× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 943e5f09003c8ba948a4d8c11db59af55e5527a572832e59ac825f344bf1cfff
File name: 1.bin
Detection ratio: 34 / 67
Analysis date: 2018-10-16 12:12:50 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31284775 20181016
AhnLab-V3 Trojan/Win32.Kryptik.C2437911 20181016
Antiy-AVL Trojan/MSIL.Kryptik 20181016
Arcabit Trojan.Generic.D1DD5E27 20181016
Avast Win32:Malware-gen 20181016
AVG Win32:Malware-gen 20181016
BitDefender Trojan.GenericKD.31284775 20181016
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20181016
Cyren W32/MSIL_Agent.CU.gen!Eldorado 20181016
DrWeb Trojan.PWS.Stealer.23680 20181016
Emsisoft Trojan.GenericKD.31284775 (B) 20181016
ESET-NOD32 a variant of MSIL/Kryptik.PUS 20181016
F-Prot W32/MSIL_Agent.CU.gen!Eldorado 20181016
F-Secure Trojan.GenericKD.31284775 20181016
Fortinet MSIL/Injector.EAVB!tr 20181016
GData Trojan.GenericKD.31284775 20181016
Ikarus Trojan.MSIL.Crypt 20181016
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053ea321 ) 20181016
K7GW Trojan ( 0053ea321 ) 20181016
Kaspersky HEUR:Backdoor.MSIL.Androm.gen 20181016
Malwarebytes Trojan.PasswordStealer.MSIL 20181016
MAX malware (ai score=100) 20181016
McAfee Packed-FMU!C13C110CFFDB 20181016
McAfee-GW-Edition BehavesLike.Win32.Generic.fh 20181016
eScan Trojan.GenericKD.31284775 20181016
Palo Alto Networks (Known Signatures) generic.ml 20181016
Qihoo-360 Win32/Backdoor.0c0 20181016
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181016
Symantec ML.Attribute.HighConfidence 20181016
ViRobot Trojan.Win32.Agent.348160.BE 20181016
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.Androm.gen 20181016
AegisLab 20181016
Alibaba 20180921
ALYac 20181016
Avast-Mobile 20181016
Avira (no cloud) 20181016
Babable 20180918
Baidu 20181015
Bkav 20181016
CAT-QuickHeal 20181013
ClamAV 20181016
CMC 20181016
Comodo 20181016
Cybereason 20180225
eGambit 20181016
Endgame 20180730
Jiangmin 20181016
Kingsoft 20181016
Microsoft 20181016
NANO-Antivirus 20181016
Panda 20181015
Rising 20181016
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181016
Tencent 20181016
TheHacker 20181015
TrendMicro 20181016
TrendMicro-HouseCall 20181016
Trustlook 20181016
VBA32 20181016
VIPRE 20181015
Webroot 20181016
Yandex 20181015
Zillya 20181015
Zoner 20181015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 MPS Group Inc.

Product Application Server Command Line Admin Too
Original name 1.exe
Internal name 1.exe
File version 17.8.13.2
Description Application Server Command Line Admin Too
Comments ocihakehewumucaxifet
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1973-12-09 03:40:16
Entry Point 0x0005C00A
Number of sections 5
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
ocihakehewumucaxifet

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.8.13.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Application Server Command Line Admin Too

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
108032

EntryPoint
0x5c00a

OriginalFileName
1.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 MPS Group Inc.

FileVersion
17.8.13.2

TimeStamp
1973:12:08 19:40:16-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
1.exe

ProductVersion
17.8.13.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MPS Group Inc.

CodeSize
239104

ProductName
Application Server Command Line Admin Too

ProductVersionNumber
17.8.13.2

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 c13c110cffdbbecdfaa42c50e3c44b5c
SHA1 5439bf37d859d9e2761f6d114c0c4c710cb52dd9
SHA256 943e5f09003c8ba948a4d8c11db59af55e5527a572832e59ac825f344bf1cfff
ssdeep
3072:wgDhwYjEx72RnLyzWESpGPh4Y0DfuCyU0wlNKsOTNZ8Kf239SMSTUd5NRcLahZG4:tWYjIWnmzWNEp4ymNKs1A+Rcmeays

authentihash 7e4ffdc5a5dec73c78da19dead0f57e991a1b08535878bf6317d640a8d47b79b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-10-15 07:55:15 UTC ( 7 months, 1 week ago )
Last submission 2018-10-15 07:55:15 UTC ( 7 months, 1 week ago )
File names svchost.exe
1.bin
1.exe
svchost.123
scvhosts.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!