| SHA256: | bd0e53472e21fbf28a87eedf0457e4a92a2659339fa7e3aea5659f474d400d1b |
| File name: | pronto.exe |
| Detection ratio: | 22 / 54 |
| Analysis date: | 2016-07-07 08:03:42 UTC ( 2 years, 7 months ago ) |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Gen:Variant.Kazy.570500 | 20160707 |
| ALYac | Gen:Variant.Kazy.570500 | 20160707 |
| Arcabit | Trojan.Kazy.D8B484 | 20160707 |
| AVG | MSIL7.CAFT | 20160707 |
| Avira (no cloud) | TR/Inject.sbbeiko | 20160707 |
| Baidu | MSIL.Trojan.Injector.l | 20160706 |
| BitDefender | Gen:Variant.Kazy.570500 | 20160707 |
| DrWeb | Trojan.DownLoader12.46082 | 20160707 |
| Emsisoft | Gen:Variant.Kazy.570500 (B) | 20160707 |
| ESET-NOD32 | a variant of MSIL/Injector.IKV | 20160707 |
| F-Secure | Gen:Variant.Kazy.570500 | 20160707 |
| Fortinet | MSIL/Injector.IFP!tr | 20160707 |
| GData | Gen:Variant.Kazy.570500 | 20160707 |
| Ikarus | Trojan.MSIL.Nagoot | 20160707 |
| K7GW | Trojan ( 004b9e641 ) | 20160707 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20160707 |
| Malwarebytes | Trojan.PasswordStealer | 20160707 |
| McAfee | GenericRXAA-YW!18AB4735326C | 20160707 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.kh | 20160707 |
| Microsoft | Trojan:MSIL/Nagoot.A | 20160707 |
| eScan | Gen:Variant.Kazy.570500 | 20160707 |
| Sophos AV | Troj/MSIL-EBL | 20160707 |
| AegisLab | 20160707 | |
| AhnLab-V3 | 20160706 | |
| Alibaba | 20160707 | |
| Antiy-AVL | 20160707 | |
| Avast | 20160707 | |
| AVware | 20160707 | |
| Bkav | 20160706 | |
| CAT-QuickHeal | 20160707 | |
| ClamAV | 20160707 | |
| CMC | 20160704 | |
| Comodo | 20160707 | |
| Cyren | 20160707 | |
| F-Prot | 20160707 | |
| Jiangmin | 20160707 | |
| K7AntiVirus | 20160707 | |
| Kingsoft | 20160707 | |
| NANO-Antivirus | 20160707 | |
| nProtect | 20160707 | |
| Panda | 20160706 | |
| Qihoo-360 | 20160707 | |
| SUPERAntiSpyware | 20160707 | |
| Symantec | 20160707 | |
| Tencent | 20160707 | |
| TheHacker | 20160707 | |
| TotalDefense | 20160707 | |
| TrendMicro | 20160707 | |
| TrendMicro-HouseCall | 20160707 | |
| VBA32 | 20160706 | |
| VIPRE | 20160707 | |
| ViRobot | 20160707 | |
| Zillya | 20160707 | |
| Zoner | 20160707 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Original name pronto.exe
Internal name pronto.exe
File version 1.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-07 02:19:41
Entry Point 0x0001247E
Number of sections 3
.NET details
Module Version ID
bedd6d60-2d4d-4a3b-9df8-9c61683aa0e6
PE sections
PE imports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0
InitializedDataSize
1536
ImageVersion
0.0
FileVersionNumber
1.0.0.0
LanguageCode
Neutral
FileFlagsMask
0x003f
CharacterSet
Unicode
LinkerVersion
8.0
FileTypeExtension
exe
OriginalFileName
pronto.exe
MIMEType
application/octet-stream
FileVersion
1.0.0.0
TimeStamp
2016:07:07 03:19:41+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
pronto.exe
ProductVersion
1.0.0.0
SubsystemVersion
4.0
OSVersion
4.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CodeSize
67072
FileSubtype
0
ProductVersionNumber
1.0.0.0
EntryPoint
0x1247e
ObjectFileType
Executable application
AssemblyVersion
1.0.0.0
Compressed bundles
File identification
MD5 18ab4735326c35377e28d918efd26183
SHA1 7f400c24a32dd599191e3768de8f90b91e97389a
SHA256 bd0e53472e21fbf28a87eedf0457e4a92a2659339fa7e3aea5659f474d400d1b
ssdeep
1536:Ft8B10utH+gdlcuRFZs/QryLgP3rlFT4POsv5HK:P8NeC7LH3rlFMPOwHK
File size
67.5 KB ( 69120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
| TrID |
Generic CIL Executable (.NET, Mono, etc.) (56.7%) Win64 Executable (generic) (21.4%) Windows screen saver (10.1%) Win32 Dynamic Link Library (generic) (5.0%) Win32 Executable (generic) (3.4%) |
Tags
peexe
assembly
VirusTotal metadata
First submission
2016-07-07 08:03:42 UTC ( 2 years, 7 months ago )
Last submission
2016-07-07 08:03:42 UTC ( 2 years, 7 months ago )
| File names |
6a9b9c6314dccd64a36ac2a995d15ac7.exe lomkjwq.exe pronto.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.