× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d714ddf5fe17e3bd1d59b7cb55fe506f13385db5954a1d8c1a1ff4194c1c3908
File name: amd3.exe
Detection ratio: 42 / 66
Analysis date: 2018-04-13 19:28:06 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30598849 20180413
AegisLab Troj.W32.Generic!c 20180413
ALYac Trojan.GenericKD.30598849 20180413
Arcabit Trojan.Generic.D1D2E6C1 20180413
Avast Win32:Malware-gen 20180413
AVG Win32:Malware-gen 20180413
Avira (no cloud) TR/AD.CoinMiner.knmkh 20180413
BitDefender Trojan.GenericKD.30598849 20180413
Bkav W32.HfsAutoB.D0AD 20180410
Comodo .UnclassifiedMalware 20180413
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180413
Cyren W32/Trojan.QQJF-6819 20180413
eGambit PE.Heur.InvalidSig 20180413
Emsisoft Trojan.GenericKD.30598849 (B) 20180413
ESET-NOD32 a variant of Win32/Packed.Themida.ARW 20180413
F-Secure Trojan.GenericKD.30598849 20180413
Fortinet W32/Generic!tr 20180413
GData Trojan.GenericKD.30598849 20180413
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052d81d1 ) 20180413
K7GW Trojan ( 0052d81d1 ) 20180413
Kaspersky HEUR:Trojan.Win32.Generic 20180413
Malwarebytes Trojan.BitCoinMiner 20180413
MAX malware (ai score=83) 20180413
McAfee Artemis!F4FDAF7B3940 20180413
McAfee-GW-Edition Artemis!Trojan 20180413
Microsoft Trojan:Win32/CoinMiner.C!cl 20180413
eScan Trojan.GenericKD.30598849 20180413
Palo Alto Networks (Known Signatures) generic.ml 20180413
Panda Trj/CI.A 20180413
Qihoo-360 Win32/Trojan.d38 20180413
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180413
Symantec Trojan.Gen.2 20180413
Tencent Win32.Trojan.Falsesign.Efkv 20180413
TrendMicro-HouseCall TROJ_GEN.R060H0CDD18 20180413
VBA32 BScope.Trojan.Agent 20180413
VIPRE Trojan.Win32.Generic!BT 20180413
ViRobot Trojan.Win32.Z.Agent.2114856.A 20180413
Webroot W32.Trojan.GenKD 20180413
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180413
AhnLab-V3 20180413
Alibaba 20180413
Antiy-AVL 20180413
Avast-Mobile 20180413
AVware 20180413
Baidu 20180413
CAT-QuickHeal 20180413
ClamAV 20180413
CMC 20180413
Cybereason 20180225
DrWeb 20180413
Endgame 20180403
F-Prot 20180413
Ikarus 20180413
Jiangmin 20180413
Kingsoft 20180413
NANO-Antivirus 20180413
nProtect 20180413
Rising 20180413
SUPERAntiSpyware 20180413
Symantec Mobile Insight 20180412
TheHacker 20180410
Trustlook 20180413
WhiteArmor 20180408
Yandex 20180412
Zillya 20180413
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2015 Rxuhokbfn Inc. All rights reserved Uepubjw.

Original name obzgcus.exe
File version 6.5.7.32
Signature verification The digital signature of the object did not verify.
Signing date 3:55 PM 1/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-11 09:15:47
Entry Point 0x00528000
Number of sections 6
PE sections
Overlays
MD5 a2c3b32e0f08eabff7071e4e756f20f7
File type data
Offset 2098176
Size 16680
Entropy 7.35
PE imports
InitCommonControls
Number of PE resources by type
RT_VERSION 1
ATAWKSDWB 1
RT_MANIFEST 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
893952

ImageVersion
0.0

FileVersionNumber
6.5.7.32

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
ASCII

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
obzgcus.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.5.7.32

TimeStamp
2018:04:11 10:15:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.5.7.32

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015 Rxuhokbfn Inc. All rights reserved Uepubjw.

MachineType
Intel 386 or later, and compatibles

CompanyName
Rxuhokbfn Inc.

CodeSize
160768

FileSubtype
0

ProductVersionNumber
6.5.7.32

EntryPoint
0x528000

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f4fdaf7b3940442bace70114804a5beb
SHA1 7092dea37d5b77f1a5ad7358efd924ae49381e93
SHA256 d714ddf5fe17e3bd1d59b7cb55fe506f13385db5954a1d8c1a1ff4194c1c3908
ssdeep
49152:GRVSFTRlZFeGI3w/ZKTXpL/b9V+aUpKi6pzeKDnAgWZ2Zgd:HTRJeGI1TXpLDf9+6deSgZV

authentihash 17079c5671b5e6b34fafe977eb47db13efabdeb6f2232ee8bf18dfb8d793ccbb
imphash baa93d47220682c04d92f7797d9224ce
File size 2.0 MB ( 2114856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-04-13 01:11:21 UTC ( 10 months, 2 weeks ago )
Last submission 2019-01-22 14:56:27 UTC ( 1 month ago )
File names 230a6f87-414b-11e8-a52a-80e65024849a.exe
myfile.exe
230a6f87-414b-11e8-a52a-80e65024849a.file
MicrosoftCare.exe
230a6f87-414b-11e8-a52a-80e65024849a.file
230a6f87-414b-11e8-a52a-80e65024849a.exe
output.113092717.txt
obzgcus.exe
230a6f87-414b-11e8-a52a-80e65024849a.file
amd3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!