× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b11ca5106252eae5b71cc7c1e3abf85d491f1fc41e1112c095c3c18d28d67412
File name: b11ca5106252eae5b71cc7c1e3abf85d491f1fc41e1112c095c3c18d28d67412
Detection ratio: 13 / 65
Analysis date: 2018-01-31 18:24:12 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cybereason malicious.4a8d08 20171103
Cylance Unsafe 20180131
Cyren W32/Trojan.BED.gen!Eldorado 20180131
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Kryptik.MMW 20180131
F-Prot W32/Trojan.BED.gen!Eldorado 20180131
Ikarus Trojan-Spy.Agent 20180131
Sophos ML heuristic 20180121
Malwarebytes Spyware.PasswordStealer 20180131
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20180131
Qihoo-360 HEUR/QVM03.0.E5E1.Malware.Gen 20180131
SentinelOne (Static ML) static engine - malicious 20180115
Ad-Aware 20180131
AegisLab 20180131
AhnLab-V3 20180131
Alibaba 20180131
ALYac 20180131
Antiy-AVL 20180131
Arcabit 20180131
Avast 20180131
Avast-Mobile 20180131
AVG 20180131
Avira (no cloud) 20180131
AVware 20180131
Baidu 20180131
BitDefender 20180131
Bkav 20180131
CAT-QuickHeal 20180131
ClamAV 20180131
CMC 20180131
Comodo 20180131
DrWeb 20180131
eGambit 20180131
Emsisoft 20180131
Fortinet 20180131
GData 20180131
Jiangmin 20180131
K7AntiVirus 20180131
K7GW 20180131
Kaspersky 20180131
Kingsoft 20180131
MAX 20180131
McAfee 20180131
Microsoft 20180131
eScan 20180131
NANO-Antivirus 20180131
nProtect 20180131
Palo Alto Networks (Known Signatures) 20180131
Panda 20180131
Rising 20180131
Sophos AV 20180131
SUPERAntiSpyware 20180131
Symantec 20180131
Symantec Mobile Insight 20180131
Tencent 20180131
TheHacker 20180130
TotalDefense 20180131
TrendMicro 20180131
TrendMicro-HouseCall 20180131
Trustlook 20180131
VBA32 20180131
VIPRE 20180131
ViRobot 20180131
Yandex 20180130
Zillya 20180131
ZoneAlarm by Check Point 20180131
Zoner 20180131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Same as in file description
Original name Purchase Order-Drawings SPEC.exe
Internal name Purchase Order-Drawings SPEC.exe
File version 1.0.0.0
Description How is seen in task manager
Comments Just press the space bar
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-23 12:40:28
Entry Point 0x0004711E
Number of sections 3
.NET details
Module Version ID 3962734c-3e03-431a-ba70-0dbb12b6ccd7
TypeLib ID c11f575a-fe84-4bbc-95a9-c0e71aaee176
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Just press the space bar

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
How is seen in task manager

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x4711e

OriginalFileName
Purchase Order-Drawings SPEC.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
1.0.0.0

TimeStamp
2017:04:23 13:40:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Purchase Order-Drawings SPEC.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Your company name

CodeSize
283136

ProductName
Same as in file description

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 06fbf56a037b1e236016e04d79e3d600
SHA1 43f9ffb4a8d081fc1ea273c03f018863af4a7956
SHA256 b11ca5106252eae5b71cc7c1e3abf85d491f1fc41e1112c095c3c18d28d67412
ssdeep
6144:3fQNQd1md3uVFHLDwOGwXuBJjlfc9qCT2Sk/vvLs3TtIm6ZcSpHf:3fQSdi0FHnAtcRSSk+tMh

authentihash ecec7f703db292859ac08fee4915c454aa2324d8fb79408aeb9a78fbaf824c7b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 279.5 KB ( 286208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-01-31 18:24:12 UTC ( 1 year, 2 months ago )
Last submission 2018-02-11 13:04:47 UTC ( 1 year, 2 months ago )
File names Purchase Order-Drawings SPEC.exe
b11ca5106252eae5b71cc7c1e3abf85d491f1fc41e1112c095c3c18d28d67412
06fbf56a037b1e236016e04d79e3d600.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!