× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba1724250dd2ac9d67e33db2897d55070bfa6b2ecef835aa683e2afd3259ee48
File name: m0zhfm0q.3qo
Detection ratio: 49 / 61
Analysis date: 2017-03-24 13:02:50 UTC ( 3 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.22390 20170324
AegisLab Troj.W32.Gen.lwW2 20170324
AhnLab-V3 Backdoor/Win32.Azbreg.R147998 20170324
ALYac Gen:Variant.Zusy.22390 20170324
Antiy-AVL Trojan[Dropper]/Win32.Injector 20170324
Arcabit Trojan.Zusy.D5776 20170324
Avast Win32:Malware-gen 20170324
AVG Dropper.Small.WRO 20170324
Avira (no cloud) TR/Dropper.MSIL.Gen 20170324
AVware Trojan.Win32.Generic!BT 20170324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9914 20170323
BitDefender Gen:Variant.Zusy.22390 20170324
CAT-QuickHeal TrojanDropper.Demp 20170324
ClamAV Win.Trojan.Ainslot-152 20170324
CMC Trojan-Dropper.Win32.Demp!O 20170324
Comodo UnclassifiedMalware 20170324
CrowdStrike Falcon (ML) malicious_confidence_89% (W) 20170130
DrWeb Trojan.DownLoader5.31868 20170324
Emsisoft Gen:Variant.Zusy.22390 (B) 20170324
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Ainslot.AA 20170324
F-Secure Gen:Variant.Zusy.22390 20170324
Fortinet W32/Ainslot.AA 20170324
GData Gen:Variant.Zusy.22390 20170324
Ikarus Trojan.MSIL.Agent 20170324
Jiangmin Trojan/Jorik.dnsl 20170324
K7AntiVirus Riskware ( 0015e4f01 ) 20170324
K7GW Riskware ( 0015e4f01 ) 20170324
Kaspersky HEUR:Trojan.Win32.Generic 20170324
McAfee RDN/Generic Dropper 20170324
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20170324
Microsoft Worm:Win32/Ainslot.A 20170324
eScan Gen:Variant.Zusy.22390 20170324
NANO-Antivirus Trojan.Win32.Ainslot.dtkyyi 20170324
Palo Alto Networks (Known Signatures) generic.ml 20170324
Panda Generic Malware 20170324
Qihoo-360 Win32/Trojan.abb 20170324
Sophos AV Mal/Generic-S 20170324
Symantec Trojan.Gen 20170324
Tencent Win32.Worm.Ainslot.Hsid 20170324
TheHacker Trojan/Ainslot.aa 20170321
TrendMicro TROJ_DROPPER.ZWG 20170324
TrendMicro-HouseCall TROJ_DROPPER.ZWG 20170324
VBA32 TrojanDropper.Injector 20170323
VIPRE Trojan.Win32.Generic!BT 20170324
Webroot W32.Worm.Gen 20170324
Yandex Worm.Ainslot!cLz9LNprKUs 20170323
Zillya Dropper.Demp.Win32.1035 20170323
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170324
Alibaba 20170324
Cyren 20170324
F-Prot 20170324
Sophos ML 20170203
Kingsoft 20170324
Malwarebytes 20170324
nProtect 20170324
Rising 20170324
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170324
Symantec Mobile Insight 20170324
TotalDefense 20170324
Trustlook 20170324
ViRobot 20170324
WhiteArmor 20170315
Zoner 20170324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2002-2010 Mark Russinovich and Bryce Cogswell

Product Sysinternals autoruns
Original name autoruns.exe
Internal name Sysinternals Autoruns
File version 10.07
Description Autostart program viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-12 17:26:51
Entry Point 0x0000D41E
Number of sections 3
.NET details
Module Version ID 4957ffb4-3b0d-49a9-b037-a21ed7ea3a61
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
347136

EntryPoint
0xd41e

OriginalFileName
autoruns.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2002-2010 Mark Russinovich and Bryce Cogswell

FileVersion
10.07

TimeStamp
2012:03:12 18:26:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sysinternals Autoruns

ProductVersion
10.07

FileDescription
Autostart program viewer

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
46592

ProductName
Sysinternals autoruns

ProductVersionNumber
10.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 919374a229038ab2a8752790709ff7fc
SHA1 173efc2873c83dbf9a84a3337a80b3cb60ac3496
SHA256 ba1724250dd2ac9d67e33db2897d55070bfa6b2ecef835aa683e2afd3259ee48
ssdeep
6144:rGp+nGfqqeIZaJTwHN7ERQ9jB79Xii4iqQr9wA6XSF9Qott6C8lL4UPUus11YYPh:6QnXqeIcaHN7EW9R9dDqRAZ6R0xz

authentihash de45c741dd205c0ca2ed38bb27a97970b522609d1e5ece5d580889132fba4a06
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 385.0 KB ( 394240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2012-03-15 20:15:50 UTC ( 5 years, 4 months ago )
Last submission 2017-03-24 13:02:50 UTC ( 3 months, 4 weeks ago )
File names setup.exe
IEShims.exe
setup.exe
setup.exe
IEShims.exe
IEShims.exe
file-6369170_exe
autoruns.exe
setup.exe
919374A229038AB2A8752790709FF7FC
1341405347.919374A229038AB2A8752790709FF7FC
m0zhfm0q.3qo
Sysinternals Autoruns
setup.exe
setup.exe
setup (1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!