× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4efb09b30ba297b45bf90d06811e5a93b4849d3cd87b4ef7f6be41fa172750e
File name: payload_1.exe
Detection ratio: 17 / 68
Analysis date: 2018-08-10 22:15:16 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Gen.C706795 20180810
Avira (no cloud) TR/ATRAPS.Gen 20180810
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20180810
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.a4128b 20180225
Cylance Unsafe 20180810
ESET-NOD32 a variant of MSIL/Kryptik.PFC 20180810
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 005376ae1 ) 20180810
K7GW Trojan ( 005376ae1 ) 20180810
Kaspersky UDS:DangerousObject.Multi.Generic 20180810
Malwarebytes Trojan.Crypt.Generic 20180810
Microsoft Trojan:Win32/Fuerboos.A!cl 20180810
Qihoo-360 HEUR/QVM03.0.1971.Malware.Gen 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180810
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180810
Ad-Aware 20180810
AegisLab 20180810
Alibaba 20180713
ALYac 20180810
Antiy-AVL 20180810
Arcabit 20180810
Avast 20180810
Avast-Mobile 20180810
AVG 20180810
AVware 20180810
Babable 20180725
BitDefender 20180810
Bkav 20180810
CAT-QuickHeal 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
Cyren 20180810
DrWeb 20180810
eGambit 20180810
Emsisoft 20180810
Endgame 20180730
F-Prot 20180810
F-Secure 20180810
Fortinet 20180810
GData 20180810
Ikarus 20180810
Jiangmin 20180810
Kingsoft 20180810
MAX 20180810
McAfee 20180810
McAfee-GW-Edition 20180810
eScan 20180810
NANO-Antivirus 20180810
Palo Alto Networks (Known Signatures) 20180810
Panda 20180810
Rising 20180810
Sophos AV 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
Tencent 20180810
TheHacker 20180807
TotalDefense 20180810
TrendMicro 20180810
TrendMicro-HouseCall 20180810
Trustlook 20180810
VBA32 20180810
VIPRE 20180810
ViRobot 20180810
Webroot 20180810
Yandex 20180810
Zillya 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft OneDrive
Original name newCI.exe
Internal name newCI.exe
File version 18.111.0603.0006
Description Microsoft OneDrive
Comments uyonarojufenuvuqanopup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1991-03-09 08:50:45
Entry Point 0x000DC00A
Number of sections 5
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
uyonarojufenuvuqanopup

InitializedDataSize
84480

ImageVersion
0.0

ProductName
Microsoft OneDrive

FileVersionNumber
18.111.603.6

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
newCI.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
18.111.0603.0006

TimeStamp
1991:03:09 09:50:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
newCI.exe

ProductVersion
18.111.0603.0006

FileDescription
Microsoft OneDrive

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
793600

FileSubtype
0

ProductVersionNumber
18.111.603.6

EntryPoint
0xdc00a

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 9cbbb8e45aaa1e952c723827cc97552d
SHA1 bf737fda4128bd9be47a6337d7df04ef5c86c95f
SHA256 c4efb09b30ba297b45bf90d06811e5a93b4849d3cd87b4ef7f6be41fa172750e
ssdeep
12288:eHVfUVUiHVfUVUi6jSqWRZJW5FPoeFb4tISVati:BS4dCHWzoe+eSVMi

authentihash 60537b00efd60da754ff68c318cb67ada7b2484ef2aeeecae0a67a30edc9e05a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 858.5 KB ( 879104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-08-10 22:15:16 UTC ( 7 months, 1 week ago )
Last submission 2018-09-03 12:35:08 UTC ( 6 months, 2 weeks ago )
File names 1OneDrive.exe
newCI.exe
payload_1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!