× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cce7f783df7bff7564a016a51c4176c068ef011cd61bc6e258cc3e3b0d177071
File name: 85A7.tmp.exe
Detection ratio: 52 / 69
Analysis date: 2018-12-08 18:31:14 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.346829 20181208
AegisLab Trojan.Win32.Generic.4!c 20181208
AhnLab-V3 Backdoor/Win32.MSILKrypt.C2411034 20181208
ALYac Gen:Variant.Razy.346829 20181208
Antiy-AVL Trojan/Win32.Tiggre 20181208
Arcabit Trojan.Razy.D54ACD 20181208
Avast Win32:Trojan-gen 20181208
AVG Win32:Trojan-gen 20181208
Avira (no cloud) BDS/Backdoor.Gen 20181208
BitDefender Gen:Variant.Razy.346829 20181208
CAT-QuickHeal Trojan.Generic 20181208
Comodo Malware@#3ijb56lmumcz0 20181208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.26c626 20180225
Cylance Unsafe 20181208
Cyren W32/Trojan.EAKN-7175 20181208
DrWeb Trojan.DownLoader27.18258 20181208
eGambit Unsafe.AI_Score_85% 20181208
Emsisoft Gen:Variant.Razy.346829 (B) 20181208
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/IRCBot.EY 20181208
F-Secure Gen:Variant.Razy.346829 20181208
Fortinet MSIL/IRCBot.EY!tr 20181208
GData Gen:Variant.Razy.346829 20181208
Ikarus Trojan.MSIL.IRCBot 20181208
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cufzw 20181208
K7AntiVirus Backdoor ( 005177c31 ) 20181208
K7GW Backdoor ( 005177c31 ) 20181208
Kaspersky HEUR:Trojan.Win32.Generic 20181208
Malwarebytes Trojan.Dropper.Generic 20181208
MAX malware (ai score=100) 20181208
McAfee Generic.dzm 20181208
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20181208
Microsoft Trojan:Win32/Occamy.C 20181208
eScan Gen:Variant.Razy.346829 20181208
NANO-Antivirus Trojan.Win32.IRCBot.fjuxts 20181208
Palo Alto Networks (Known Signatures) generic.ml 20181208
Panda Trj/GdSda.A 20181208
Qihoo-360 Win32/Trojan.97b 20181208
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181208
Symantec Trojan Horse 20181208
Tencent Win32.Trojan.Generic.Wozy 20181208
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R058C0OJV18 20181208
TrendMicro-HouseCall TROJ_GEN.R058C0OJV18 20181208
VBA32 TScope.Trojan.MSIL 20181207
ViRobot Trojan.Win32.Z.Ircbot.679936 20181208
Webroot W32.Malware.gen 20181208
Zillya Trojan.Generic.Win32.341814 20181208
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181208
Alibaba 20180921
Avast-Mobile 20181208
Babable 20180918
Baidu 20181207
Bkav 20181206
ClamAV 20181208
CMC 20181207
F-Prot 20181208
Kingsoft 20181208
Rising 20181208
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181208
TheHacker 20181202
TotalDefense 20181208
Trustlook 20181208
Yandex 20181207
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product svchost
Original name svchost.exe
Internal name svchost.exe
File version 1.0.0.0
Description svchost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-26 16:20:46
Entry Point 0x000AE00A
Number of sections 5
.NET details
Module Version ID 9864d7a1-c94d-4f65-a70d-1792c7aa37c9
TypeLib ID 88b6efb0-83b0-4cbd-a2d9-3a37200bd51b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
svchost

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
169984

EntryPoint
0xae00a

OriginalFileName
svchost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2018:10:26 18:20:46+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
svchost.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
508928

ProductName
svchost

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Execution parents
File identification
MD5 60eab9926c6263b2e7abe8d9d4b76d36
SHA1 ec40b20cbcf17832d0646aad5c2e4a4d054240af
SHA256 cce7f783df7bff7564a016a51c4176c068ef011cd61bc6e258cc3e3b0d177071
ssdeep
12288:VdT2PrhcEL8opXyXkkPpi6z9bcX2HM7/ezJMk3M+KhTQqpWzCWWC/UHqe++GXVjA:zTq38opXEbcwrrB5

authentihash 46bc022052b2eadcdf96733b18b5daac91472ee70feeefee093b8951ef2510be
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 664.0 KB ( 679936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-10-31 15:41:12 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-26 08:38:37 UTC ( 4 months ago )
File names DzzrssyohY.exe
svchoster.exe
drcqhb.exe
svchost.exe
setup.exe
MHJcB8HJZW.exe
85A7.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!