× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0c56c61bdf31995a4836f0bebbe5bfc5e3c4212c802cd7477cd1efad550e332
File name: 1ed722ccf2e8a2f8f8f200bc3fe523dfa1b54391
Detection ratio: 22 / 57
Analysis date: 2016-10-22 13:15:03 UTC ( 2 years, 3 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Generic.N2133956995 20161022
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161022
Avast Win32:Malware-gen 20161022
AVG MSIL10.BWUQ 20161022
Avira (no cloud) TR/Dropper.MSIL.qurho 20161022
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9965 20161022
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of MSIL/Kryptik.GUO 20161022
Fortinet W32/Generic.GUO!tr 20161022
GData Win32.Trojan.Agent.Z7ZWC0 20161022
Ikarus Trojan.MSIL.Crypt 20161022
Sophos ML trojan.win32.dacic.a!rfn 20161018
K7GW Trojan ( 004f4d251 ) 20161022
Kaspersky HEUR:Trojan.Win32.Generic 20161022
McAfee Artemis!7D3F76625CDC 20161022
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fc 20161022
Microsoft Trojan:Win32/Dynamer!ac 20161022
Rising Trojan.Generic!8.C3-0PsluM0y11G (cloud) 20161022
Symantec Trojan.Gen 20161022
Tencent Win32.Trojan.Generic.Aisl 20161022
TrendMicro-HouseCall TROJ_GEN.R00JH0DJJ16 20161022
Yandex Trojan.Agent!FiBeLtrrNo4 20161021
Ad-Aware 20161022
AegisLab 20161022
Alibaba 20161022
ALYac 20161022
Arcabit 20161022
AVware 20161022
BitDefender 20161022
Bkav 20161022
CAT-QuickHeal 20161022
ClamAV 20161022
CMC 20161022
Comodo 20161022
Cyren 20161022
DrWeb 20161022
Emsisoft 20161022
F-Prot 20161022
F-Secure 20161022
Jiangmin 20161022
K7AntiVirus 20161022
Kingsoft 20161022
Malwarebytes 20161022
eScan 20161022
NANO-Antivirus 20161022
nProtect 20161022
Panda 20161022
Qihoo-360 20161022
Sophos AV 20161022
SUPERAntiSpyware 20161022
TheHacker 20161020
TotalDefense 20161022
TrendMicro 20161022
VBA32 20161021
VIPRE 20161022
ViRobot 20161022
Zillya 20161022
Zoner 20161022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product root26
Original name root26.exe
Internal name root26.exe
File version 1.0.0.0
Description root26
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-08 11:12:55
Entry Point 0x00049A1E
Number of sections 4
.NET details
Module Version ID c83b5f81-04d0-4480-8861-5f38d5a9b3aa
TypeLib ID 600a350b-0d02-4729-bf23-51a3f80a1741
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
13312

ImageVersion
0.0

ProductName
root26

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
root26

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
root26.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2016:10:08 12:12:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
root26.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2016

MachineType
Intel 386 or later, and compatibles

CodeSize
293888

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x49a1e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 7d3f76625cdc5ed25fbbd0e391eca472
SHA1 1ed722ccf2e8a2f8f8f200bc3fe523dfa1b54391
SHA256 b0c56c61bdf31995a4836f0bebbe5bfc5e3c4212c802cd7477cd1efad550e332
ssdeep
6144:wXMqbBLWhFMat9bUts7kaydTSeRSXCQ7JTebXdcVYRJoT6mXx:EBL+jwxad7JTeTdcusl

authentihash 618b05b17c3ecf51757406f868c73bc7dea5640f64a52cafc013b3d54d9ee4e2
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 301.0 KB ( 308224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (38.1%)
InstallShield setup (22.3%)
Win32 Executable MS Visual C++ (generic) (16.2%)
Win64 Executable (generic) (14.3%)
Win32 Dynamic Link Library (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-10-22 13:15:03 UTC ( 2 years, 3 months ago )
Last submission 2016-10-22 13:15:03 UTC ( 2 years, 3 months ago )
File names root26.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications