× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b93ff48cfccad40d1205f89a596d8d94106487487fff4501498dba6f271219a2
Detection ratio: 26 / 67
Analysis date: 2018-05-19 10:52:04 UTC ( 4 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20180519
AVG Win32:Malware-gen 20180519
Avira (no cloud) TR/Dropper.Gen 20180519
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180518
CAT-QuickHeal Trojan.Generic.FC.3552 20180518
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180519
eGambit Unsafe.AI_Score_99% 20180519
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Injector.SHI 20180519
Fortinet MSIL/Injector.SYT!tr 20180519
Ikarus Trojan-Spy.Agent 20180519
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005265a71 ) 20180519
K7GW Trojan ( 005265a71 ) 20180519
Kaspersky HEUR:Trojan.Win32.Generic 20180519
McAfee Packed-XI!7517AC2D42D8 20180519
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180519
Palo Alto Networks (Known Signatures) generic.ml 20180519
Qihoo-360 HEUR/QVM03.0.4421.Malware.Gen 20180519
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180518
Tencent Win32.Trojan.Generic.Aexr 20180519
TrendMicro BKDR_ASDROP.SMZVP 20180519
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180519
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180519
Ad-Aware 20180519
AegisLab 20180519
AhnLab-V3 20180519
Alibaba 20180518
ALYac 20180519
Antiy-AVL 20180519
Arcabit 20180519
Avast-Mobile 20180518
AVware 20180519
Babable 20180406
BitDefender 20180519
Bkav 20180518
ClamAV 20180519
CMC 20180519
Comodo 20180519
Cybereason None
Cyren 20180519
DrWeb 20180519
Emsisoft 20180519
F-Prot 20180519
F-Secure 20180519
GData 20180519
Jiangmin 20180519
Kingsoft 20180519
Malwarebytes 20180519
MAX 20180519
Microsoft 20180518
eScan 20180519
NANO-Antivirus 20180519
nProtect 20180519
Panda 20180519
Rising 20180519
Sophos AV 20180519
SUPERAntiSpyware 20180519
Symantec Mobile Insight 20180518
TheHacker 20180516
TotalDefense 20180519
Trustlook 20180519
VBA32 20180518
VIPRE 20180519
ViRobot 20180519
Webroot 20180519
Yandex 20180518
Zillya 20180516
Zoner 20180518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-18 04:00:06
Entry Point 0x0013252E
Number of sections 4
.NET details
Module Version ID 5d0835f9-3ecb-43fc-b6fa-28ee573e308c
PE sections
Overlays
MD5 3996e6d3b780d947ce11afce80374005
File type ASCII text
Offset 1253888
Size 6288
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:05:18 05:00:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1246720

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
6144

SubsystemVersion
4.0

EntryPoint
0x13252e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7517ac2d42d866786c8d0b9d68619066
SHA1 16baa0591c3049a5d40ec0f11be49e287a7d97e0
SHA256 b93ff48cfccad40d1205f89a596d8d94106487487fff4501498dba6f271219a2
ssdeep
24576:VdQNUTlAHupFmMcKoswGkYMebB0tfLAN68CYNBUjWR9qkIqVNTL86Qh:/QfHuhohG31OAg8rNBzqKVN0x

authentihash a9ab7183344488eee84b3c46dd6c0b9f6f6608ea93f9f52a1e9ccea3314d5f02
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.2 MB ( 1260176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-19 10:52:04 UTC ( 4 months ago )
Last submission 2018-05-19 10:52:04 UTC ( 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections