× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab7749fa90959d66319d258fafad71b2f0fb469a69b18f87b1f64cfb99e4decf
File name: d3f26349b48f1dde070c9bb07937a25f.virus
Detection ratio: 44 / 58
Analysis date: 2017-02-18 19:38:56 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.6819 20170218
AegisLab Troj.W32.Agent!c 20170218
AhnLab-V3 Malware/Win32.Generic.C1058346 20170218
ALYac Gen:Variant.Razy.6819 20170218
Antiy-AVL Trojan/MSIL.Packed.Confuser.P 20170218
Arcabit Trojan.Razy.D1AA3 20170218
Avast Win32:Malware-gen 20170218
AVG BackDoor.Generic19.BCWO 20170218
Avira (no cloud) TR/Dropper.Gen 20170218
AVware Trojan.Win32.Generic!BT 20170218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170217
BitDefender Gen:Variant.Razy.6819 20170218
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/MSIL_Confuser.A.gen!Eldorado 20170218
DrWeb BackDoor.Bladabindi.13678 20170218
Emsisoft Gen:Variant.Razy.6819 (B) 20170218
Endgame malicious (high confidence) 20170217
ESET-NOD32 a variant of MSIL/Packed.Confuser.P suspicious 20170218
F-Prot W32/MSIL_Confuser.A.gen!Eldorado 20170218
F-Secure Gen:Variant.Razy.6819 20170218
Fortinet MSIL/Injecto.58E1!tr 20170218
GData Gen:Variant.Razy.6819 20170218
Ikarus Trojan.MSIL.Inject 20170218
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
K7AntiVirus Trojan ( 004be61a1 ) 20170218
K7GW Trojan ( 004be61a1 ) 20170218
Kaspersky Trojan.Win32.Agent.neyxku 20170218
McAfee RDN/Generic BackDoor 20170218
McAfee-GW-Edition BehavesLike.Win32.Malware.gc 20170218
Microsoft Backdoor:MSIL/Bladabindi 20170218
eScan Gen:Variant.Razy.6819 20170218
NANO-Antivirus Trojan.Win32.Agent.eloons 20170218
Panda Trj/GdSda.A 20170218
Qihoo-360 Win32/Trojan.07f 20170218
Rising Backdoor.Bladabindi!8.B1F (cloud:OSuCA1f7nMD) 20170218
Sophos AV Mal/Generic-S 20170218
Symantec Trojan.Gen.2 20170218
Tencent Win32.Trojan.Agent.Wtdi 20170218
TrendMicro TSPY_HPCUBESTLR.SM 20170218
TrendMicro-HouseCall TSPY_HPCUBESTLR.SM 20170218
VIPRE Trojan.Win32.Generic!BT 20170218
ViRobot Trojan.Win32.Z.Razy.455152[h] 20170218
Webroot Malicious 20170218
Yandex Trojan.Agent!13aNZMUInHA 20170217
Alibaba 20170217
CAT-QuickHeal 20170218
ClamAV 20170218
CMC 20170218
Comodo 20170218
Jiangmin 20170218
Kingsoft 20170218
Malwarebytes 20170218
nProtect 20170218
SUPERAntiSpyware 20170218
TheHacker 20170218
TotalDefense 20170218
Trustlook 20170218
VBA32 20170217
WhiteArmor 20170215
Zillya 20170218
Zoner 20170218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Software

Product Software
Original name Software.exe
Internal name Software.exe
File version 1.0.0.0
Description Software
Comments Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-03 00:18:39
Entry Point 0x00026A2E
Number of sections 3
.NET details
Module Version ID 239d82c2-7062-ec12-602c-b299cbc5a46e
PE sections
Overlays
MD5 68a0461f34013b91c8e6f8b7cda5fc46
File type data
Offset 419840
Size 35312
Entropy 6.23
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
CodeSize
150528

SubsystemVersion
4.0

Comments
Software

InitializedDataSize
268800

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Software

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x26a2e

OriginalFileName
Software.exe

MIMEType
application/octet-stream

LegalCopyright
Software

FileVersion
1.0.0.0

TimeStamp
2017:01:03 01:18:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Software.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Software

LegalTrademarks
Software

ProductName
Software

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 d3f26349b48f1dde070c9bb07937a25f
SHA1 748ddccb5e99195ac06660f28bf0148630d1f2a2
SHA256 ab7749fa90959d66319d258fafad71b2f0fb469a69b18f87b1f64cfb99e4decf
ssdeep
12288:u5VBm4wfZ/z8uM13TUI5TBSOzh2fQSVDS5:ky4KZr8uMhUIFUA2fQSVDe

authentihash 792e253ff3310ebfc348c4d5eea92924fd8c300c955f7b149ac04d189ae7c4a9
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 444.5 KB ( 455152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2017-02-12 18:56:46 UTC ( 2 years, 1 month ago )
Last submission 2018-06-18 00:37:33 UTC ( 9 months, 1 week ago )
File names Crossfre The HAcked.exe
Software.exe
d3f26349b48f1dde070c9bb07937a25f.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!