× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3900f2d5889092137848579ce0433963a599f43a8f63723f21f898b3cebcceb
File name: VSL_358748500.exe
Detection ratio: 32 / 69
Analysis date: 2018-09-24 01:14:46 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.358250 20180924
ALYac Gen:Variant.Razy.358250 20180923
Arcabit Trojan.Razy.D5776A 20180923
Avast Win32:Malware-gen 20180923
AVG Win32:Malware-gen 20180923
Avira (no cloud) HEUR/AGEN.1029316 20180923
BitDefender Gen:Variant.Razy.358250 20180923
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.0cee06 20180225
Cylance Unsafe 20180924
Emsisoft Gen:Variant.Razy.358250 (B) 20180923
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.PBW 20180923
F-Secure Gen:Variant.Razy.358250 20180923
Fortinet MSIL/GenKryptik.BLNS!tr 20180923
GData Gen:Variant.Razy.358250 20180923
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan-PSW.Win32.Agent.gen 20180923
MAX malware (ai score=89) 20180924
McAfee Trojan-FGZT!81FDD260E85D 20180923
McAfee-GW-Edition BehavesLike.Win32.Generic.bh 20180923
Microsoft TrojanSpy:MSIL/Golroted.A 20180923
eScan Gen:Variant.Razy.358250 20180923
NANO-Antivirus Trojan.Win32.Kryptik.fhzvjs 20180923
Panda Trj/GdSda.A 20180923
Qihoo-360 HEUR/QVM03.0.10F3.Malware.Gen 20180924
Rising Trojan.Kryptik!8.8 (CLOUD) 20180923
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180923
Symantec Trojan.Gen.2 20180923
Tencent Win32.Trojan-qqpass.Qqrob.Ebqz 20180924
ZoneAlarm by Check Point HEUR:Trojan-PSW.Win32.Agent.gen 20180924
AegisLab 20180923
AhnLab-V3 20180923
Alibaba 20180921
Antiy-AVL 20180924
Avast-Mobile 20180923
AVware 20180923
Babable 20180918
Baidu 20180914
Bkav 20180921
CAT-QuickHeal 20180923
ClamAV 20180923
CMC 20180923
Comodo 20180924
Cyren 20180923
DrWeb 20180923
eGambit 20180924
F-Prot 20180923
Ikarus 20180923
Jiangmin 20180924
K7AntiVirus 20180923
K7GW 20180923
Kingsoft 20180924
Malwarebytes 20180924
Palo Alto Networks (Known Signatures) 20180924
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180924
TheHacker 20180920
TotalDefense 20180923
TrendMicro 20180924
TrendMicro-HouseCall 20180924
Trustlook 20180924
VBA32 20180921
VIPRE 20180924
ViRobot 20180923
Webroot 20180924
Yandex 20180922
Zillya 20180922
Zoner 20180923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name VSL_358748500.exe
Internal name VSL_358748500.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 06:40:32
Entry Point 0x000B010E
Number of sections 3
.NET details
Module Version ID 9f9c7035-3a8d-4dd9-985b-f0ce87dc60e1
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
4608

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
VSL_358748500.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:09:19 07:40:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VSL_358748500.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
713216

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0xb010e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 81fdd260e85dc0e3252c11b9c0705825
SHA1 c83a9a40cee06fecbc1eddb53ee3f83ad9af8c52
SHA256 b3900f2d5889092137848579ce0433963a599f43a8f63723f21f898b3cebcceb
ssdeep
12288:v5VOlAdlmZlllK2Vq+adx9ZC2FdpOAGkyGa4PKieAUk3r1/:RNdIrc+adxHXdpOAG9GnePk3Z

authentihash 797323f744ab3525387f30ca666c2e857919f43590c8bfee50238f7af5955e22
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 701.5 KB ( 718336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly ftp

VirusTotal metadata
First submission 2018-09-24 01:14:46 UTC ( 1 month, 2 weeks ago )
Last submission 2018-09-24 01:14:46 UTC ( 1 month, 2 weeks ago )
File names VSL_358748500.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections