× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0498172fac8eb2c8c6846e4430a12b8a7c032aab4a5d3fa3810f5e6f9dad214
File name: 7356290
Detection ratio: 37 / 66
Analysis date: 2018-05-04 00:47:52 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.247813 20180504
ALYac Gen:Variant.Razy.247813 20180504
Antiy-AVL Trojan/Win32.AGeneric 20180504
Arcabit Trojan.Razy.D3C805 20180504
Avast Win32:Malware-gen 20180504
AVG Win32:Malware-gen 20180504
AVware Trojan.Win32.Generic!BT 20180428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9850 20180503
BitDefender Gen:Variant.Razy.247813 20180504
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180418
DrWeb Trojan.DownLoader21.63449 20180504
Emsisoft Gen:Variant.Razy.247813 (B) 20180504
Endgame malicious (high confidence) 20180504
ESET-NOD32 a variant of MSIL/Kryptik.MEA 20180503
Fortinet MSIL/GenKryptik.ASCI!tr 20180504
GData Gen:Variant.Razy.247813 20180503
Sophos ML heuristic 20180503
Jiangmin Trojan.Generic.byhuy 20180504
K7AntiVirus Trojan ( 700000121 ) 20180503
K7GW Trojan ( 700000121 ) 20180503
Kaspersky HEUR:Trojan.Win32.Generic 20180503
MAX malware (ai score=83) 20180504
McAfee Packed-FAD!F7A655EF4F08 20180503
McAfee-GW-Edition Packed-FAD!F7A655EF4F08 20180503
Microsoft Trojan:MSIL/Elmb.A!bit 20180503
eScan Gen:Variant.Razy.247813 20180503
Palo Alto Networks (Known Signatures) generic.ml 20180504
Panda Trj/GdSda.A 20180503
Rising Trojan.Kryptik!8.8 (TFE:C:aMGPoztl8bP) 20180503
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180503
Symantec Trojan.Gen.2 20180503
TrendMicro BKDR_REMCOS.SMA 20180504
TrendMicro-HouseCall BKDR_REMCOS.SMA 20180503
VIPRE Trojan.Win32.Generic!BT 20180503
Webroot W32.Malware.Gen 20180504
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180504
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180503
Avast-Mobile 20180503
Avira (no cloud) 20180503
Babable 20180406
Bkav 20180503
CAT-QuickHeal 20180503
ClamAV 20180503
CMC 20180503
Comodo 20180503
Cybereason None
Cylance 20180504
Cyren 20180503
eGambit 20180504
F-Prot 20180504
Ikarus 20180503
Kingsoft 20180504
Malwarebytes 20180503
NANO-Antivirus 20180503
nProtect 20180503
Qihoo-360 20180504
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
Tencent 20180504
TheHacker 20180430
TotalDefense 20180503
Trustlook 20180504
VBA32 20180503
ViRobot 20180503
Yandex 20180503
Zillya 20180503
Zoner 20180503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product ICQ
Original name baker.exe
Internal name baker.exe
File version 10.0.12116
Description ICQ
Comments ICQ
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-24 17:37:03
Entry Point 0x000BC03E
Number of sections 3
.NET details
Module Version ID 79c046f2-291a-46eb-8cc5-db94beda4024
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
ICQ

InitializedDataSize
4096

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.12116.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ICQ

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0xbc03e

OriginalFileName
baker.exe

MIMEType
application/octet-stream

FileVersion
10.0.12116

TimeStamp
2018:01:24 17:37:03+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
baker.exe

ProductVersion
10.0.12116

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
762368

ProductName
ICQ

ProductVersionNumber
10.0.12116.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
10.0.12116.0

File identification
MD5 f7a655ef4f08e54e04f643d0f1927b84
SHA1 9930cb749515821b650daa17244922c3303bdd9b
SHA256 a0498172fac8eb2c8c6846e4430a12b8a7c032aab4a5d3fa3810f5e6f9dad214
ssdeep
12288:MjOZCwZEUNCEUmRBYywRa+GsPdnuGapgA7lvMTOM+sRNzGEsyG9TK:MOZVMEvKRRPJ8pgovEJNzNsy2

authentihash 9fa2432866a9d1452f9608d372b5edc9587252645f481d22e6665e28e4cda51a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 749.0 KB ( 766976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-04 00:47:52 UTC ( 9 months, 2 weeks ago )
Last submission 2018-08-16 01:51:30 UTC ( 6 months ago )
File names baker.exe
a0498172fac8eb2c8c6846e4430a12b8a7c032aab4a5d3fa3810f5e6f9dad214.bin.rename
baker.exe
7356290
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!