× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d60fba8fbae75980457fe7399dcfa56117b01885bd3679f35c9e62cc9ad33903
File name: suchost..exe
Detection ratio: 52 / 57
Analysis date: 2016-10-17 15:27:20 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.MSIL.Agent.BJN 20161017
AegisLab Worm.Msil.Agent!c 20161017
AhnLab-V3 Worm/Win32.Agent.N1749682845 20161017
ALYac Trojan.MSIL.Agent.BJN 20161017
Arcabit Trojan.MSIL.Agent.BJN 20161017
Avast MSIL:Agent-ABU [Trj] 20161017
AVG Generic27.BIHM 20161017
Avira (no cloud) TR/Spy.Gen8 20161017
AVware Worm.MSIL.Mofin.a (v) 20161017
Baidu Win32.Worm.Agent.x 20161017
BitDefender Trojan.MSIL.Agent.BJN 20161017
Bkav W32.VertonkitLTAAAAG.Trojan 20161017
CAT-QuickHeal Worm.Necast.A3 20161017
ClamAV Win.Trojan.Agent-1344665 20161017
Comodo Worm.MSIL.Agent.AY 20161017
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/A-2523d6d2!Eldorado 20161017
DrWeb Trojan.Siggen3.38290 20161017
Emsisoft Trojan.MSIL.Agent.BJN (B) 20161017
ESET-NOD32 MSIL/Agent.AY 20161017
F-Prot W32/A-2523d6d2!Eldorado 20161017
F-Secure Trojan.MSIL.Agent.BJN 20161017
Fortinet MSIL/Agent.QBS!tr 20161017
GData Trojan.MSIL.Agent.BJN 20161017
Ikarus Worm.Win32.Msil 20161017
Sophos ML worm.msil.mofin.a 20160928
Jiangmin Worm.MSIL.aaf 20161017
K7AntiVirus NetWorm ( 0040f2cb1 ) 20161017
K7GW NetWorm ( 0040f2cb1 ) 20161017
Kaspersky Worm.MSIL.Agent.aet 20161017
Malwarebytes Trojan.Agent.MSIL 20161017
McAfee GenericRXAE-NK!9C749F3B21DA 20161017
McAfee-GW-Edition BehavesLike.Win32.Malware.dt 20161017
Microsoft Worm:MSIL/Mofin.A 20161017
eScan Trojan.MSIL.Agent.BJN 20161017
NANO-Antivirus Trojan.Win32.Agent.cqkyab 20161017
nProtect Trojan/W32.Agent.229376.ALD 20161017
Panda Generic Malware 20161016
Qihoo-360 Win32/Trojan.Spy.155 20161017
Rising Trojan.FakeFolder@CV!1.6ABA (classic) 20161017
Sophos AV Mal/MSIL-EY 20161017
SUPERAntiSpyware Worm.Necast 20161017
Symantec W32.SillyFDC 20161017
Tencent Msil.Worm.Agent.Hvsu 20161017
TotalDefense Win32/Tnega.ASFT 20160920
TrendMicro WORM_MOFIN.SM23 20161017
TrendMicro-HouseCall WORM_MOFIN.SM23 20161017
VBA32 Trojan.MSIL.Agent 20161017
VIPRE Worm.MSIL.Mofin.a (v) 20161017
Yandex Worm.Agent!uu5+XH/5gtA 20161016
Zillya Worm.Agent.Win32.24791 20161016
Zoner Trojan.Generic 20161017
Alibaba 20161017
Antiy-AVL 20161017
CMC 20161017
Kingsoft 20161017
TheHacker 20161016
ViRobot 20161017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011

Product WindowsFormsApplication5
Original name WindowsFormsApplication5.exe
Internal name WindowsFormsApplication5.exe
File version 1.0.0.0
Description Host Process for Windows Services
Comments Host Process for Windows Services
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00005E1E
Number of sections 3
.NET details
Module Version ID e395e0e4-dd99-4c0b-950a-1917cd4ef52a
TypeLib ID c427b839-4281-417b-85d9-a6960db7031f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Host Process for Windows Services

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Host Process for Windows Services

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
89088

EntryPoint
0x5e1e

OriginalFileName
WindowsFormsApplication5.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
1.0.0.0

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
WindowsFormsApplication5.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
16384

ProductName
WindowsFormsApplication5

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 9c749f3b21da6769d33f7c990d229fc7
SHA1 f9c318281af5eb7f6d00f2fbc4ddfe9a0f2f7cfa
SHA256 d60fba8fbae75980457fe7399dcfa56117b01885bd3679f35c9e62cc9ad33903
ssdeep
3072:q3BPXZf7nECworDBqhElSksQ9na/tK88sWR:q3znqksQRa/8vxR

authentihash 52d44b270546e9a8039ee9576e1ffd7b6562f862007ee2a3d220a03c3559ad35
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-10-26 17:40:18 UTC ( 3 years, 5 months ago )
Last submission 2015-10-26 17:40:18 UTC ( 3 years, 5 months ago )
File names suchost..exe
WindowsFormsApplication5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!