× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0f076833fc8d41a0a73a39cee204fb1f34dea4a968d803534aa6ad4a2297533
File name: dnspublic1.exe
Detection ratio: 41 / 69
Analysis date: 2018-09-24 14:46:37 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40513651 20180924
ALYac Trojan.GenericKD.40513651 20180924
Antiy-AVL Trojan/Win32.Agent 20180924
Arcabit Trojan.Generic.D26A3073 20180924
Avast Win32:Malware-gen 20180924
AVG Win32:Malware-gen 20180924
Avira (no cloud) TR/Downloader.Gen 20180924
BitDefender Trojan.GenericKD.40513651 20180924
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180924
Cyren W32/NewMalware-Rootkit-I-based! 20180924
DrWeb Trojan.DownLoader7.16241 20180924
Emsisoft Trojan.GenericKD.40513651 (B) 20180924
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/Agent.ZYP 20180924
F-Prot W32/NewMalware-Rootkit-I-based! 20180924
F-Secure Trojan.GenericKD.40513651 20180924
GData Trojan.GenericKD.40513651 20180924
Ikarus Trojan.Win32.Mincese 20180924
Sophos ML heuristic 20180717
Jiangmin Trojan/Agent.gpry 20180924
K7AntiVirus Riskware ( 0040eff71 ) 20180924
K7GW Riskware ( 0040eff71 ) 20180924
Kaspersky HEUR:Trojan.Win32.Generic 20180924
McAfee Artemis!EF8864506CF6 20180924
McAfee-GW-Edition BehavesLike.Win32.BadFile.nh 20180924
Microsoft Trojan:Win32/Mincese.gen!A 20180924
eScan Trojan.GenericKD.40513651 20180924
NANO-Antivirus Trojan.Win32.Mlw.fiehmv 20180924
Palo Alto Networks (Known Signatures) generic.ml 20180924
Panda Trj/Genetic.gen 20180924
Qihoo-360 HEUR/QVM07.1.125A.Malware.Gen 20180924
Rising Trojan.Generic!8.C3 (CLOUD) 20180924
Sophos AV Mal/Generic-S 20180924
Symantec ML.Attribute.HighConfidence 20180924
TheHacker Trojan/Agent.umej 20180920
TrendMicro TROJ_GEN.R002C0DIN18 20180924
TrendMicro-HouseCall TROJ_GEN.R002C0DIN18 20180924
VBA32 Trojan.Agent 20180924
ViRobot Trojan.Win32.A.Agent.37888.AD 20180924
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180924
AegisLab 20180924
AhnLab-V3 20180924
Alibaba 20180921
Avast-Mobile 20180924
AVware 20180924
Babable 20180918
Baidu 20180914
Bkav 20180924
CAT-QuickHeal 20180923
ClamAV 20180924
CMC 20180924
Comodo 20180924
Cybereason 20180225
eGambit 20180924
Fortinet 20180924
Kingsoft 20180924
Malwarebytes 20180924
MAX 20180924
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180924
Tencent 20180924
TotalDefense 20180924
Trustlook 20180924
VIPRE 20180924
Webroot 20180924
Yandex 20180922
Zillya 20180922
Zoner 20180923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© System networking. All rights reserved.

Product System networking
File version 1.4
Description Executable file
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-27 15:41:08
Entry Point 0x000039C2
Number of sections 4
PE sections
PE imports
RegCloseKey
OpenServiceA
QueryServiceConfigA
RegQueryValueExA
ControlService
LookupAccountSidA
RegCreateKeyExA
DeleteService
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
CreateProcessAsUserA
LockServiceDatabase
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
StartServiceCtrlDispatcherA
ChangeServiceConfigA
QueryServiceStatusEx
RegSetValueExA
StartServiceA
OpenSCManagerA
CreateToolhelp32Snapshot
PeekNamedPipe
GetLastError
HeapFree
GetTempFileNameA
EnterCriticalSection
ReleaseMutex
Process32First
GetSystemInfo
lstrlenA
DuplicateHandle
WaitForSingleObject
GetDriveTypeA
GetTickCount
GetVersionExA
LoadLibraryA
GetModuleFileNameA
Process32Next
FreeLibrary
DeleteCriticalSection
GetStartupInfoA
GetPriorityClass
SizeofResource
GetFileSize
OpenProcess
LockResource
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ExitProcess
GetCommandLineA
GetProcAddress
ReadFile
GetProcessHeap
CreatePipe
CreateMutexA
GetTempPathA
CloseHandle
CreateThread
lstrcmpiA
GetModuleHandleA
LocalFree
FindFirstFileA
lstrcatA
WTSGetActiveConsoleSessionId
lstrcpyA
GetCurrentProcess
ResetEvent
GetSystemTimeAsFileTime
CreateWaitableTimerA
FindNextFileA
GetVolumeInformationA
GetSystemDirectoryA
MoveFileExA
SetWaitableTimer
SetPriorityClass
SetEvent
QueryDosDeviceA
MoveFileA
TerminateProcess
CreateProcessA
GetLogicalDriveStringsA
GetExitCodeProcess
InitializeCriticalSection
LoadResource
WriteFile
CreateEventA
FindClose
GetLongPathNameA
Sleep
FormatMessageA
CreateFileA
HeapAlloc
GetProcessTimes
FindResourceA
LeaveCriticalSection
GetProcessMemoryInfo
GetProcessImageFileNameA
SHGetFileInfoA
SHGetFolderPathA
SHFileOperationA
PathAppendA
PathAddBackslashA
PathQuoteSpacesA
PathIsDirectoryA
PathCanonicalizeA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
GetSystemMetrics
CharUpperA
wvsprintfA
CreateEnvironmentBlock
DestroyEnvironmentBlock
shutdown
htons
socket
WSAAccept
gethostbyname
recv
WSACloseEvent
send
WSARecv
WSASend
WSACreateEvent
WSAStartup
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACleanup
WSAEventSelect
closesocket
WSAGetLastError
connect
WTSQueryUserToken
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
PNG 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.0.0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

FileDescription
Executable file

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x39c2

MIMEType
application/octet-stream

LegalCopyright
System networking. All rights reserved.

FileVersion
1.4

TimeStamp
2012:10:27 16:41:08+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
System networking

CodeSize
28672

ProductName
System networking

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ef8864506cf6c8f69442b37b1c98ee67
SHA1 4f4f0853f2f802b9fd140f5162162059e8297665
SHA256 a0f076833fc8d41a0a73a39cee204fb1f34dea4a968d803534aa6ad4a2297533
ssdeep
768:gKuZ5+diSIDPHlrf+86a24SizIe5s2J3DEZMRl+QNECph:zu+stzt4fCX+czESh

authentihash a9b74e2cb06ce4642fc347999aaadbf01bfec777b5c4036f507657ba6cb4e30a
imphash aba23eac56b646b599f5315dbd233b7b
File size 37.0 KB ( 37888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-23 11:19:19 UTC ( 2 months, 3 weeks ago )
Last submission 2018-09-24 14:46:37 UTC ( 2 months, 3 weeks ago )
File names dnspublic1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections