× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8e4778e5023373038c2214d85fcbdbfe0e5f63ad721bed8def3ab65d1f292cb
File name: 50c2221345a927e9b1f20f49f4e32230.virobj
Detection ratio: 51 / 68
Analysis date: 2017-10-31 21:45:12 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12120299 20171031
AegisLab Troj.Dropper.Msil!c 20171031
AhnLab-V3 Win-Trojan/MSILKrypt02.Exp 20171031
ALYac Trojan.GenericKD.12120299 20171031
Arcabit Trojan.Generic.DB8F0EB 20171031
Avast Win32:Malware-gen 20171031
AVG Win32:Malware-gen 20171031
Avira (no cloud) TR/Dropper.MSIL.njyjs 20171031
AVware Trojan.Win32.Generic!BT 20171031
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171031
BitDefender Trojan.GenericKD.12120299 20171031
CAT-QuickHeal Trojan.IGENERIC 20171031
Comodo UnclassifiedMalware 20171031
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171031
Cyren W32/MSIL.Agent.B.gen!Eldorado 20171031
DrWeb Trojan.PWS.Stealer.19347 20171031
eGambit Unsafe.AI_Score_98% 20171031
Emsisoft Trojan.GenericKD.12120299 (B) 20171031
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Injector.SSP 20171031
F-Prot W32/MSIL.Agent.B.gen!Eldorado 20171031
F-Secure Trojan.GenericKD.12120299 20171031
Fortinet MSIL/Injector.SSP!tr 20171031
GData Trojan.GenericKD.12120299 20171031
Ikarus Trojan.SuspectCRC 20171031
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00513fb11 ) 20171031
K7GW Hacktool ( 655367771 ) 20171031
Kaspersky HEUR:Backdoor.Win32.Generic 20171031
Malwarebytes Trojan.Agent 20171031
MAX malware (ai score=100) 20171031
McAfee Trojan-FNUA!50C2221345A9 20171031
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171031
Microsoft VirTool:MSIL/Injector 20171031
eScan Trojan.GenericKD.12120299 20171031
NANO-Antivirus Trojan.Win32.Stealer.ersgwm 20171031
Palo Alto Networks (Known Signatures) generic.ml 20171031
Panda Trj/GdSda.A 20171031
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171031
Symantec Trojan.Gen.2 20171031
Tencent Win32.Backdoor.Generic.Svhi 20171031
TrendMicro TROJ_GEN.R00WC0DHE17 20171031
TrendMicro-HouseCall TROJ_HPSCAREIT.SMZ 20171031
VIPRE Trojan.Win32.Generic!BT 20171031
Webroot W32.Trojan.Gen 20171031
Yandex Trojan.Injector!KVkpV/73bBY 20171031
Zillya Trojan.Injector.Win32.551328 20171031
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Generic 20171031
Alibaba 20170911
Antiy-AVL 20171031
Avast-Mobile 20171031
Bkav 20171031
ClamAV 20171031
CMC 20171031
Jiangmin 20171031
Kingsoft 20171031
nProtect 20171031
Qihoo-360 20171031
Rising 20171031
SUPERAntiSpyware 20171031
Symantec Mobile Insight 20171027
TheHacker 20171031
TotalDefense 20171031
Trustlook 20171031
VBA32 20171031
ViRobot 20171031
WhiteArmor 20171024
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2015

Product Yuom
Original name okkkkkkkk.exe
Internal name okkkkkkkk.exe
File version 19.16.15.9
Description Yuom
Comments Yuom Dexer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-08 12:24:09
Entry Point 0x0001CA9E
Number of sections 3
.NET details
Module Version ID a5e87e58-0a4f-4827-b6f9-d165ebf33aef
TypeLib ID f462fee2-0363-49ee-9678-9a70b703414f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Yuom Dexer

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
19.16.15.9

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Yuom

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x1ca9e

OriginalFileName
okkkkkkkk.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2015

FileVersion
19.16.15.9

TimeStamp
2017:08:08 05:24:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
okkkkkkkk.exe

ProductVersion
19.16.15.9

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
110592

ProductName
Yuom

ProductVersionNumber
19.16.15.9

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
5.5.2.19

Compressed bundles
File identification
MD5 50c2221345a927e9b1f20f49f4e32230
SHA1 8cf858f3776a4d9d4f99aac814f24e646118bf5c
SHA256 a8e4778e5023373038c2214d85fcbdbfe0e5f63ad721bed8def3ab65d1f292cb
ssdeep
3072:436hbrS9B+R64paFhoLU56OGt0ClArUhn3NrsM3OA6GKGA:Bbr66leyiy6uhnSM6G1

authentihash f415322005acaee57a2fda46f6bd27041f00b742dd798bb43bbaa5a1c43ff535
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-08-08 12:38:04 UTC ( 1 year, 8 months ago )
Last submission 2019-02-24 01:44:02 UTC ( 2 months ago )
File names output.113100154.txt
okkkkkkkk.exe
50c2221345a927e9b1f20f49f4e32230.virobj
50c2221345a927e9b1f20f49f4e32230.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications