× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9bb03434543a682bd2d368591e3907c325293d9e11c01a9e4f2615a3689e301
File name: assemblychange.exe
Detection ratio: 40 / 56
Analysis date: 2015-10-27 00:28:23 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.MSILKrypt.4 20151027
Yandex Trojan.PWS.Agent!1NTgVuW3Md0 20151026
AhnLab-V3 Trojan/Win32.HDC 20151027
ALYac Gen:Variant.MSILKrypt.4 20151027
Antiy-AVL Trojan[PSW]/MSIL.Agent 20151027
Avast Win32:Malware-gen 20151027
Avira (no cloud) TR/ATRAPS.Gen 20151027
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Trojan.MSIL.Agent.PFT 20151026
BitDefender Gen:Variant.MSILKrypt.4 20151027
Comodo UnclassifiedMalware 20151027
DrWeb BackDoor.Siggen.57574 20151027
Emsisoft Gen:Variant.MSILKrypt.4 (B) 20151027
ESET-NOD32 a variant of MSIL/Agent.PFT 20151027
F-Secure Gen:Variant.MSILKrypt.4 20151027
Fortinet MSIL/Agent.PFT!tr 20151026
GData Gen:Variant.MSILKrypt.4 20151027
Ikarus Trojan-PSW.MSIL.Agent 20151027
Jiangmin Trojan/PSW.MSIL.chn 20151026
K7AntiVirus Trojan ( 0049b0e41 ) 20151026
K7GW Trojan ( 0049b0e41 ) 20151027
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes HackTool.Agent.ACGen 20151026
McAfee Artemis!C8629F20469F 20151027
McAfee-GW-Edition Artemis!Trojan 20151027
Microsoft Trojan:Win32/Dacic.A!rfn 20151027
eScan Gen:Variant.MSILKrypt.4 20151027
NANO-Antivirus Trojan.Win32.ATRAPS.dasxlz 20151026
Panda Generic Malware 20151026
Qihoo-360 Win32/Trojan.948 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos AV Mal/Generic-S 20151027
Symantec Trojan.Gen 20151026
Tencent Win32.Trojan.Generic.Syri 20151027
TotalDefense Win32/Tnega.VAXbWMB 20151026
TrendMicro TROJ_SPNV.03F914 20151027
TrendMicro-HouseCall TROJ_SPNV.03F914 20151027
VBA32 TrojanPSW.MSIL.Agent 20151026
VIPRE Trojan.Win32.Generic!BT 20151027
Zillya Trojan.Agent.Win32.469152 20151026
AegisLab 20151026
Alibaba 20151027
Arcabit 20151027
AVG 20151026
Bkav 20151026
ByteHero 20151027
CAT-QuickHeal 20151027
ClamAV 20151027
CMC 20151026
Cyren 20151027
F-Prot 20151027
nProtect 20151026
SUPERAntiSpyware 20151027
TheHacker 20151026
ViRobot 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
X9GeMurQyxm3jyLIThuaW6so8lzwu9

Publisher pYVzNEEi9lKQgOTWAfEJdzhjt0LrzD
Product dCB7qkFvFyqeNwH3AKxdgjiVqicQ1G
Original name assemblychange.exe
Internal name assemblychange.exe
File version 9.0.3.7
Description to3iJLLR1gyZqQyZAZnT4n983GOCjN
Comments L1wdFdxBs9aOMHbSt9swtvoKRqJJ06
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-06 19:27:56
Entry Point 0x00108B0E
Number of sections 3
.NET details
Module Version ID ee293746-ddf3-4c6c-a502-788928fb11fc
TypeLib ID 56a868c0-0ad4-11ce-b03a-0020af0ba770
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 13
RT_GROUP_ICON 2
ZISK 1
RT_MANIFEST 1
XF9D 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 19
PE resources
ExifTool file metadata
CodeSize
1076224

SubsystemVersion
4.0

Comments
L1wdFdxBs9aOMHbSt9swtvoKRqJJ06

InitializedDataSize
365568

ImageVersion
0.0

ProductName
dCB7qkFvFyqeNwH3AKxdgjiVqicQ1G

FileVersionNumber
9.0.3.7

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
assemblychange.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.0.3.7

TimeStamp
2014:06:06 20:27:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
assemblychange.exe

ProductVersion
9.0.3.7

FileDescription
to3iJLLR1gyZqQyZAZnT4n983GOCjN

OSVersion
4.0

FileOS
Win32

LegalCopyright
X9GeMurQyxm3jyLIThuaW6so8lzwu9

MachineType
Intel 386 or later, and compatibles

CompanyName
pYVzNEEi9lKQgOTWAfEJdzhjt0LrzD

LegalTrademarks
JGi4bXSp7CSyoLICOVejgdH8ov4Do1

FileSubtype
0

ProductVersionNumber
9.0.3.7

EntryPoint
0x108b0e

ObjectFileType
Executable application

AssemblyVersion
1.2.0.9

File identification
MD5 c8629f20469f8b704b48a1b5b10f4aaa
SHA1 d931b0f3271085d1a0c7ca5133010a98cc32b50d
SHA256 c9bb03434543a682bd2d368591e3907c325293d9e11c01a9e4f2615a3689e301
ssdeep
24576:qBL0oIbn+BezODBQ9L0wbvMViupwtzA4AM82K5RtB:qKoun+BeCQ9L0GvgiCwtzAVM82Q

authentihash 10460dee469bd16771b521cfc5bf8d1c35e2aceecce79e15cd09b4fb1c2a1e6b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.4 MB ( 1442304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (45.4%)
InstallShield setup (26.7%)
Win64 Executable (generic) (17.1%)
Win32 Dynamic Link Library (generic) (4.0%)
Win32 Executable (generic) (2.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-06-06 19:34:15 UTC ( 4 years, 3 months ago )
Last submission 2014-06-12 17:22:21 UTC ( 4 years, 3 months ago )
File names file-7080788_exe
eo0VEgl.dot
assemblychange.exe
thug.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests