× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a60d036a6d0e4a2281b603a04c59e4fec6be0f14932ad0c2bd9cdb06cf61d3e2
File name: 569b1847290eb9da3c204c4ea275876dc18a9833
Detection ratio: 17 / 70
Analysis date: 2018-12-15 22:40:44 UTC ( 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.NanoBot.C2847563 20181215
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cybereason malicious.7290eb 20180225
Cylance Unsafe 20181215
eGambit PE.Heur.InvalidSig 20181215
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Spy.Agent.AES 20181215
Sophos ML heuristic 20181128
Kaspersky HEUR:Trojan.MSIL.Crypt.gen 20181215
McAfee Packed-FOU!869C38B3FB93 20181215
McAfee-GW-Edition Packed-FOU!869C38B3FB93 20181215
Panda Trj/GdSda.A 20181215
Qihoo-360 Win32/Trojan.21a 20181215
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Gen 20181215
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Crypt.gen 20181215
Ad-Aware 20181215
AegisLab 20181214
Alibaba 20180921
ALYac 20181215
Antiy-AVL 20181215
Arcabit 20181215
Avast 20181215
Avast-Mobile 20181215
AVG 20181215
Avira (no cloud) 20181215
Babable 20180918
Baidu 20181207
BitDefender 20181215
Bkav 20181214
CAT-QuickHeal 20181215
ClamAV 20181215
CMC 20181215
Comodo 20181215
Cyren 20181215
DrWeb 20181215
Emsisoft 20181215
F-Prot 20181215
F-Secure 20181215
Fortinet 20181215
GData 20181215
Ikarus 20181215
Jiangmin 20181215
K7AntiVirus 20181215
K7GW 20181215
Kingsoft 20181215
Malwarebytes 20181215
MAX 20181215
Microsoft 20181215
eScan 20181215
NANO-Antivirus 20181215
Palo Alto Networks (Known Signatures) 20181215
Rising 20181215
Sophos AV 20181215
SUPERAntiSpyware 20181212
Symantec 20181215
Symantec Mobile Insight 20181215
TACHYON 20181214
Tencent 20181215
TheHacker 20181213
TotalDefense 20181215
TrendMicro 20181215
TrendMicro-HouseCall 20181215
Trustlook 20181215
VBA32 20181214
VIPRE 20181215
ViRobot 20181215
Yandex 20181214
Zillya 20181215
Zoner 20181215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2000-2018 Alexion Software

Product Alexion CRM
File version 5.0.5594
Description Alexion CRM Setup
Comments This installation was built with Inno Setup.
Signature verification The digital signature of the object did not verify.
Signing date 10:00 AM 1/29/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1981-04-11 16:15:12
Entry Point 0x0007023E
Number of sections 3
.NET details
Module Version ID 41961092-79aa-4bf1-936e-1690f6367cbd
TypeLib ID fd8c0ce5-69c7-48b7-918e-9df2a6919ca1
PE sections
Overlays
MD5 723bfedf4afef43a78ae52399af62c58
File type data
Offset 534016
Size 13512
Entropy 7.47
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 12
RT_STRING 6
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 23
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.5594.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Alexion CRM Setup

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
81920

EntryPoint
0x7023e

MIMEType
application/octet-stream

LegalCopyright
Copyright 2000-2018 Alexion Software

FileVersion
5.0.5594

TimeStamp
1981:04:11 18:15:12+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.0.5594

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexion Software

CodeSize
451584

ProductName
Alexion CRM

ProductVersionNumber
5.0.5594.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 869c38b3fb930441944949b980b55c83
SHA1 569b1847290eb9da3c204c4ea275876dc18a9833
SHA256 a60d036a6d0e4a2281b603a04c59e4fec6be0f14932ad0c2bd9cdb06cf61d3e2
ssdeep
12288:jBWKqUK03RuN/Su5EvVDVW888888888888W88888888888k:N5qUAOvVDP

authentihash 16c697d612a77b8d8396362f756eb426a62ab18c3fd4958e3b2f0f7d9d3750b8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 534.7 KB ( 547528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-12-15 22:40:44 UTC ( 5 months ago )
Last submission 2018-12-22 07:09:59 UTC ( 4 months, 4 weeks ago )
File names 869c38b3fb930441944949b980b55c83
r1111111111111111111_signed.exe
869c38b3fb930441944949b980b55c83
r1111111111111111111_signed.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!