× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c02d7d1be2cc24e524b378375ec1751418e7c39ffebcc849814928690314e734
File name: Kayato.exe
Detection ratio: 54 / 68
Analysis date: 2018-09-10 06:52:19 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30890010 20180910
AegisLab Uds.Dangerousobject.Multi!c 20180910
AhnLab-V3 Trojan/Win32.Kryptik.C2543425 20180910
ALYac Trojan.GenericKD.30890010 20180910
Arcabit Trojan.Generic.D1D7581A 20180910
Avast Win32:Malware-gen 20180910
AVG Win32:Malware-gen 20180910
Avira (no cloud) TR/LokiBot.mgjun 20180910
AVware Trojan.Win32.Generic!BT 20180910
BitDefender Trojan.GenericKD.30890010 20180910
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4 20180909
Comodo UnclassifiedMalware 20180910
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.edc8d8 20180225
Cylance Unsafe 20180910
Cyren W32/Msil.TCWQ-5216 20180910
DrWeb Trojan.Inject3.587 20180910
Emsisoft Trojan.GenericKD.30890010 (B) 20180910
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/PSW.Fareit.L 20180910
F-Prot W32/Msil.GHJ 20180910
F-Secure Trojan.GenericKD.30890010 20180910
Fortinet MSIL/Kryptik.OGF!tr 20180910
GData Win32.Trojan.Agent.3VIQAQ 20180910
Ikarus Trojan.MSIL.Inject 20180909
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00533faa1 ) 20180910
K7GW Trojan ( 00533faa1 ) 20180910
Kaspersky Trojan.MSIL.Agent.adumg 20180910
Malwarebytes Spyware.LokiBot 20180910
MAX malware (ai score=95) 20180910
McAfee Generic.azc 20180910
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20180910
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180910
eScan Trojan.GenericKD.30890010 20180910
NANO-Antivirus Trojan.Win32.Inject3.fdgbkd 20180910
Palo Alto Networks (Known Signatures) generic.ml 20180910
Panda Trj/WLT.D 20180909
Qihoo-360 Win32/Trojan.Spy.b3d 20180910
Rising Spyware.Agent!8.C6 (CLOUD) 20180910
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-L 20180910
Symantec Infostealer.Lokibot 20180909
Tencent Msil.Trojan-spy.Agent.Dwtm 20180910
TrendMicro TROJ_FRS.VSN1DE18 20180910
TrendMicro-HouseCall TROJ_FRS.VSN1DE18 20180910
VBA32 TScope.Trojan.MSIL 20180907
VIPRE Trojan.Win32.Generic!BT 20180910
ViRobot Trojan.Win32.Agent.348160.BA 20180910
Webroot W32.Trojan.Gen 20180910
Yandex Trojan.Kryptik!4191gBnua0o 20180908
Zillya Trojan.Agent.Win32.896835 20180908
ZoneAlarm by Check Point Trojan.MSIL.Agent.adumg 20180910
Zoner Trojan.Msil 20180910
Alibaba 20180713
Antiy-AVL 20180906
Avast-Mobile 20180910
Babable 20180907
Baidu 20180910
Bkav 20180906
ClamAV 20180910
CMC 20180910
eGambit 20180910
Jiangmin 20180910
Kingsoft 20180910
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180910
TheHacker 20180907
TotalDefense 20180910
Trustlook 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Kayato
Original name Kayato.exe
Internal name Kayato.exe
File version 1.0.0.0
Description Kayato
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-28 00:29:55
Entry Point 0x0002E9FE
Number of sections 3
.NET details
Module Version ID c2930db5-4703-4b88-9f3f-f4db45395652
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Kayato

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
164352

EntryPoint
0x2e9fe

OriginalFileName
Kayato.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
1.0.0.0

TimeStamp
2018:05:28 01:29:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Kayato.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
183296

ProductName
Kayato

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 10aa4ee254349517a0e95592f431d293
SHA1 321cd30edc8d8813389f057a0672753673393252
SHA256 c02d7d1be2cc24e524b378375ec1751418e7c39ffebcc849814928690314e734
ssdeep
6144:4wV/1flUeLN1d0ecMYSFJaAo1xPwqaW9sjdiCyNQhhOXUl8Ja:4wV9l9LdlcMZo1xPwjc0

authentihash ae99d858dbe059c4250441c683e297a483ad30a535191cfdad92d2527819ae2e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-28 06:11:35 UTC ( 3 months, 3 weeks ago )
Last submission 2018-09-10 06:52:19 UTC ( 1 week, 1 day ago )
File names Kayato.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections