× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a04ae46f95b5e9243ff33db3fe8ebd55193112478378cdc0d36219d779fe2ae9
File name: a04ae46f95b5e9243ff33db3fe8ebd55193112478378cdc0d36219d779fe2ae9
Detection ratio: 10 / 68
Analysis date: 2018-09-24 16:30:09 UTC ( 6 months ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/AGEN.1030968 20180924
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.11cca8 20180225
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.POP 20180924
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.MSIL.Crypt.gen 20180924
Malwarebytes Backdoor.Agent.CL.Generic 20180924
SentinelOne (Static ML) static engine - malicious 20180830
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Crypt.gen 20180924
Ad-Aware 20180924
AegisLab 20180924
AhnLab-V3 20180924
Alibaba 20180921
ALYac 20180924
Antiy-AVL 20180924
Arcabit 20180924
Avast 20180924
Avast-Mobile 20180924
AVG 20180924
AVware 20180924
Babable 20180918
Baidu 20180914
BitDefender 20180924
Bkav 20180924
CAT-QuickHeal 20180923
ClamAV 20180924
CMC 20180924
Comodo 20180924
Cylance 20180924
Cyren 20180924
DrWeb 20180924
eGambit 20180924
Emsisoft 20180924
F-Prot 20180924
F-Secure 20180924
Fortinet 20180924
GData 20180924
Ikarus 20180924
Jiangmin 20180924
K7AntiVirus 20180924
K7GW 20180924
Kingsoft 20180924
MAX 20180924
McAfee 20180924
McAfee-GW-Edition 20180924
eScan 20180924
NANO-Antivirus 20180924
Palo Alto Networks (Known Signatures) 20180924
Panda 20180924
Qihoo-360 20180924
Rising 20180924
Sophos AV 20180924
SUPERAntiSpyware 20180907
Symantec 20180924
Symantec Mobile Insight 20180924
TACHYON 20180924
Tencent 20180924
TheHacker 20180924
TotalDefense 20180924
TrendMicro 20180924
TrendMicro-HouseCall 20180924
Trustlook 20180924
VBA32 20180924
VIPRE 20180924
ViRobot 20180924
Webroot 20180924
Yandex 20180922
Zillya 20180922
Zoner 20180923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
616f8ba1-8870-4a03-ad77-0dfee154c2b0

Product bfd88e0e-3bca-457b-b57c-b49faae74252
Original name abc6a253-6421-4117-b23c-1d9485c9a130.exe
Internal name abc6a253-6421-4117-b23c-1d9485c9a130.exe
Description 798328bd-6a4e-4233-b79a-7216d31e110
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-24 16:16:48
Entry Point 0x0008C9DE
Number of sections 3
.NET details
Module Version ID 1002e998-90e2-4730-b564-0e7c268c0774
PE sections
Overlays
MD5 152e82e2cc5c6e9d0d7e85237c021b13
File type MMDF mailbox
Offset 585728
Size 102400
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
798328bd-6a4e-4233-b79a-7216d31e110

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
17408

EntryPoint
0x8c9de

OriginalFileName
abc6a253-6421-4117-b23c-1d9485c9a130.exe

MIMEType
application/octet-stream

LegalCopyright
616f8ba1-8870-4a03-ad77-0dfee154c2b0

TimeStamp
2018:09:24 18:16:48+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
abc6a253-6421-4117-b23c-1d9485c9a130.exe

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
567808

ProductName
bfd88e0e-3bca-457b-b57c-b49faae74252

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eb37f033f7762e2da5aa1e81c2673009
SHA1 b648c3011cca8257505068e43c1bba8c1d286fd2
SHA256 a04ae46f95b5e9243ff33db3fe8ebd55193112478378cdc0d36219d779fe2ae9
ssdeep
12288:xL/YFrzc5k+761mofb3KPw14l5PopB454mtvatpARdEEia96EwiTzRcr7cvvV6P6:xL/YBzcq+CrfzCE4l5PoHs4mtCtCRWEn

authentihash 861bb396c70e69e109c5d30b21ef62f7341e73628db5f805b626e2836581e193
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 672.0 KB ( 688128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-09-24 16:30:09 UTC ( 6 months ago )
Last submission 2018-09-24 20:50:42 UTC ( 6 months ago )
File names output.113861237.txt
abc6a253-6421-4117-b23c-1d9485c9a130.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!