× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d
File name: smss.exe
Detection ratio: 61 / 71
Analysis date: 2019-05-08 11:04:40 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
Acronis suspicious 20190504
Ad-Aware Backdoor.SDbot.DFNQ 20190508
AegisLab Trojan.Win32.Rbot.4!c 20190508
AhnLab-V3 Backdoor/Win32.Rbot.R327 20190508
Alibaba Backdoor:Win32/Rbot.3bb2334b 20190426
ALYac Backdoor.Rbot-BQJ 20190508
Antiy-AVL Trojan[Backdoor]/Win32.Rbot.aftu 20190508
Arcabit Backdoor.SDbot.DFNQ 20190508
Avast Win32:Rbot-DCY [Trj] 20190508
AVG Win32:Rbot-DCY [Trj] 20190508
Avira (no cloud) WORM/SdBo.167936.56 20190508
BitDefender Backdoor.SDbot.DFNQ 20190508
Bkav W32.SpyBotQ.Worm 20190508
CAT-QuickHeal Backdoor.Rbot 20190507
ClamAV Win.Trojan.SdBot-4601 20190508
CMC Generic.Win32.14a09a48ad!MD 20190321
Comodo Backdoor.Win32.Rbot@4htf 20190508
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.8ad23f 20190417
Cylance Unsafe 20190508
Cyren W32/Backdoor.CLQG-2510 20190508
DrWeb Win32.HLLW.MyBot 20190508
Emsisoft Backdoor.SDbot.DFNQ (B) 20190508
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/Rbot 20190508
F-Prot W32/Backdoor.ZZR 20190508
F-Secure Worm.WORM/SdBo.167936.56 20190508
FireEye Generic.mg.14a09a48ad23fe0e 20190508
Fortinet W32/Generic.AC.2B9D15!tr 20190508
GData Backdoor.SDbot.DFNQ 20190508
Ikarus Backdoor.Win32.DsBot 20190508
Sophos ML heuristic 20190313
Jiangmin Backdoor/RBot.dcc 20190508
K7AntiVirus Backdoor ( 000df2a31 ) 20190508
K7GW Backdoor ( 000df2a31 ) 20190508
Kaspersky Backdoor.Win32.Rbot.aftu 20190508
Malwarebytes Backdoor.Rbot 20190508
MaxSecure Backdoor.rbot.aftu 20190507
McAfee W32/Sdbot.worm.gen.x 20190503
McAfee-GW-Edition BehavesLike.Win32.Corrupt.cc 20190508
Microsoft Backdoor:Win32/Rbot 20190508
eScan Backdoor.SDbot.DFNQ 20190508
NANO-Antivirus Trojan.Win32.Rbot.ijjrj 20190508
Palo Alto Networks (Known Signatures) generic.ml 20190508
Panda Trj/Genetic.gen 20190507
Qihoo-360 Malware.Radar01.Gen 20190508
Rising Backdoor.Mybot.wzj (CLOUD) 20190508
SentinelOne (Static ML) DFI - Malicious PE 20190508
Sophos AV W32/Rbot-GSL 20190508
SUPERAntiSpyware Trojan.Agent/Gen 20190507
TACHYON Backdoor/W32.RBot.158720.J 20190508
Tencent Win32.Backdoor.Rbot.Dygm 20190508
TheHacker Backdoor/Rbot.aftu 20190506
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall WORM_RBOT.SMA 20190508
VBA32 SScope.Backdoor.Sdbot 20190504
ViRobot Backdoor.Win32.RBot.147456.D 20190508
Webroot Malware.Heur 20190508
Yandex Worm.Rbot.AFAE 20190501
Zillya Virus.Rbot.Win32.1 20190506
ZoneAlarm by Check Point Backdoor.Win32.Rbot.aftu 20190508
Avast-Mobile 20190508
Babable 20190424
Baidu 20190318
eGambit 20190508
Kingsoft 20190508
MAX 20190508
Symantec Mobile Insight 20190506
TotalDefense 20190508
TrendMicro 20190509
Trustlook 20190508
Zoner 20190507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 00:00:00
Entry Point 0x0011905C
Number of sections 4
PE sections
Overlays
MD5 0683effa78a813c516a2fc35e60ddc60
File type data
Offset 147456
Size 11264
Entropy 6.93
PE imports
LoadLibraryA
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
128512

LinkerVersion
0.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x11905c

InitializedDataSize
1010176

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 14a09a48ad23fe0ea5a180bee8cb750a
SHA1 ac3cdd673f5126bc49faa72fb52284f513929db4
SHA256 b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d
ssdeep
3072:Wy277Ci2HMm3nQuTz5U0Ofr2AUx4bzWKeH3tMCmzsaz:Wy27mi2Hj3Qg112rhUxl/3thEse

authentihash 0dd80e0dea10af7a368cbfa91e3317e4718255b782d763622f904e1519dff60c
imphash a7333743ef063a68d1d860bbdf1c328e
File size 155.0 KB ( 158720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2007-06-27 08:47:05 UTC ( 11 years, 11 months ago )
Last submission 2019-04-14 17:42:08 UTC ( 1 month, 1 week ago )
File names exploit.exe
test2
expl.exe
test.exe
SSMS.exe
8888.exe
deteccion.exe
archivo.exe
artefacto2
malware_ms_raw
ssmes.exe
malware.exe.vir
1.exe
virus1.exe
out.bin
pasbien
123
ssms.exe
2
suspeito
teste.exe
문제 패킷
maliious.exe
a.xe
1122
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!