× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98183510a8453fbc43a48fef3f06264d3982471030fcad3950958e0ba8ab1faf
File name: 190c1ded8267441295d02fc7dbf78e74
Detection ratio: 23 / 67
Analysis date: 2018-08-25 02:21:29 UTC ( 9 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Downloader]/Win32.Agent 20180825
Avast Win32:Malware-gen 20180825
AVG Win32:Malware-gen 20180825
Avira (no cloud) TR/Injector.tygyd 20180825
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9866 20180820
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20180825
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZXD 20180824
Fortinet W32/Agent!tr.dldr 20180825
GData Win32.Trojan.Agent.VNYH6G 20180825
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan-Downloader.Win32.Agent.gen 20180825
McAfee Packed-FLC!190C1DED8267 20180825
McAfee-GW-Edition BehavesLike.Win32.Rootkit.gt 20180825
Palo Alto Networks (Known Signatures) generic.ml 20180825
Panda Trj/GdSda.A 20180824
Qihoo-360 Win32/Trojan.3d8 20180825
Rising Downloader.Agent!8.B23 (CLOUD) 20180825
Symantec ML.Attribute.HighConfidence 20180824
TrendMicro-HouseCall TROJ_GEN.R020H0DHO18 20180824
Webroot W32.Trojan.Gen 20180825
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Agent.gen 20180824
Ad-Aware 20180824
AegisLab 20180825
AhnLab-V3 20180824
Alibaba 20180713
ALYac 20180825
Arcabit 20180825
Avast-Mobile 20180824
AVware 20180823
Babable 20180822
BitDefender 20180825
Bkav 20180824
CAT-QuickHeal 20180824
ClamAV 20180824
CMC 20180824
Comodo 20180824
Cyren 20180825
DrWeb 20180825
eGambit 20180825
Emsisoft 20180825
F-Prot 20180825
F-Secure 20180824
Ikarus 20180824
Jiangmin 20180825
K7AntiVirus 20180824
K7GW 20180825
Kingsoft 20180825
Malwarebytes 20180824
MAX 20180825
Microsoft 20180825
eScan 20180825
NANO-Antivirus 20180825
SentinelOne (Static ML) 20180701
Sophos AV 20180825
SUPERAntiSpyware 20180825
Symantec Mobile Insight 20180822
TACHYON 20180825
Tencent 20180825
TheHacker 20180824
TotalDefense 20180824
TrendMicro 20180824
Trustlook 20180825
VBA32 20180824
VIPRE 20180825
ViRobot 20180824
Yandex 20180824
Zillya 20180824
Zoner 20180824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © AntGROUP Inc. 2014-2018

Product Ant Download Manager
Original name Original Filename
Internal name Internal Name
File version 1.7.7 .0
Description Ant Download Manager application
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00025940
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
GetDeviceCaps
SetROP2
DeleteDC
GetSystemPaletteEntries
SetBkMode
MoveToEx
CreatePalette
GetStockObject
GetCurrentPositionEx
SelectPalette
CreateFontIndirectA
GetTextMetricsA
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetModuleFileNameW
GetStringTypeExA
WaitForSingleObject
FreeLibrary
MulDiv
IsDebuggerPresent
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
GetCurrentProcessId
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
CreateThread
GetCurrentThreadId
FreeResource
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
CreateProcessA
EnumCalendarInfoA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
RtlSetProcessIsCritical
CoUninitialize
CoCreateInstance
CoInitialize
CreateErrorInfo
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
SetErrorInfo
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
GetCursorPos
MessageBoxExA
GetWindowTextLengthA
GetSysColor
LoadIconA
ReleaseDC
LoadStringA
CharNextA
EnumWindows
MessageBoxA
GetWindowTextA
GetSystemMetrics
GetKeyboardType
GetDC
CharToOemA
WSAStartup
WSACleanup
Number of PE resources by type
RT_ICON 14
RT_STRING 7
RT_RCDATA 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 10
DANISH DEFAULT 7
ENGLISH PHILIPPINES 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.7.7.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Ant Download Manager application

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
300544

EntryPoint
0x25940

OriginalFileName
Original Filename

MIMEType
application/octet-stream

LegalCopyright
Copyright AntGROUP Inc. 2014-2018

FileVersion
1.7.7 .0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Internal Name

ProductVersion
0.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AntGROUP, Inc.

CodeSize
157696

ProductName
Ant Download Manager

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 190c1ded8267441295d02fc7dbf78e74
SHA1 1cce227e3a7ec8e953320bc3a9917514c744ea35
SHA256 98183510a8453fbc43a48fef3f06264d3982471030fcad3950958e0ba8ab1faf
ssdeep
3072:kNVMRejgo1J5Ui/BpRv2j/PwD0sKWXcfPvsYijKm1BjENhDllc/M8PqEkYqfffVq:kbMRMf/HUjs238jKqjE9m07EJz0

authentihash 23729d271a2646e00230e8615eed46d05b515be7d003a8205bcf3267e361ce4a
imphash baa79abc1710ad3d6312774e4973675a
File size 448.5 KB ( 459264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (96.1%)
Win32 Executable Delphi generic (2.0%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
OS/2 Executable (generic) (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-24 18:57:34 UTC ( 9 months ago )
Last submission 2018-08-24 18:57:34 UTC ( 9 months ago )
File names Original Filename
Internal Name
putty.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.