× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d68375f4547966956d1867a6373fa37c4a10989a5521082f466c05ef08e5f69f
File name: crypted.120.exe
Detection ratio: 2 / 57
Analysis date: 2015-08-20 11:56:11 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot 20150820
McAfee Packed-FF!060786D36AF2 20150820
Ad-Aware 20150820
AegisLab 20150820
Yandex 20150819
Alibaba 20150820
ALYac 20150820
Antiy-AVL 20150820
Arcabit 20150820
Avast 20150820
AVG 20150820
Avira (no cloud) 20150820
AVware 20150820
Baidu-International 20150820
BitDefender 20150820
Bkav 20150820
ByteHero 20150820
CAT-QuickHeal 20150819
ClamAV 20150820
CMC 20150819
Comodo 20150820
Cyren 20150820
DrWeb 20150820
Emsisoft 20150820
ESET-NOD32 20150820
F-Prot 20150820
F-Secure 20150820
Fortinet 20150820
GData 20150820
Ikarus 20150820
Jiangmin 20150819
K7AntiVirus 20150820
K7GW 20150820
Kaspersky 20150820
Kingsoft 20150820
Malwarebytes 20150820
McAfee-GW-Edition 20150820
Microsoft 20150820
eScan 20150820
NANO-Antivirus 20150820
nProtect 20150820
Panda 20150820
Qihoo-360 20150820
Rising 20150817
Sophos AV 20150820
SUPERAntiSpyware 20150820
Symantec 20150819
Tencent 20150820
TheHacker 20150820
TotalDefense 20150820
TrendMicro 20150820
TrendMicro-HouseCall 20150820
VBA32 20150820
VIPRE 20150820
ViRobot 20150820
Zillya 20150820
Zoner 20150820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-24 07:36:09
Entry Point 0x0003148E
Number of sections 3
.NET details
Module Version ID 2cd84843-a700-4d35-992e-255592e60ad8
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ROMANIAN 1
HUNGARIAN DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
11776

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
727..707

TimeStamp
2005:02:24 08:36:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TurbineBalancingTelephone.exe

BineBalancingTelephoneexe
4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
194048

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x3148e

ObjectFileType
Executable application

File identification
MD5 060786d36af20bbc743e2d829591f96e
SHA1 0e05cb453ab7893eee609e2e5656a67be8c9c34a
SHA256 d68375f4547966956d1867a6373fa37c4a10989a5521082f466c05ef08e5f69f
ssdeep
6144:wzW4JbOjaWIOhX8UQwcsAaEidASDvXiP9:oWIOhMUQwSbidjzXA

authentihash a1a89207a15fc475516f3b22bb3510d33b0c66d2f448bd20e97f4a721107200d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 201.5 KB ( 206336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-08-20 11:56:11 UTC ( 3 years, 2 months ago )
Last submission 2018-10-04 11:25:16 UTC ( 1 month, 1 week ago )
File names crypted.120.exe
060786d36af20bbc743e2d829591f96e.vir
B3mlTU.xlt
bvnfffffffff.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!