× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a486b14dd968e7ec567edca207795f64d03112fd61211c7e9b8316d827f1f605
File name: wait.exe
Detection ratio: 39 / 69
Analysis date: 2018-12-20 04:58:20 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Gen:Variant.Cerbu.25338 20181220
AhnLab-V3 Trojan/Win32.Golroted.C2897450 20181219
ALYac Gen:Variant.Cerbu.25338 20181220
Avast Win32:Trojan-gen 20181220
AVG Win32:Trojan-gen 20181220
Avira (no cloud) TR/Kryptik.bokie 20181220
BitDefender Gen:Variant.Cerbu.25338 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.709875 20180225
Cylance Unsafe 20181220
Cyren W32/Arrakis.ABPV-1786 20181220
Emsisoft Gen:Variant.Cerbu.25338 (B) 20181220
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.QIW 20181220
F-Secure Gen:Variant.Cerbu.25338 20181220
Fortinet MSIL/GenKryptik.CTXT!tr 20181220
GData Gen:Variant.Cerbu.25338 20181220
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005439d31 ) 20181219
K7GW Trojan ( 005439d31 ) 20181219
Kaspersky HEUR:Backdoor.MSIL.Androm.gen 20181220
McAfee Artemis!C5522666B015 20181220
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20181220
Microsoft Backdoor:MSIL/Noancooe.C 20181220
eScan Gen:Variant.Cerbu.25338 20181220
NANO-Antivirus Trojan.Win32.Androm.flfley 20181220
Palo Alto Networks (Known Signatures) generic.ml 20181220
Panda Trj/CI.A 20181219
Qihoo-360 Win32/Trojan.050 20181220
Rising Backdoor.Androm!8.113 (CLOUD) 20181220
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181220
Symantec Trojan.Gen.2 20181220
Tencent Win32.Trojan.Inject.Auto 20181220
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.MSIL.LOKI.SMTHC.hp 20181220
TrendMicro-HouseCall TrojanSpy.MSIL.LOKI.SMTHC.hp 20181220
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.Androm.gen 20181220
AegisLab 20181219
Alibaba 20180921
Antiy-AVL 20181220
Arcabit 20181220
Avast-Mobile 20181219
Babable 20180918
Baidu 20181207
Bkav 20181219
CAT-QuickHeal 20181219
ClamAV 20181219
CMC 20181219
Comodo 20181220
DrWeb 20181220
eGambit 20181220
F-Prot 20181220
Jiangmin 20181220
Kingsoft 20181220
Malwarebytes 20181219
MAX 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
TheHacker 20181216
TotalDefense 20181219
Trustlook 20181220
VBA32 20181219
ViRobot 20181219
Webroot 20181220
Yandex 20181219
Zillya 20181219
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2019 All rights reserved.

Product Canon printing device protable MP230P6
Original name MP230P6.exe
Internal name MP230P6.exe
File version 7.0.0.0
Comments Canon printing device protable
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-17 08:09:22
Entry Point 0x0005870E
Number of sections 3
.NET details
Module Version ID 1887e193-a075-4540-ba05-899bfa48e58e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Canon printing device protable

InitializedDataSize
2560

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x5870e

OriginalFileName
MP230P6.exe

MIMEType
application/octet-stream

LegalCopyright
2019 All rights reserved.

FileVersion
7.0.0.0

TimeStamp
2018:12:17 09:09:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MP230P6.exe

ProductVersion
7.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Canon

CodeSize
354304

ProductName
Canon printing device protable MP230P6

ProductVersionNumber
7.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.0.0.0

Execution parents
File identification
MD5 c5522666b0151f8d0b5a0ebe3d65355d
SHA1 b22f6ab70987502e19da385ca39504750bd4d7ed
SHA256 a486b14dd968e7ec567edca207795f64d03112fd61211c7e9b8316d827f1f605
ssdeep
6144:rD6SyhXY1HcEJQ86N6kZOwRwZJmIbr2RUEKQfG+Jo8GWI2PhRGMp4TNtj:rD6SjFW8Zf0XKB+JoFWI2PhRGMp4TNt

authentihash c2a1e8dd64cd635247db8523710a46143218854013c5cfa2bbeb073ca850898d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 349.0 KB ( 357376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-12-18 02:56:38 UTC ( 2 months ago )
Last submission 2018-12-20 09:16:35 UTC ( 1 month, 4 weeks ago )
File names doshost.exe
wait.exe
MP230P6.exe
wait.exe.milo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!