× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce2acd499a0c2dcac7bfd368d802a0efa95f26f1f0adf454360a50c72e3550bc
File name: jo.exe
Detection ratio: 21 / 67
Analysis date: 2018-03-23 12:41:33 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20180323
AVG Win32:Malware-gen 20180323
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.296775 20180225
Cylance Unsafe 20180323
DrWeb Trojan.PWS.Stealer.19347 20180323
eGambit Unsafe.AI_Score_92% 20180323
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of MSIL/Kryptik.NBM 20180323
Ikarus Trojan.MSIL.Agent 20180323
Sophos ML heuristic 20180121
Kaspersky Backdoor.Win32.Androm.pjhl 20180323
Malwarebytes Spyware.AgentTesla.MSIL.Generic 20180323
McAfee Artemis!DC66D298F127 20180323
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20180323
Panda Trj/GdSda.A 20180323
Qihoo-360 HEUR/QVM03.0.03E9.Malware.Gen 20180323
SentinelOne (Static ML) static engine - malicious 20180225
Tencent Win32.Backdoor.Androm.Wtdm 20180323
ZoneAlarm by Check Point Backdoor.Win32.Androm.pjhl 20180323
Ad-Aware 20180323
AegisLab 20180323
AhnLab-V3 20180323
Alibaba 20180323
ALYac 20180323
Antiy-AVL 20180323
Arcabit 20180323
Avast-Mobile 20180323
Avira (no cloud) 20180323
AVware 20180323
BitDefender 20180323
Bkav 20180322
CAT-QuickHeal 20180322
ClamAV 20180323
CMC 20180323
Comodo 20180323
Cyren 20180323
Emsisoft 20180323
F-Prot 20180323
F-Secure 20180323
Fortinet 20180323
GData 20180323
Jiangmin 20180323
K7AntiVirus 20180323
K7GW 20180323
Kingsoft 20180323
MAX 20180323
Microsoft 20180323
eScan 20180323
NANO-Antivirus 20180323
nProtect 20180323
Palo Alto Networks (Known Signatures) 20180323
Rising 20180323
Sophos AV 20180323
SUPERAntiSpyware 20180323
Symantec 20180323
Symantec Mobile Insight 20180311
TheHacker 20180319
TotalDefense 20180323
TrendMicro 20180323
TrendMicro-HouseCall 20180323
Trustlook 20180323
VBA32 20180323
VIPRE 20180323
ViRobot 20180323
WhiteArmor 20180223
Yandex 20180323
Zillya 20180322
Zoner 20180323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-21 20:35:10
Entry Point 0x000375FE
Number of sections 3
.NET details
Module Version ID 04508655-540c-44e8-ab4e-8b3cc1a18650
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
DIVEHI DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:21 21:35:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
8.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
20480

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x375fe

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 dc66d298f12764114c8212e4bbf3ed00
SHA1 344b813296775c149c666de2ffc881b9833a1933
SHA256 ce2acd499a0c2dcac7bfd368d802a0efa95f26f1f0adf454360a50c72e3550bc
ssdeep
6144:iC69N/1B05fmunEB1SFocVIxubylYM9Pxpe/rrQrrrrrrrrrrrLrrrrrNrrr:iCcmfmunWTe/rrQrrrrrrrrrrrLrrrrB

authentihash 4b481e00a48880b1e815eb91e78e15ec673062a974b6cd0ed5cad1c1e6b6596a
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-03-23 11:06:14 UTC ( 1 year, 1 month ago )
Last submission 2019-04-03 02:29:49 UTC ( 1 month, 2 weeks ago )
File names 26ab62ab-310e-11e8-9f4a-80e65024849a.file
26ab62ab-310e-11e8-9f4a-80e65024849a.file
26ab62ab-310e-11e8-9f4a-80e65024849a.file
26ab62ab-310e-11e8-9f4a-80e65024849a.file
jo.exe
output.113032402.txt
jo.exe
26ab62ab-310e-11e8-9f4a-80e65024849a.file
dc66d298f12764114c8212e4bbf3ed00.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections