× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d740394670d607815340a0e4bdbf4962235c31535fc2d18eaac329515b3eff2d
File name: krosbin.exe
Detection ratio: 32 / 66
Analysis date: 2019-03-28 03:45:10 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.RP.xmKfamkafbmi 20190328
AhnLab-V3 Trojan/Win32.Kryptik.C3126509 20190328
Arcabit Trojan.Heur.RP.xmKfamkafbmi 20190328
BitDefender Gen:Trojan.Heur.RP.xmKfamkafbmi 20190328
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.2e9a8c 20190327
DrWeb Trojan.Siggen8.20629 20190328
eGambit Unsafe.AI_Score_89% 20190328
Emsisoft Gen:Trojan.Heur.RP.xmKfamkafbmi (B) 20190328
Endgame malicious (moderate confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GRIL 20190328
FireEye Generic.mg.e5e1b1f2e9a8ca9f 20190328
Fortinet W32/Kryptik.GRIL!tr 20190328
GData Gen:Trojan.Heur.RP.xmKfamkafbmi 20190328
Ikarus Trojan.Inject 20190327
Sophos ML heuristic 20190313
K7AntiVirus Riskware ( 0040eff71 ) 20190327
K7GW Riskware ( 0040eff71 ) 20190327
Kaspersky UDS:DangerousObject.Multi.Generic 20190328
MAX malware (ai score=89) 20190328
McAfee GenericRXHH-AM!95D3CF261C30 20190328
Microsoft Trojan:Win32/Fuerboos.A!cl 20190328
eScan Gen:Trojan.Heur.RP.xmKfamkafbmi 20190328
NANO-Antivirus Trojan.Win32.GenKryptik.folmcl 20190328
Palo Alto Networks (Known Signatures) generic.ml 20190328
Qihoo-360 HEUR/QVM11.1.21B3.Malware.Gen 20190328
Rising Spyware.AveMaria!8.108C2/N3#97% (RDM+:cmRtazo2BnQcciseAdPyYB1Qjbq+) 20190328
SentinelOne (Static ML) DFI - Malicious PE 20190317
Tencent Win32.Trojan.Dropper.Amlt 20190328
Trapmine malicious.moderate.ml.score 20190325
TrendMicro-HouseCall TROJ_GEN.R04AH09CS19 20190328
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190328
Acronis 20190327
AegisLab 20190328
Alibaba 20190306
ALYac 20190328
Antiy-AVL 20190328
Avast 20190328
Avast-Mobile 20190327
AVG 20190328
Avira (no cloud) 20190328
Babable 20180918
Baidu 20190318
Bkav 20190327
CAT-QuickHeal 20190327
ClamAV 20190327
CMC 20190321
Comodo 20190328
Cyren 20190328
F-Secure 20190327
Jiangmin 20190328
Kingsoft 20190328
Malwarebytes 20190328
McAfee-GW-Edition 20190327
Panda 20190327
Sophos AV 20190328
SUPERAntiSpyware 20190328
Symantec Mobile Insight 20190325
TACHYON 20190328
TheHacker 20190327
TotalDefense 20190327
Trustlook 20190328
VBA32 20190327
ViRobot 20190327
Yandex 20190327
Zillya 20190327
Zoner 20190328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) misbestowal 2018

Product homeothermic
Original name maizer.exe
Internal name thivel.exe
File version 4.4.6.3
Description Kirsten
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-26 04:06:22
Entry Point 0x00076F50
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
ExtractIconExA
WinHelpA
CoInitialize
Number of PE resources by type
RT_ICON 9
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
262144

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.4.6.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Kirsten

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x76f50

OriginalFileName
maizer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) misbestowal 2018

FileVersion
4.4.6.3

TimeStamp
2019:03:26 05:06:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
thivel.exe

ProductVersion
2.5.8.8

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ossetish

CodeSize
225280

ProductName
homeothermic

ProductVersionNumber
2.5.8.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e5e1b1f2e9a8ca9f30db18336b7ba888
SHA1 e21c17d5f294a043b3be71a8f238c2e28e12706c
SHA256 d740394670d607815340a0e4bdbf4962235c31535fc2d18eaac329515b3eff2d
ssdeep
6144:Nl6WpKwCcezS7fKtqG9YvqgjJzKlqt61EebK1w:Nl6WYwCce27feqG+igdzK261PK1w

authentihash 0aaee05ad84551ce3c6076249f24a88d18145ceb11cecb818c8d5d110b113186
imphash a4b80b477757fb3139192a03ab4b47e6
File size 382.0 KB ( 391168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-28 03:45:10 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-28 03:45:10 UTC ( 1 month, 3 weeks ago )
File names krosbin.exe
krosbin.exe
maizer.exe
thivel.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!