× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2bb2f3c54caee5e6add1f2b2b1f46a2cbed1f166482d9b0ec9fc198371a3270
File name: Gasko.exe
Detection ratio: 53 / 68
Analysis date: 2018-06-28 00:16:06 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.319085 20180627
AegisLab Exploit.W32.Generic!c 20180627
AhnLab-V3 Trojan/Win32.Kryptik.C2495110 20180627
ALYac Gen:Variant.Razy.319085 20180628
Antiy-AVL Trojan[Exploit]/Win32.AGeneric 20180627
Arcabit Trojan.Razy.D4DE6D 20180627
Avast Win32:GenX 20180627
AVG Win32:GenX 20180627
Avira (no cloud) TR/Dropper.MSIL.jjazv 20180628
AVware Trojan.Win32.Generic!BT 20180627
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180627
BitDefender Gen:Variant.Razy.319085 20180627
CAT-QuickHeal Exploit.Generic 20180627
Comodo UnclassifiedMalware 20180627
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.d4fd93 20180225
Cylance Unsafe 20180628
Cyren W32/MSIL_Troj.LX.gen!Eldorado 20180627
DrWeb Trojan.Inject3.587 20180627
Emsisoft Gen:Variant.Razy.319085 (B) 20180627
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/Kryptik.OAI 20180627
F-Prot W32/MSIL_Troj.LX.gen!Eldorado 20180628
F-Secure Gen:Variant.Razy.319085 20180628
Fortinet W32/Generic.LXU!exploit 20180627
GData Gen:Variant.Razy.319085 20180627
Ikarus Trojan.MSIL.Inject 20180627
Sophos ML heuristic 20180601
Jiangmin Exploit.Generic.ph 20180627
K7AntiVirus Trojan ( 005204301 ) 20180627
K7GW Trojan ( 005204301 ) 20180627
Kaspersky HEUR:Exploit.Win32.Generic 20180627
Malwarebytes Spyware.LokiBot 20180627
MAX malware (ai score=98) 20180628
McAfee GenericRXFI-GX!4BA5616E6F59 20180627
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20180627
Microsoft PWS:Win32/Primarypass.A 20180627
eScan Gen:Variant.Razy.319085 20180627
NANO-Antivirus Exploit.Win32.Inject3.fbhfpz 20180627
Palo Alto Networks (Known Signatures) generic.ml 20180628
Panda Trj/GdSda.A 20180626
Rising Dropper.Generic!8.35E (CLOUD) 20180627
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180627
Symantec W32.Golroted 20180627
Tencent Win32.Trojan.Inject.Auto 20180628
TrendMicro TROJ_GEN.R020C0OE518 20180627
TrendMicro-HouseCall TROJ_GEN.R020C0OE518 20180627
VBA32 TScope.Trojan.MSIL 20180627
VIPRE Trojan.Win32.Generic!BT 20180627
Webroot W32.Adware.Gen 20180628
Yandex Trojan.Kryptik!xhejfO+RSd4 20180627
ZoneAlarm by Check Point HEUR:Exploit.Win32.Generic 20180627
Alibaba 20180627
Avast-Mobile 20180627
Babable 20180406
Bkav 20180627
ClamAV 20180627
CMC 20180627
eGambit 20180628
Kingsoft 20180628
Qihoo-360 20180628
SUPERAntiSpyware 20180627
Symantec Mobile Insight 20180626
TACHYON 20180627
TheHacker 20180627
TotalDefense 20180627
Trustlook 20180628
ViRobot 20180627
Zillya 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Gasko
Original name Gasko.exe
Internal name Gasko.exe
File version 1.0.0.0
Description Gasko
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-03 15:38:19
Entry Point 0x00023AFE
Number of sections 3
.NET details
Module Version ID c5b5496e-9283-425f-8e4a-82323c5a6355
TypeLib ID 76e23ece-4b0d-4c03-b8e6-dc815751e7b4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 13
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
100352

ImageVersion
0.0

ProductName
Gasko

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Gasko

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Gasko.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2018:05:03 15:38:19+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gasko.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2018

MachineType
Intel 386 or later, and compatibles

CodeSize
138240

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x23afe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 4ba5616e6f5937e6ae9dc5879a0f5d7e
SHA1 acd04efd4fd93a6c44d39a9945a4eee7de27d2f6
SHA256 a2bb2f3c54caee5e6add1f2b2b1f46a2cbed1f166482d9b0ec9fc198371a3270
ssdeep
6144:rFarNs53bEFEhYTwvJ0VM7rCnq+GQzmU:rM5swEDiskT5z

authentihash 4407453b1b18e95a82a799b39bac7a02edfb824ad330a4358164d56d06d3ee9b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-08 16:19:55 UTC ( 4 months, 2 weeks ago )
Last submission 2018-05-08 16:19:55 UTC ( 4 months, 2 weeks ago )
File names Gasko.exe
4ba5616e6f5937e6ae9dc5879a0f5d7e.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections