× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5d44bbd2e0e1f33dc6e411dfee3675314e91da44f11a538579e3c4eeafb3699
File name: output.114634645.txt
Detection ratio: 43 / 68
Analysis date: 2018-12-11 05:22:17 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40813048 20181210
Arcabit Trojan.Generic.D26EC1F8 20181210
Avast Win32:RATX-gen [Trj] 20181210
AVG Win32:RATX-gen [Trj] 20181210
Avira (no cloud) TR/Dropper.Gen 20181210
BitDefender Trojan.GenericKD.40813048 20181210
CAT-QuickHeal Trojan.MSIL.Disfa.hfpj.FC.4367 20181210
Comodo Malware@#h6boshw15jb7 20181210
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.a6827a 20180225
Cylance Unsafe 20181211
DrWeb Trojan.DownLoader26.8638 20181211
eGambit Unsafe.AI_Score_96% 20181211
Emsisoft Trojan.GenericKD.40813048 (B) 20181211
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.LRA 20181211
F-Secure Trojan.GenericKD.40813048 20181211
Fortinet MSIL/Kryptik.LRA!tr 20181211
GData Trojan.GenericKD.40813048 20181211
Ikarus Trojan-Spy.Agent 20181211
Sophos ML heuristic 20181128
Jiangmin Trojan.MSIL.kqsr 20181211
K7AntiVirus Trojan ( 0051d9f31 ) 20181211
K7GW Trojan ( 0051d9f31 ) 20181211
Kaspersky HEUR:Trojan.MSIL.NanoBot.gen 20181211
Malwarebytes Trojan.MalPack.MSIL.Generic 20181211
MAX malware (ai score=100) 20181211
McAfee RDN/Generic.grp 20181211
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20181210
Microsoft Trojan:MSIL/Redlonam.A 20181211
eScan Trojan.GenericKD.40813048 20181211
NANO-Antivirus Trojan.Win32.NanoBot.fkwwfj 20181211
Palo Alto Networks (Known Signatures) generic.ml 20181211
Panda Trj/GdSda.A 20181210
Qihoo-360 Win32/Trojan.BO.573 20181211
Rising Dropper.Generic!8.35E (CLOUD) 20181211
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181211
Symantec Trojan Horse 20181211
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R020C0DL418 20181211
TrendMicro-HouseCall TROJ_GEN.R020C0DL418 20181211
ZoneAlarm by Check Point HEUR:Trojan.MSIL.NanoBot.gen 20181211
AegisLab 20181210
AhnLab-V3 20181210
Alibaba 20180921
Antiy-AVL 20181210
Avast-Mobile 20181210
Babable 20180918
Baidu 20181207
Bkav 20181210
ClamAV 20181210
CMC 20181210
Cyren 20181211
F-Prot 20181211
Kingsoft 20181211
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181211
Tencent 20181211
TheHacker 20181210
TotalDefense 20181210
Trustlook 20181211
VBA32 20181210
ViRobot 20181211
Webroot 20181211
Yandex 20181207
Zillya 20181211
Zoner 20181211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-04 02:17:06
Entry Point 0x000AC44E
Number of sections 4
.NET details
Module Version ID 747fb563-24eb-492b-9d96-e55df2f65ae4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:04 03:17:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
697856

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xac44e

InitializedDataSize
3584

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 41d368733e6415665c2888c965eaab29
SHA1 b74a053a6827a4cb64a94424b16a3c5b8337f682
SHA256 b5d44bbd2e0e1f33dc6e411dfee3675314e91da44f11a538579e3c4eeafb3699
ssdeep
12288:3JEljotTQY/YPNI4r3dSftkdlgj5bc6E1lqsouXhDjPhaaixm+:yolQlI4rtSSdlgFbcBas95jPwa9+

authentihash c5fe80151ff984bf265b54d447c3e6d4a600feeca22cc59f46e2cb12b2205203
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 686.0 KB ( 702464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-12-04 08:16:22 UTC ( 5 months, 2 weeks ago )
Last submission 2018-12-23 07:16:28 UTC ( 4 months, 4 weeks ago )
File names 1.com
windowsupdate.exe
windowsupdate.exe
41d368733e6415665c2888c965eaab29
output.114634645.txt
kiio.png
kiio[1].png
zbetcheckin_tracker_kiio.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications