenuEx
GetFileVersionInfoW
towupper
CoGetCurrentProcess
FaultInIEFeature
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
12288

UninitializedDataSize
0

LinkerVersion
11.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x26aa

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2005:07:05 10:41:07+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
necko

ProductVersion
Personal

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 dd5954a20b124a9f37023a80b1a22022
SHA1 02da693b0ad5a764ca7af64a44791cc6c97b1a4a
SHA256 928cc4aed8f8abf2863f49142dcf4ee4bee558e21161ed0296a32216eaa256d1
ssdeep
1536:AZkWGsiaFctWvoS8neudxqgwW/0G/L3YdHS1KF/+0jMGrqrkNDo4WIXI1sYGPTt:AZLLNGtWh8ecgY0uIdyc+xCq0bIu/t

authentihash 2f019083211f9f0db45fe1f68f5973fdf9d145e804c2526c748f47859c80564f
imphash 802b8a76d85ad3924f610b7b066ebdd7
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 23:10:55 UTC ( 2 months ago )
Last submission 2018-12-22 11:24:22 UTC ( 1 month, 3 weeks ago )
File names UzEz6n6BNV.exe
2ulTDdVFWX.exe
355.exe
necko
bDfkP1kIROyL.exe
YIOHHybLtQ1.exe
Q6HefOs7Y.exe
HDkbJP4fR.exe
fANVDbzyIbPh.exe
hlTqsIoDxBly.exe
ReF8GQNJoHm.exe
IijnR0Dysu.exe
8khGHmm2FpY.exe
aXxdmQRE.exe
dd5954a20b124a9f37023a80b1a22022
VarvQhGPlv.exe
VYzR93GiUhL.exe
pMFCCEHzri.exe
bVmNmCUQl.exe
qoY8rI1F.exe
60yEA2httUA.exe
feiw482V234U.exe
yDBgUv0Ti.exe
206.exe
206.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!