× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c020ebd6bbba3bf8e21b064031c2a9aab6081c856d4562aa76944876e7f7f0d
File name: detailed.exe
Detection ratio: 18 / 68
Analysis date: 2018-02-26 12:02:39 UTC ( 1 year ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.7c4595 20180225
Cylance Unsafe 20180226
eGambit Unsafe.AI_Score_94% 20180226
Endgame malicious (high confidence) 20180223
ESET-NOD32 a variant of MSIL/GenKryptik.BRJF 20180226
Ikarus Trojan.Kazy 20180226
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 005208091 ) 20180226
K7GW Trojan ( 005208091 ) 20180226
Kaspersky UDS:DangerousObject.Multi.Generic 20180226
Malwarebytes Spyware.AgentTesla 20180226
MAX malware (ai score=94) 20180226
McAfee-GW-Edition BehavesLike.Win32.Backdoor.gc 20180226
Palo Alto Networks (Known Signatures) generic.ml 20180226
SentinelOne (Static ML) static engine - malicious 20180225
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180226
Ad-Aware 20180226
AegisLab 20180226
AhnLab-V3 20180226
Alibaba 20180226
ALYac 20180226
Antiy-AVL 20180226
Arcabit 20180226
Avast 20180226
Avast-Mobile 20180226
AVG 20180226
Avira (no cloud) 20180226
AVware 20180226
BitDefender 20180226
Bkav 20180224
CAT-QuickHeal 20180226
ClamAV 20180226
CMC 20180226
Comodo 20180226
Cyren 20180226
DrWeb 20180226
Emsisoft 20180226
F-Prot 20180226
F-Secure 20180226
Fortinet 20180226
GData 20180226
Jiangmin 20180226
Kingsoft 20180226
McAfee 20180225
Microsoft 20180226
eScan 20180226
NANO-Antivirus 20180226
nProtect 20180226
Panda 20180225
Qihoo-360 20180226
Rising 20180226
Sophos AV 20180226
SUPERAntiSpyware 20180224
Symantec 20180226
Symantec Mobile Insight 20180220
Tencent 20180226
TheHacker 20180225
TotalDefense 20180226
TrendMicro 20180226
TrendMicro-HouseCall 20180226
Trustlook 20180226
VBA32 20180226
VIPRE 20180226
ViRobot 20180226
Webroot 20180226
WhiteArmor 20180223
Yandex 20180226
Zillya 20180223
Zoner 20180226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-26 05:57:50
Entry Point 0x0005402E
Number of sections 3
.NET details
Module Version ID 7c1ac0d6-f434-488b-838b-8429f8bde13d
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
FRENCH CANADIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:02:26 06:57:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
339968

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x5402e

InitializedDataSize
73728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 fbc65494253f30705016057aa905b855
SHA1 414e5057c4595deac1bdedeefb1c8246d2c65789
SHA256 9c020ebd6bbba3bf8e21b064031c2a9aab6081c856d4562aa76944876e7f7f0d
ssdeep
6144:+zYh3ZlSrbjATkczVpLafOXk+o0u3Q1uIhFBxTR6dG2/hwFhaD4:+zY5DSrnATkczvLauA0u3XIPBxV67h8

authentihash b4f2f6f96fefae10dabb7d558f982b8d0c0c00e34eac39b3c8606f8c085a1fe6
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 408.0 KB ( 417792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-02-26 08:27:13 UTC ( 1 year ago )
Last submission 2018-05-12 00:07:13 UTC ( 10 months, 1 week ago )
File names 414E5057C4595DEAC1BDEDEEFB1C8246D2C65789.dat
detailed.exe-
ioc.exe
detailed.exe
detailed.exe
Ioc(01).gxe
VirusShare_fbc65494253f30705016057aa905b855
fbc65494253f30705016057aa905b855.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections