× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d
File name: SteamSAITE.exe
Detection ratio: 8 / 67
Analysis date: 2018-01-16 16:57:13 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cybereason malicious.f4d16b 20171103
Cylance Unsafe 20180116
Emsisoft Trojan.Evrial (A) 20180116
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Agent.BHC 20180116
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20180116
SentinelOne (Static ML) static engine - malicious 20180115
Ad-Aware 20180116
AegisLab 20180116
AhnLab-V3 20180116
Alibaba 20180116
ALYac 20180116
Antiy-AVL 20180116
Arcabit 20180116
Avast 20180116
Avast-Mobile 20180116
AVG 20180116
Avira (no cloud) 20180116
AVware 20180103
Baidu 20180116
BitDefender 20180116
Bkav 20180116
CAT-QuickHeal 20180116
ClamAV 20180116
CMC 20180116
Comodo 20180116
Cyren 20180116
DrWeb 20180116
eGambit 20180116
F-Prot 20180116
F-Secure 20180116
Fortinet 20180116
GData 20180116
Ikarus 20180116
Sophos ML 20170914
Jiangmin 20180116
K7AntiVirus 20180116
K7GW 20180116
Kaspersky 20180116
Kingsoft 20180116
Malwarebytes 20180116
MAX 20180116
McAfee 20180116
Microsoft 20180116
eScan 20180116
NANO-Antivirus 20180116
nProtect 20180116
Palo Alto Networks (Known Signatures) 20180116
Panda 20180116
Qihoo-360 20180116
Rising 20180116
Sophos AV 20180116
SUPERAntiSpyware 20180116
Symantec 20180116
Symantec Mobile Insight 20180116
Tencent 20180116
TheHacker 20180115
TrendMicro 20180116
TrendMicro-HouseCall 20180116
Trustlook 20180116
VBA32 20180116
VIPRE 20180116
ViRobot 20180116
Webroot 20180116
WhiteArmor 20180110
Yandex 20180112
Zillya 20180116
ZoneAlarm by Check Point 20180116
Zoner 20180116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Registry Autoloader Helper

Product Registry Autoloader Helper
Original name 2lexf3zueyw.exe
Internal name 2lexf3zueyw.exe
File version 1.0.1.4
Description Registry Autoloader Helper
Comments Registry Autoloader Helper
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-16 16:35:47
Entry Point 0x0002200A
Number of sections 5
.NET details
Module Version ID fe43171b-0e0d-4012-8fce-4a399c8bcd1a
TypeLib ID 317aa4b1-c3e2-46d7-b5a0-0746176f2f10
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
92160

SubsystemVersion
4.0

Comments
Registry Autoloader Helper

InitializedDataSize
15872

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Registry Autoloader Helper

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x2200a

OriginalFileName
2lexf3zueyw.exe

MIMEType
application/octet-stream

LegalCopyright
Registry Autoloader Helper

FileVersion
1.0.1.4

TimeStamp
2018:01:16 17:35:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
2lexf3zueyw.exe

ProductVersion
1.0.1.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Registry Autoloader Helper

LegalTrademarks
Registry Autoloader Helper

ProductName
Registry Autoloader Helper

ProductVersionNumber
1.0.1.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.1.4

Compressed bundles
File identification
MD5 5a71cc1c1ea541eb47638218a25c4123
SHA1 85d9b89f4d16bc8aaee658158ec5d27df81fdae2
SHA256 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d
ssdeep
1536:US2Shx2/QrVa+B+HHQ0enCjXnidvwTSGzwd46lJDvLFI8kg1HRDlejI:USjy/Ea+2w0FXAvUkHZ5kg1HR5ejI

authentihash a43af13e65cbcd9aad15c08a829220c26738a788cf06afea5d36b31892c0bfc8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 106.5 KB ( 109056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-01-16 16:57:13 UTC ( 1 year, 2 months ago )
Last submission 2018-09-17 06:33:16 UTC ( 6 months ago )
File names 2lexf3zueyw.exe
SteamSAITE.exe
evrial.exe
dlhosta.exe
VirusShare_5a71cc1c1ea541eb47638218a25c4123
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!