× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd0e53472e21fbf28a87eedf0457e4a92a2659339fa7e3aea5659f474d400d1b
File name: pronto.exe
Detection ratio: 22 / 54
Analysis date: 2016-07-07 08:03:42 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.570500 20160707
ALYac Gen:Variant.Kazy.570500 20160707
Arcabit Trojan.Kazy.D8B484 20160707
AVG MSIL7.CAFT 20160707
Avira (no cloud) TR/Inject.sbbeiko 20160707
Baidu MSIL.Trojan.Injector.l 20160706
BitDefender Gen:Variant.Kazy.570500 20160707
DrWeb Trojan.DownLoader12.46082 20160707
Emsisoft Gen:Variant.Kazy.570500 (B) 20160707
ESET-NOD32 a variant of MSIL/Injector.IKV 20160707
F-Secure Gen:Variant.Kazy.570500 20160707
Fortinet MSIL/Injector.IFP!tr 20160707
GData Gen:Variant.Kazy.570500 20160707
Ikarus Trojan.MSIL.Nagoot 20160707
K7GW Trojan ( 004b9e641 ) 20160707
Kaspersky HEUR:Trojan.Win32.Generic 20160707
Malwarebytes Trojan.PasswordStealer 20160707
McAfee GenericRXAA-YW!18AB4735326C 20160707
McAfee-GW-Edition BehavesLike.Win32.Dropper.kh 20160707
Microsoft Trojan:MSIL/Nagoot.A 20160707
eScan Gen:Variant.Kazy.570500 20160707
Sophos AV Troj/MSIL-EBL 20160707
AegisLab 20160707
AhnLab-V3 20160706
Alibaba 20160707
Antiy-AVL 20160707
Avast 20160707
AVware 20160707
Bkav 20160706
CAT-QuickHeal 20160707
ClamAV 20160707
CMC 20160704
Comodo 20160707
Cyren 20160707
F-Prot 20160707
Jiangmin 20160707
K7AntiVirus 20160707
Kingsoft 20160707
NANO-Antivirus 20160707
nProtect 20160707
Panda 20160706
Qihoo-360 20160707
SUPERAntiSpyware 20160707
Symantec 20160707
Tencent 20160707
TheHacker 20160707
TotalDefense 20160707
TrendMicro 20160707
TrendMicro-HouseCall 20160707
VBA32 20160706
VIPRE 20160707
ViRobot 20160707
Zillya 20160707
Zoner 20160707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name pronto.exe
Internal name pronto.exe
File version 1.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-07 02:19:41
Entry Point 0x0001247E
Number of sections 3
.NET details
Module Version ID bedd6d60-2d4d-4a3b-9df8-9c61683aa0e6
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1536

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
pronto.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2016:07:07 03:19:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pronto.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
67072

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1247e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 18ab4735326c35377e28d918efd26183
SHA1 7f400c24a32dd599191e3768de8f90b91e97389a
SHA256 bd0e53472e21fbf28a87eedf0457e4a92a2659339fa7e3aea5659f474d400d1b
ssdeep
1536:Ft8B10utH+gdlcuRFZs/QryLgP3rlFT4POsv5HK:P8NeC7LH3rlFMPOwHK

authentihash c6dbfb12346c462e88646748bff9d3403a658c0a3c53cd59ae3f1580a84a17bc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 67.5 KB ( 69120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.4%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-07-07 08:03:42 UTC ( 2 years, 7 months ago )
Last submission 2016-07-07 08:03:42 UTC ( 2 years, 7 months ago )
File names 6a9b9c6314dccd64a36ac2a995d15ac7.exe
lomkjwq.exe
pronto.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications