| SHA256: | 98743faa9c3bb61402a8b4308f4b879aea4b715bcb69f23dd35bfd6c9615e9bb |
| File name: | b06374f45f1d4dd69d536391c7406f5d.virus |
| Detection ratio: | 45 / 72 |
| Analysis date: | 2019-01-10 17:52:47 UTC ( 1 month, 1 week ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Gen:Variant.Ursu.258767 | 20190110 |
| AhnLab-V3 | Malware/Win32.Generic.C2651489 | 20190110 |
| ALYac | Gen:Variant.Ursu.258767 | 20190110 |
| Antiy-AVL | Trojan/Win32.Inject | 20190110 |
| Arcabit | Trojan.Ursu.D3F2CF | 20190110 |
| Avast | Win32:Malware-gen | 20190110 |
| AVG | Win32:Malware-gen | 20190110 |
| Avira (no cloud) | TR/Crypt.XPACK.Gen | 20190110 |
| BitDefender | Gen:Variant.Ursu.258767 | 20190110 |
| ClamAV | Win.Packed.Trickbot-6622060-0 | 20190110 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (W) | 20181023 |
| Cybereason | malicious.45f1d4 | 20190109 |
| Cylance | Unsafe | 20190110 |
| Cyren | W32/Trojan.GLIK-5061 | 20190110 |
| DrWeb | Trojan.Trick.46146 | 20190110 |
| Emsisoft | Gen:Variant.Ursu.258767 (B) | 20190110 |
| Endgame | malicious (high confidence) | 20181108 |
| ESET-NOD32 | a variant of Win32/Kryptik.GJAZ | 20190110 |
| F-Secure | Gen:Variant.Ursu.258767 | 20190110 |
| Fortinet | W32/GenKryptik.CFOA!tr | 20190110 |
| GData | Gen:Variant.Ursu.258767 | 20190110 |
| Sophos ML | heuristic | 20181128 |
| Jiangmin | Trojan.Generic.cprpj | 20190110 |
| K7AntiVirus | Trojan ( 005386ab1 ) | 20190110 |
| K7GW | Trojan ( 005386ab1 ) | 20190110 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20190110 |
| Malwarebytes | Trojan.MalPack | 20190110 |
| MAX | malware (ai score=85) | 20190110 |
| McAfee | Trojan-FPOJ!B06374F45F1D | 20190110 |
| McAfee-GW-Edition | BehavesLike.Win32.Malware.gh | 20190110 |
| eScan | Gen:Variant.Ursu.258767 | 20190110 |
| NANO-Antivirus | Trojan.Win32.Inject.ffpdfa | 20190110 |
| Panda | Trj/Genetic.gen | 20190109 |
| Qihoo-360 | HEUR/QVM07.1.754D.Malware.Gen | 20190110 |
| Rising | Trojan.Kryptik!8.8 (RDM+:cmRtazo6kN0/S/zMvnrcGzYpNeBp) | 20190110 |
| SentinelOne (Static ML) | static engine - malicious | 20181223 |
| Sophos AV | Mal/EncPk-ANZ | 20190110 |
| Symantec | ML.Attribute.HighConfidence | 20190110 |
| TACHYON | Trojan/W32.Inject.500736.H | 20190110 |
| Trapmine | malicious.moderate.ml.score | 20190103 |
| TrendMicro | TrojanSpy.Win32.TRICKBOT.SMB | 20190110 |
| TrendMicro-HouseCall | TrojanSpy.Win32.TRICKBOT.SMB | 20190110 |
| VBA32 | BScope.Trojan.Inject | 20190110 |
| Zillya | Trojan.Kryptik.Win32.1477689 | 20190109 |
| ZoneAlarm by Check Point | HEUR:Trojan.Win32.Generic | 20190110 |
| Acronis | 20190110 | |
| AegisLab | 20190110 | |
| Alibaba | 20180921 | |
| Avast-Mobile | 20190110 | |
| AVware | 20180925 | |
| Babable | 20180918 | |
| Baidu | 20190110 | |
| Bkav | 20190108 | |
| CAT-QuickHeal | 20190110 | |
| CMC | 20190110 | |
| Comodo | 20190110 | |
| eGambit | 20190110 | |
| F-Prot | 20190110 | |
| Ikarus | 20190110 | |
| Kingsoft | 20190110 | |
| Microsoft | 20190110 | |
| Palo Alto Networks (Known Signatures) | 20190110 | |
| SUPERAntiSpyware | 20190109 | |
| Tencent | 20190110 | |
| TheHacker | 20190106 | |
| TotalDefense | 20190110 | |
| Trustlook | 20190110 | |
| VIPRE | 20190110 | |
| ViRobot | 20190110 | |
| Webroot | 20190110 | |
| Yandex | 20190110 | |
| Zoner | 20190110 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-16 00:36:20
Entry Point 0x00032D30
Number of sections 4
PE sections
PE imports
Number of PE resources by type
RT_BITMAP 4
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
UninitializedDataSize
0
LinkerVersion
2.25
ImageVersion
6.0
FileSubtype
0
FileVersionNumber
1.0.0.6
LanguageCode
Unknown (3013)
FileFlagsMask
0x0000
FileDescription
Xanif Ltd. Gui application
ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
CharacterSet
Unknown (B090)
InitializedDataSize
252928
EntryPoint
0x32d30
OriginalFileName
Xanif
MIMEType
application/octet-stream
LegalCopyright
Xanif. All rights reserved. 2017
FileVersion
1.0.0.6
TimeStamp
2017:09:16 01:36:20+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
Xanifer
ProductVersion
1.0.0.6
SubsystemVersion
4.0
OSVersion
1.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
Xanif Ltd.
CodeSize
248320
ProductName
Xanif Inform
ProductVersionNumber
1.0.0.6
FileTypeExtension
exe
ObjectFileType
Executable application
File identification
MD5 b06374f45f1d4dd69d536391c7406f5d
SHA1 3db96f5320df711f6f16f93ef9a6f4f50496e78c
SHA256 98743faa9c3bb61402a8b4308f4b879aea4b715bcb69f23dd35bfd6c9615e9bb
ssdeep
12288:sqVYpCC6bzyEkODldNDYJLhF4VQTTQSVrS:tYv6beEHljYm+I0
File size
489.0 KB ( 500736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Executable (generic) (35.7%) Win16/32 Executable Delphi generic (16.4%) OS/2 Executable (generic) (16.0%) Generic Win/DOS Executable (15.8%) DOS Executable Generic (15.8%) |
Tags
peexe
VirusTotal metadata
First submission
2019-01-10 17:52:47 UTC ( 1 month, 1 week ago )
Last submission
2019-01-10 17:52:47 UTC ( 1 month, 1 week ago )
| File names |
b06374f45f1d4dd69d536391c7406f5d.virus |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.