× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d396ef334f7becc08ca44d4dde02d282929d9a24bcd2f216dd04b8e46fb12341
File name: Afzfz6787.exe
Detection ratio: 53 / 68
Analysis date: 2017-11-19 16:10:33 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.MSIL.Agent.CUT 20171119
AegisLab Troj.W32.Generic!c 20171119
AhnLab-V3 Win-Trojan/ADM01.Exp 20171119
ALYac Trojan.MSIL.Agent.CUT 20171119
Antiy-AVL Trojan/Win32.AGeneric 20171119
Arcabit Trojan.MSIL.Agent.CUT 20171119
Avast Win32:Malware-gen 20171119
AVG Win32:Malware-gen 20171119
Avira (no cloud) ADWARE/EoRezo.usimk 20171119
AVware Trojan.Win32.Generic!BT 20171118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20171117
BitDefender Trojan.MSIL.Agent.CUT 20171119
CAT-QuickHeal Trojan.Generic 20171118
Comodo UnclassifiedMalware 20171119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171119
Cyren W32/S-df4dae5e!Eldorado 20171119
DrWeb Adware.WizzMonetize.1 20171119
Emsisoft Trojan.MSIL.Agent.CUT (B) 20171119
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Kryptik.LGY 20171119
F-Prot W32/S-df4dae5e!Eldorado 20171119
F-Secure Trojan.MSIL.Agent.CUT 20171119
Fortinet MSIL/Kryptik.KZF!tr 20171119
GData Trojan.MSIL.Agent.CUT 20171119
Ikarus Trojan.MSIL.Agent 20171119
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.bllym 20171117
K7AntiVirus Trojan ( 00514c561 ) 20171117
K7GW Trojan ( 00514c561 ) 20171119
Kaspersky HEUR:Trojan.Win32.Generic 20171119
MAX malware (ai score=100) 20171119
McAfee RDN/Generic PUP.x 20171119
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20171119
eScan Trojan.MSIL.Agent.CUT 20171119
NANO-Antivirus Trojan.Win32.WizzMonetize.ethhqh 20171119
Palo Alto Networks (Known Signatures) generic.ml 20171119
Panda Trj/GdSda.A 20171119
Qihoo-360 Win32/Application.e82 20171119
Rising Trojan.MSIL/Kryptik!1.AD40 (CLASSIC) 20171119
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Kryptik-AQ 20171119
SUPERAntiSpyware PUP.Tuto4PC/Variant 20171119
Symantec Trojan.Gen.2 20171118
Tencent Win32.Trojan.Generic.Wqdf 20171119
TrendMicro TROJ_GEN.R002C0WJ617 20171119
TrendMicro-HouseCall TROJ_GEN.R002C0WJ617 20171119
VIPRE Trojan.Win32.Generic!BT 20171119
Webroot W32.Adware.Gen 20171119
Yandex Trojan.Agent!XMhu5BshFWc 20171118
Zillya Trojan.Kryptik.Win32.1273004 20171117
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171119
Alibaba 20170911
Avast-Mobile 20171119
Bkav 20171118
ClamAV 20171119
CMC 20171119
eGambit 20171119
Kingsoft 20171119
Malwarebytes 20171119
Microsoft 20171118
nProtect 20171119
Symantec Mobile Insight 20171117
TheHacker 20171117
TotalDefense 20171119
Trustlook 20171119
VBA32 20171117
ViRobot 20171119
WhiteArmor 20171104
Zoner 20171119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 5046

Product L
Original name Afzfz6787.exe
Internal name Afzfz6787.exe
File version 0.6.4.4
Description L8V
Comments L8V2BPXQ8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-05 13:32:17
Entry Point 0x000A3D0A
Number of sections 3
.NET details
Module Version ID 9061b33f-3d33-47b2-8f47-084b1d41927d
TypeLib ID f78b4040-4bd0-4820-b0f1-118d7f098c90
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
L8V2BPXQ8

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.4.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
L8V

CharacterSet
Unicode

InitializedDataSize
5120

EntryPoint
0xa3d0a

OriginalFileName
Afzfz6787.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 5046

FileVersion
0.6.4.4

TimeStamp
2017:10:05 14:32:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Afzfz6787.exe

ProductVersion
0.6.4.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
L8V2BPX

CodeSize
663040

ProductName
L

ProductVersionNumber
0.6.4.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
6.4.8.2

File identification
MD5 6f235b636255e1fdf5c773cd25dbd43f
SHA1 bfd5ab5561de983be8ee825f3ae59dc6abf1b341
SHA256 d396ef334f7becc08ca44d4dde02d282929d9a24bcd2f216dd04b8e46fb12341
ssdeep
12288:bzBy3wWTHLYOGHwY1HQQXEKN/VcC0HtWAQjzYrN:/BydYOGQY1HrXE8cWAQj0x

authentihash 883a7c147e8c441043a23e39fe9309a298a32308a8ea20105a7b005a05b1c1f3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 653.0 KB ( 668672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (72.2%)
Windows screen saver (12.9%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.4%)
Generic Win/DOS Executable (1.9%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-10-05 15:22:16 UTC ( 3 months, 2 weeks ago )
Last submission 2017-10-05 15:22:16 UTC ( 3 months, 2 weeks ago )
File names M4AZDG604.exe
Afzfz6787.exe
M4AZDG604.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications