× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b12cd1d0b10c562ff5a7d08f7dbdfcba4b57958dfa7be54a7ae92c74b837fa2b
File name: C$~Users~test~AppData~Roaming~68C21397-E71F-40A0-98CA-4F1731D8B45...
Detection ratio: 54 / 66
Analysis date: 2018-10-25 09:52:16 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.MSIL.Agent.GD 20181025
AegisLab Backdoor.W32.Gen.mhUN 20181025
AhnLab-V3 Win-Trojan/Nanocore.Exp 20181025
ALYac Backdoor.MSIL.Agent.GD 20181025
Antiy-AVL Trojan[Backdoor]/Win32.AGeneric 20181025
Avast MSIL:NanoCore-B [Trj] 20181025
AVG MSIL:NanoCore-B [Trj] 20181025
Avira (no cloud) TR/Dropper.MSIL.Gen7 20181025
BitDefender Backdoor.MSIL.Agent.GD 20181025
Bkav W32.DropperFraudropK.Trojan 20181024
CAT-QuickHeal Trojan.Orbus.C3 20181024
ClamAV Win.Trojan.Nanocore-5 20181024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.0cb0ff 20180225
Cylance Unsafe 20181025
Cyren W32/NanoCore.C.gen!Eldorado 20181025
DrWeb Trojan.Nanocore.23 20181025
Emsisoft Backdoor.MSIL.Agent.GD (B) 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 MSIL/NanoCore.E 20181025
F-Prot W32/NanoCore.C.gen!Eldorado 20181025
F-Secure Backdoor.MSIL.Agent.GD 20181022
Fortinet W32/Generic.AC.A0C!tr 20181025
GData MSIL.Backdoor.Nancat.A 20181025
Ikarus Trojan.MSIL.NanoCore 20181025
Sophos ML heuristic 20180717
Jiangmin Backdoor.Generic.zwu 20181025
K7AntiVirus Trojan ( 700000121 ) 20181025
K7GW Trojan ( 700000121 ) 20181025
Kaspersky Trojan.MSIL.Agent.fpar 20181025
Malwarebytes Backdoor.NanoCore 20181025
MAX malware (ai score=100) 20181025
McAfee PUP-XBZ-OJ!5091E1D0CB0F 20181025
McAfee-GW-Edition BehavesLike.Win32.PUPXBZ.dc 20181025
Microsoft Backdoor:MSIL/Noancooe.A 20181025
eScan Backdoor.MSIL.Agent.GD 20181025
NANO-Antivirus Trojan.Win32.Dwn.edxxmu 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Bck/Agent.KNM 20181024
Qihoo-360 Malware.Radar01.Gen 20181025
Rising Trojan.Win32.Agent_.ly (CLOUD) 20181025
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/NanoCor-BT 20181025
SUPERAntiSpyware Trojan.Agent/Gen-Zusy 20181022
Symantec Trojan.Nancrat 20181025
Tencent Msil.Trojan.Agent.Sudt 20181025
TrendMicro BKDR_NOANCOOE.SM 20181025
TrendMicro-HouseCall BKDR_NOANCOOE.SM 20181025
VBA32 Trojan.MSIL.Agent 20181024
ViRobot Backdoor.Win32.NanoCore.Gen.A 20181025
Webroot W32.Trojan.Gen 20181025
Zillya Trojan.Agent.Win32.975344 20181024
ZoneAlarm by Check Point Trojan.MSIL.Agent.fpar 20181025
Zoner Trojan.Msil 20181024
Alibaba 20180921
Avast-Mobile 20181025
Babable 20180918
Baidu 20181024
CMC 20181025
eGambit 20181025
Kingsoft 20181025
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181025
Trustlook 20181025
Yandex 20181025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-22 00:49:37
Entry Point 0x0001E792
Number of sections 3
.NET details
Module Version ID 426fff4d-c208-4bdc-b784-e45b84513c2d
TypeLib ID 51089a27-ea58-4036-b8d8-cadf0b0aa835
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:22 01:49:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
116736

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1e792

InitializedDataSize
90624

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 5091e1d0cb0ffcd67c680dc6e1b32a32
SHA1 4b5c621d8990cbf86a7356a80edf5dc3b6747dc4
SHA256 b12cd1d0b10c562ff5a7d08f7dbdfcba4b57958dfa7be54a7ae92c74b837fa2b
ssdeep
3072:MzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIbIPAGTwjgaxODOeSQcY/UShKQ:MLV6Bta6dtJmakIM5Br8PxtPY/1KZq

authentihash ec63470de8bd208b2532d7f352c0a644462dc49cf372f10ab7c77586b18d5a74
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 203.0 KB ( 207872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.3%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-09-30 16:33:09 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-25 09:52:16 UTC ( 4 months ago )
File names nanocore.exe
sleep.exe
NanoCore.exe
C$~Users~test~AppData~Roaming~68C21397-E71F-40A0-98CA-4F1731D8B455~NAS Host~nashost.exe
upnpsvc.exe
NanoCore.exe
doshost.exe
udpss.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!