× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd53fa137a69474de7e06a216c7d3056bda9129621104987b6918abb3bbc690a
File name: 50a9218c891453c00b498029315ac680
Detection ratio: 21 / 70
Analysis date: 2018-11-29 05:12:55 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20181129
AVG FileRepMetagen [Malware] 20181129
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181129
Cyren W32/MSIL_Injector.PY.gen!Eldorado 20181129
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.QGU 20181129
F-Prot W32/MSIL_Injector.PY.gen!Eldorado 20181129
Fortinet MSIL/Kryptik.QGU!tr 20181129
Sophos ML heuristic 20181128
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen 20181129
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20181129
MAX malware (ai score=99) 20181129
McAfee Artemis!50A9218C8914 20181129
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20181129
Qihoo-360 Win32/Trojan.Spy.beb 20181129
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181129
Trapmine malicious.high.ml.score 20181126
TrendMicro-HouseCall TROJ_GEN.R020H0CKS18 20181129
ZoneAlarm by Check Point HEUR:Trojan-Spy.MSIL.Noon.gen 20181129
Ad-Aware 20181129
AegisLab 20181129
AhnLab-V3 20181128
Alibaba 20180921
ALYac 20181129
Antiy-AVL 20181128
Arcabit 20181129
Avast-Mobile 20181128
Avira (no cloud) 20181129
Babable 20180918
Baidu 20181128
BitDefender 20181129
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cybereason 20180225
DrWeb 20181129
eGambit 20181129
Emsisoft 20181129
F-Secure 20181129
GData 20181129
Ikarus 20181128
Jiangmin 20181129
K7AntiVirus 20181129
K7GW 20181129
Kingsoft 20181129
Microsoft 20181129
eScan 20181129
NANO-Antivirus 20181129
Palo Alto Networks (Known Signatures) 20181129
Panda 20181128
Rising 20181129
Sophos AV 20181129
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181129
Tencent 20181129
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181129
Trustlook 20181129
VBA32 20181128
VIPRE 20181129
ViRobot 20181128
Webroot 20181129
Yandex 20181128
Zillya 20181128
Zoner 20181129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 E.I. Du Pont de Nemours and Company

Product Custom error handler
Original name pfinn.exe
Internal name pfinn.exe
File version 4.8.14.1
Description Custom error handler
Comments emegurofitasawic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1972-01-21 20:23:49
Entry Point 0x000B436E
Number of sections 3
.NET details
Module Version ID 0016057c-54ea-4131-84df-77f4a39c32ce
TypeLib ID 823c5203-a2f0-4543-97ae-38a11d7448ec
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
emegurofitasawic

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.8.14.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Custom error handler

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0xb436e

OriginalFileName
pfinn.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 E.I. Du Pont de Nemours and Company

FileVersion
4.8.14.1

TimeStamp
1972:01:21 21:23:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pfinn.exe

ProductVersion
4.8.14.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
E.I. Du Pont de Nemours and Company

CodeSize
730112

ProductName
Custom error handler

ProductVersionNumber
4.8.14.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Execution parents
File identification
MD5 50a9218c891453c00b498029315ac680
SHA1 50a62e9f6d556bf88d1511ce3234a989c1210205
SHA256 cd53fa137a69474de7e06a216c7d3056bda9129621104987b6918abb3bbc690a
ssdeep
12288:JE7G5emYFHyqNPPgBxZUQptIX1SXtfEGzRZt86I6md1AxLFNNO1jSh:uSSH7NPWXXtdl787t1Cymh

authentihash 73f1ea273f5eef26fcce36c2eb6c64dc863183c5db8fce4446db53c83ce34b74
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 716.0 KB ( 733184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-11-28 20:17:05 UTC ( 4 months, 3 weeks ago )
Last submission 2019-01-22 03:59:39 UTC ( 3 months ago )
File names 50a9218c891453c00b498029315ac680
cd53fa137a69474de7e06a216c7d3056bda9129621104987b6918abb3bbc690a_pf.exe
spoolcolorlv.exe
pfinn.exe
50a9218c891453c00b498029315ac680
spoolcolorlv.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!