× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcd4131b8018bb86acdd31544bcfb325d1980982c2923ebbd7fee61270b5baa8
File name: demot.exe
Detection ratio: 43 / 65
Analysis date: 2018-05-29 23:51:23 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30780356 20180529
AegisLab Troj.Dropper.Gen!c 20180529
ALYac Trojan.GenericKD.30780356 20180529
Arcabit Trojan.Generic.D1D5ABC4 20180529
Avast Win32:GenX 20180529
AVG Win32:GenX 20180529
Avira (no cloud) TR/Dropper.Gen 20180529
AVware Trojan.Win32.Generic!BT 20180529
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20180529
CAT-QuickHeal Trojan.IGENERIC 20180529
Comodo .UnclassifiedMalware 20180529
Cylance Unsafe 20180530
Cyren W32/MSIL_Troj.CK.gen!Eldorado 20180530
DrWeb Trojan.Starter.6222 20180529
Emsisoft Trojan.GenericKD.30780356 (B) 20180529
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Kryptik.ODC 20180529
F-Prot W32/MSIL_Troj.CK.gen!Eldorado 20180530
F-Secure Trojan.GenericKD.30780356 20180530
Fortinet MSIL/GenKryptik.BZNY!tr 20180530
Ikarus Trojan.MSIL.Krypt 20180529
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005316d61 ) 20180529
K7GW Trojan ( 005316d61 ) 20180529
Kaspersky Trojan-PSW.Win32.Fareit.eajs 20180529
Malwarebytes Spyware.Pony 20180529
MAX malware (ai score=95) 20180530
McAfee RDN/Generic PWS.y 20180529
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ft 20180529
eScan Trojan.GenericKD.30780356 20180529
NANO-Antivirus Trojan.Win32.Fareit.fcfsow 20180529
Palo Alto Networks (Known Signatures) generic.ml 20180530
Panda Trj/GdSda.A 20180529
Qihoo-360 Win32/Trojan.PSW.9e3 20180530
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180529
Symantec Infostealer.Limitail 20180530
Tencent Win32.Trojan-qqpass.Qqrob.Fhw 20180530
TrendMicro TROJ_GEN.R002C0WEE18 20180529
TrendMicro-HouseCall TROJ_GEN.R002C0WEE18 20180530
VIPRE Trojan.Win32.Generic!BT 20180530
Yandex Trojan.PWS.Fareit!DFYA3YP/eOQ 20180529
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.eajs 20180529
AhnLab-V3 20180529
Alibaba 20180529
Antiy-AVL 20180529
Avast-Mobile 20180529
Babable 20180406
Bkav 20180529
ClamAV 20180529
CMC 20180529
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180530
GData 20180529
Jiangmin 20180529
Kingsoft 20180530
Microsoft 20180529
nProtect 20180529
Rising 20180529
SUPERAntiSpyware 20180529
Symantec Mobile Insight 20180525
TheHacker 20180524
TotalDefense 20180529
Trustlook 20180530
VBA32 20180529
ViRobot 20180529
Webroot 20180530
Zillya 20180528
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-12 19:02:53
Entry Point 0x0005107E
Number of sections 2
.NET details
Module Version ID 15b92dd7-3446-40e8-a233-bbb392574d81
PE sections
PE imports
_CorExeMain
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:12 20:02:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
324096

LinkerVersion
8.0

EntryPoint
0x5107e

InitializedDataSize
512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 08600c80c771335f4edcb2eb9ce03b97
SHA1 83c6034b0b25790b13c284d710126427e78e8f75
SHA256 bcd4131b8018bb86acdd31544bcfb325d1980982c2923ebbd7fee61270b5baa8
ssdeep
6144:GxBhXn6Jqva4XWhdUZlzCiHZlKd0Z+nAjcC:GxBh36Jqv12dU7zPHLKu+6X

authentihash 7eb71d64e999de4befa96afb1510b8f4bcff653bf401b9abe13dd5dc73c06fba
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 317.5 KB ( 325120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-12 19:03:55 UTC ( 3 months, 1 week ago )
Last submission 2018-05-20 00:21:37 UTC ( 3 months ago )
File names demot.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications