× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd49f04c15e595f7f4d9a10326918c977fe352c822dde7380c2d7047835061f4
File name: DOOMx64.exe
Detection ratio: 48 / 61
Analysis date: 2017-06-05 16:49:56 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4570357 20170605
AegisLab Troj.Spy.Msil.Omaneat!c 20170605
ALYac Trojan.GenericKD.4570357 20170605
Arcabit Trojan.Generic.D45BCF5 20170605
Avast Win32:Malware-gen 20170605
AVG MSIL11.AELG 20170605
Avira (no cloud) TR/Dropper.MSIL.mnmpu 20170605
AVware Trojan.Win32.Generic!BT 20170605
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9751 20170601
BitDefender Trojan.GenericKD.4570357 20170605
CAT-QuickHeal TrojanSpy.Omaneat 20170605
Comodo TrojWare.MSIL.Injector.~RLT 20170605
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Trojan.QNEM-5512 20170605
DrWeb Trojan.DownLoader23.56310 20170605
Emsisoft Trojan.GenericKD.4570357 (B) 20170605
ESET-NOD32 a variant of MSIL/Injector.RLT 20170605
F-Secure Trojan.GenericKD.4570357 20170605
Fortinet MSIL/Injector.RLT!tr 20170605
GData Trojan.GenericKD.4570357 20170605
Ikarus Trojan.MSIL.Injector 20170605
Sophos ML trojan.win32.skeeyah.a!rfn 20170604
K7AntiVirus Trojan ( 005065061 ) 20170605
K7GW Trojan ( 005065061 ) 20170605
Kaspersky Trojan-Spy.MSIL.Omaneat.caz 20170605
Malwarebytes Trojan.Injector.MSIL 20170605
McAfee Artemis!5703DA3070A8 20170605
McAfee-GW-Edition BehavesLike.Win32.Simfect.tc 20170605
Microsoft TrojanSpy:MSIL/Omaneat.B 20170605
eScan Trojan.GenericKD.4570357 20170605
NANO-Antivirus Trojan.Win32.Omaneat.emkymj 20170605
nProtect Trojan-Spy/W32.Agent.1350144.B 20170605
Palo Alto Networks (Known Signatures) generic.ml 20170605
Panda Trj/GdSda.A 20170605
Qihoo-360 Win32/Trojan.Spy.621 20170605
Rising Trojan.Injector!8.C4 (cloud:3FpLYyoQDzN) 20170605
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170605
Symantec Trojan.Gen 20170605
Tencent Win32.Trojan.Generic.Stkd 20170605
TrendMicro-HouseCall TSPY_OMANEAT.GFRL 20170605
VBA32 TrojanSpy.MSIL.Omaneat 20170605
VIPRE Trojan.Win32.Generic!BT 20170605
ViRobot Trojan.Win32.S.Agent.1350144.G[h] 20170605
Webroot W32.Trojan.GenKD 20170605
Yandex TrojanSpy.Omaneat! 20170602
Zillya Trojan.Omaneat.Win32.456 20170602
ZoneAlarm by Check Point Trojan-Spy.MSIL.Omaneat.caz 20170605
AhnLab-V3 20170605
Alibaba 20170605
Bkav 20170605
ClamAV 20170605
CMC 20170605
Endgame 20170515
F-Prot 20170605
Jiangmin 20170605
Kingsoft 20170605
SUPERAntiSpyware 20170605
Symantec Mobile Insight 20170605
TheHacker 20170605
TotalDefense 20170605
TrendMicro 20170605
Trustlook 20170605
WhiteArmor 20170601
Zoner 20170605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name DOOMx64.exe
Internal name DOOMx64.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-09 22:37:44
Entry Point 0x0015000A
Number of sections 5
.NET details
Module Version ID 07b16024-c089-4c8e-a374-f0b26877cbb1
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49664

EntryPoint
0x15000a

OriginalFileName
DOOMx64.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:03:09 23:37:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DOOMx64.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1299456

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 5703da3070a8998b2955e4907df2bf4d
SHA1 940d20c3b2179078e471a60c967baa69949877fd
SHA256 bd49f04c15e595f7f4d9a10326918c977fe352c822dde7380c2d7047835061f4
ssdeep
24576:G0AsBtnxHvpE+pi3C6IbmhTQGgm5UIHbq75ZmW6NerMceDDXlUD:G0/nxHvpE+piBQmhUGJe8bq77MsQce/U

authentihash 99b88befb43790b1c21d0bb48a297f305a7ff0879fb6d2724919eaf59c6d0f69
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.3 MB ( 1350144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-11 11:48:42 UTC ( 4 months, 1 week ago )
Last submission 2017-06-05 16:49:56 UTC ( 1 month, 2 weeks ago )
File names 5703da3070a8998b2955e4907df2bf4d
DOOMx64.exe
zd.exe
5703da3070a8998b2955e4907df2bf4d.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections
UDP communications