× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c02d7d1be2cc24e524b378375ec1751418e7c39ffebcc849814928690314e734
File name: Kayato.exe
Detection ratio: 51 / 68
Analysis date: 2018-06-19 16:37:41 UTC ( 4 days, 18 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30890010 20180619
AegisLab Uds.Dangerousobject.Multi!c 20180619
AhnLab-V3 Trojan/Win32.Kryptik.C2543425 20180619
ALYac Trojan.GenericKD.30890010 20180619
Arcabit Trojan.Generic.D1D7581A 20180619
Avast Win32:Malware-gen 20180619
AVG Win32:Malware-gen 20180619
Avira (no cloud) TR/AD.LokiBot.mgjun 20180619
AVware Trojan.Win32.Generic!BT 20180618
BitDefender Trojan.GenericKD.30890010 20180619
CAT-QuickHeal Trojan.Azden 20180619
Comodo UnclassifiedMalware 20180619
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.edc8d8 20180225
Cylance Unsafe 20180619
Cyren W32/Msil.TCWQ-5216 20180619
DrWeb Trojan.Inject3.587 20180619
Emsisoft Trojan.GenericKD.30890010 (B) 20180619
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/Kryptik.OGF 20180619
F-Prot W32/Msil.GHJ 20180619
F-Secure Trojan.GenericKD.30890010 20180619
Fortinet MSIL/Kryptik.OGF!tr 20180619
GData Trojan.GenericKD.30890010 20180619
Ikarus Trojan.MSIL.Inject 20180619
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 00533faa1 ) 20180619
K7GW Trojan ( 00533faa1 ) 20180619
Kaspersky HEUR:Trojan-Spy.MSIL.Agent.gen 20180619
Malwarebytes Spyware.LokiBot 20180619
MAX malware (ai score=95) 20180619
McAfee GenericRXFQ-BS!10AA4EE25434 20180619
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20180619
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180619
eScan Trojan.GenericKD.30890010 20180619
NANO-Antivirus Trojan.Win32.Inject3.fdgbkd 20180619
Palo Alto Networks (Known Signatures) generic.ml 20180619
Panda Trj/CI.A 20180619
Qihoo-360 Win32/Trojan.Spy.b3d 20180619
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180619
Symantec Infostealer.Lokibot 20180619
Tencent Msil.Trojan-spy.Agent.Dwtm 20180619
TrendMicro TROJ_FRS.VSN1DE18 20180619
TrendMicro-HouseCall TROJ_FRS.VSN1DE18 20180619
VBA32 TScope.Trojan.MSIL 20180619
VIPRE Trojan.Win32.Generic!BT 20180619
Webroot W32.Trojan.Gen 20180619
Yandex Trojan.Kryptik!4191gBnua0o 20180618
Zillya Trojan.Agent.Win32.896835 20180619
ZoneAlarm by Check Point HEUR:Trojan-Spy.MSIL.Agent.gen 20180619
Alibaba 20180619
Antiy-AVL 20180619
Avast-Mobile 20180619
Babable 20180406
Baidu 20180615
Bkav 20180619
ClamAV 20180619
CMC 20180619
eGambit 20180619
Jiangmin 20180619
Kingsoft 20180619
Rising 20180619
SUPERAntiSpyware 20180619
Symantec Mobile Insight 20180619
TACHYON 20180619
TheHacker 20180613
TotalDefense 20180619
Trustlook 20180619
ViRobot 20180619
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Kayato
Original name Kayato.exe
Internal name Kayato.exe
File version 1.0.0.0
Description Kayato
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-28 00:29:55
Entry Point 0x0002E9FE
Number of sections 3
.NET details
Module Version ID c2930db5-4703-4b88-9f3f-f4db45395652
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
164352

EntryPoint
0x2e9fe

OriginalFileName
Kayato.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
1.0.0.0

TimeStamp
2018:05:28 01:29:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Kayato.exe

ProductVersion
1.0.0.0

FileDescription
Kayato

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
183296

ProductName
Kayato

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 10aa4ee254349517a0e95592f431d293
SHA1 321cd30edc8d8813389f057a0672753673393252
SHA256 c02d7d1be2cc24e524b378375ec1751418e7c39ffebcc849814928690314e734
ssdeep
6144:4wV/1flUeLN1d0ecMYSFJaAo1xPwqaW9sjdiCyNQhhOXUl8Ja:4wV9l9LdlcMZo1xPwjc0

authentihash ae99d858dbe059c4250441c683e297a483ad30a535191cfdad92d2527819ae2e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-28 06:11:35 UTC ( 3 weeks, 6 days ago )
Last submission 2018-06-19 16:37:41 UTC ( 4 days, 18 hours ago )
File names Kayato.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections