× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d2a9a13a8de57155bc01ad5fd8d5bc7f06f67a249f075167e116d7c01c49456
File name: 16740055
Detection ratio: 11 / 67
Analysis date: 2018-10-15 07:11:22 UTC ( 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181015
Cyren W32/MSIL_Agent.DV.gen!Eldorado 20181015
ESET-NOD32 a variant of MSIL/Kryptik.PVI 20181015
F-Prot W32/MSIL_Agent.DV.gen!Eldorado 20181015
Kaspersky UDS:DangerousObject.Multi.Generic 20181015
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20181015
Qihoo-360 HEUR/QVM03.0.8969.Malware.Gen 20181015
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181015
ZoneAlarm by Check Point HEUR:Trojan-PSW.MSIL.Fareit.gen 20181015
Ad-Aware 20181015
AegisLab 20181015
AhnLab-V3 20181015
Alibaba 20180921
ALYac 20181015
Antiy-AVL 20181015
Arcabit 20181015
Avast 20181015
Avast-Mobile 20181015
AVG 20181015
Avira (no cloud) 20181014
Babable 20180918
Baidu 20181012
BitDefender 20181015
Bkav 20181014
CAT-QuickHeal 20181013
ClamAV 20181015
CMC 20181014
Comodo 20181015
Cybereason 20180225
DrWeb 20181015
eGambit 20181015
Emsisoft 20181015
Endgame 20180730
F-Secure 20181015
Fortinet 20181015
GData 20181015
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181013
Kingsoft 20181015
MAX 20181015
McAfee 20181015
McAfee-GW-Edition 20181015
Microsoft 20181015
eScan 20181015
NANO-Antivirus 20181015
Palo Alto Networks (Known Signatures) 20181015
Panda 20181014
Rising 20181012
Sophos AV 20181015
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
Tencent 20181015
TheHacker 20181011
TotalDefense 20181015
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181015
VBA32 20181012
VIPRE 20181014
ViRobot 20181015
Webroot 20181015
Yandex 20181012
Zillya 20181012
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 NiSource Inc

Product Static compression module
Original name order.exe
Internal name order.exe
File version 1.5.6.1
Description Static compression module
Comments owitikiyadujum
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1984-03-11 01:54:09
Entry Point 0x0013B37E
Number of sections 3
.NET details
Module Version ID cc4e9125-dbc2-4638-894e-4171aa8f839b
TypeLib ID 8051bcd6-e111-4844-b090-820c6e5f29b1
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
owitikiyadujum

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.6.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Static compression module

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x13b37e

OriginalFileName
order.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 NiSource Inc

FileVersion
1.5.6.1

TimeStamp
1984:03:11 02:54:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
order.exe

ProductVersion
1.5.6.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NiSource Inc

CodeSize
1283072

ProductName
Static compression module

ProductVersionNumber
1.5.6.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Execution parents
File identification
MD5 ac955b42d1fbf2b63139aedffa18d542
SHA1 428b3c1409b7117bf33b33cb38e85194a568cb3d
SHA256 9d2a9a13a8de57155bc01ad5fd8d5bc7f06f67a249f075167e116d7c01c49456
ssdeep
24576:K0zYqpCFAqa1EVf4uyxzUycgpBZv5xk4L4Wfz1:FRCFAiVfty9UgBZM4L4Wb1

authentihash 3ea3cdfd7a44b1184db65b520b97946aed142b18e5efed5662d0bfb7e1248284
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.2 MB ( 1285632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-10-15 07:11:22 UTC ( 7 months ago )
Last submission 2018-10-15 07:11:22 UTC ( 7 months ago )
File names tresme.exe
order.exe
16740055
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!