× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9320a8b309acf5eafba253b75954d2d0fb3af6cff8f1173c6da8c0a9146700c3
File name: SWIFT COPY.com
Detection ratio: 13 / 68
Analysis date: 2017-10-31 03:44:09 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171030
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171031
eGambit Unsafe.AI_Score_90% 20171031
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/GenKryptik.BBYA 20171031
Fortinet MSIL/Injector.PVO!tr 20171031
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171031
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20171031
Qihoo-360 HEUR/QVM03.0.DD7A.Malware.Gen 20171031
SentinelOne (Static ML) static engine - malicious 20171019
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171031
Ad-Aware 20171031
AegisLab 20171031
AhnLab-V3 20171030
Alibaba 20170911
ALYac 20171031
Antiy-AVL 20171031
Arcabit 20171031
Avast 20171031
Avast-Mobile 20171030
AVG 20171031
Avira (no cloud) 20171030
AVware 20171031
BitDefender 20171031
Bkav 20171030
CAT-QuickHeal 20171030
ClamAV 20171030
CMC 20171030
Comodo 20171031
Cybereason 20170628
Cyren 20171031
DrWeb 20171031
Emsisoft 20171031
F-Prot 20171031
F-Secure 20171031
GData 20171031
Ikarus 20171030
Jiangmin 20171031
K7AntiVirus 20171030
K7GW 20171031
Kingsoft 20171031
Malwarebytes 20171031
MAX 20171031
McAfee 20171031
Microsoft 20171030
eScan 20171031
NANO-Antivirus 20171031
nProtect 20171031
Palo Alto Networks (Known Signatures) 20171031
Panda 20171030
Rising 20171031
Sophos AV 20171031
SUPERAntiSpyware 20171030
Symantec 20171030
Symantec Mobile Insight 20171027
Tencent 20171031
TheHacker 20171028
TotalDefense 20171030
TrendMicro 20171031
TrendMicro-HouseCall 20171031
Trustlook 20171031
VBA32 20171030
VIPRE 20171031
ViRobot 20171031
Webroot 20171031
WhiteArmor 20171024
Yandex 20171030
Zillya 20171030
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name PRODUCTS LISTS.com
Internal name PRODUCTS LISTS.com
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-30 21:42:20
Entry Point 0x000FE6CE
Number of sections 3
.NET details
Module Version ID 0baa0de8-0625-4349-a71b-3c046df926fa
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0xfe6ce

OriginalFileName
PRODUCTS LISTS.com

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:10:30 22:42:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PRODUCTS LISTS.com

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1034240

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 810e6ce074b4b47e89a5d82e5cd2a734
SHA1 57b139cc14258a342f0ee6b1823b4a594664b183
SHA256 9320a8b309acf5eafba253b75954d2d0fb3af6cff8f1173c6da8c0a9146700c3
ssdeep
24576:PU/dwUUpaxuPgGAFeZEXTRliW8M9jHWORGM5AKqGd:8VwUUYxRjFec1/9D

authentihash e677d4c8efd92cf7e60a44cb6311a0b4564dbc2e3e242c49b628eaf9a5efd1d7
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1012.0 KB ( 1036288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-10-31 03:44:09 UTC ( 1 year, 3 months ago )
Last submission 2017-11-01 15:55:15 UTC ( 1 year, 3 months ago )
File names SWIFT COPY.com
SWIFT COPY.com
PRODUCTS LISTS.com
1002-57b139cc14258a342f0ee6b1823b4a594664b183
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections
UDP communications