× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a812d5143c14f7d4a534f37f0e4350824cfb6087de7428bfb3be5f85f8b83464
File name: 6b5ba6e1c5fe32af90093dd049f70d436e094103
Detection ratio: 37 / 58
Analysis date: 2016-09-12 06:31:06 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.MSIL.Androm.3 20160912
AegisLab Backdoor.W32.Delf.lrP1 20160912
AhnLab-V3 Malware/Win32.Generic.N1877882069 20160911
ALYac Gen:Heur.MSIL.Androm.3 20160912
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160912
Arcabit Trojan.MSIL.Androm.3 20160912
Avast Win32:Malware-gen 20160912
AVG PSW.Generic12.CIQV 20160912
Avira (no cloud) TR/Dropper.MSIL.Gen 20160912
AVware Trojan.Win32.Generic!BT 20160912
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160912
BitDefender Gen:Heur.MSIL.Androm.3 20160912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/GenBl.B65033E0!Olympus 20160912
Emsisoft Gen:Heur.MSIL.Androm.3 (B) 20160912
ESET-NOD32 a variant of MSIL/Injector.BTN 20160912
F-Secure Gen:Heur.MSIL.Androm.3 20160912
Fortinet W32/Generic!tr 20160912
GData Gen:Heur.MSIL.Androm.3 20160912
Ikarus Trojan.Kazy 20160911
Sophos ML virtool.msil.obfuscator.bi 20160830
K7AntiVirus Trojan ( 700000121 ) 20160911
K7GW Trojan ( 700000121 ) 20160912
Kaspersky HEUR:Trojan.Win32.Generic 20160912
Malwarebytes Backdoor.Agent 20160912
McAfee PWS-FCAB!B65033E0DD0F 20160912
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20160911
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160912
eScan Gen:Heur.MSIL.Androm.3 20160912
NANO-Antivirus Trojan.Win32.BTN.dzrsor 20160912
Panda Trj/CI.A 20160911
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160912
Sophos AV Mal/Generic-S 20160912
Symantec Heur.AdvML.B 20160912
Tencent Win32.Trojan.Generic.Pepc 20160912
VIPRE Trojan.Win32.Generic!BT 20160912
Yandex Trojan.Agent!VHSIRz5Jemo 20160911
Alibaba 20160912
Bkav 20160910
CAT-QuickHeal 20160912
ClamAV 20160912
CMC 20160908
Comodo 20160908
DrWeb 20160912
F-Prot 20160912
Jiangmin 20160912
Kingsoft 20160912
nProtect 20160912
Rising 20160912
SUPERAntiSpyware 20160911
TheHacker 20160911
TotalDefense 20160907
TrendMicro 20160912
TrendMicro-HouseCall 20160912
VBA32 20160909
ViRobot 20160912
Zillya 20160911
Zoner 20160912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DP

Original name ةتن.exe
Internal name ةتن.exe
File version 1.0.0.0
Description DPCSB
Comments Managed
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-30 10:54:14
Entry Point 0x0006676E
Number of sections 3
.NET details
Module Version ID 088f72f6-4d44-441e-ba87-275968c73214
TypeLib ID f62effbd-dabb-4583-a7b9-d17e4893b796
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Managed

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x6676e

OriginalFileName
.exe

MIMEType
application/octet-stream

LegalCopyright
DP

FileVersion
1.0.0.0

TimeStamp
2015:09:30 11:54:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
.exe

ProductVersion
1.0.0.0

FileDescription
DPCSB

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
413696

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 b65033e0dd0f34adf3ee0af6c45a3546
SHA1 6b5ba6e1c5fe32af90093dd049f70d436e094103
SHA256 a812d5143c14f7d4a534f37f0e4350824cfb6087de7428bfb3be5f85f8b83464
ssdeep
6144:fy/vn6l7oP+nflKg0mjchlHxnxbYTgiyI2w4HoDgrCxTjzX64/lisF9IKnch2KZc:6/v6l9MtxxkkiyIt44cEmspNKZMWhX4

authentihash 48bda7ac8fd40992f0cf94904aafb2a669c0f91c3155686e3d0dd0c5f8b0b386
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-02-09 03:17:19 UTC ( 3 years ago )
Last submission 2016-09-12 06:31:06 UTC ( 2 years, 5 months ago )
File names ???.exe
server.exe
server.exe
ةتن.exe
server.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications