× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d76717e425800510103957161467c0bef430e564aff615ff479d1eb681daabd0
File name: VirusShare_da73e95ebeb81873e08decf4ebb8b644
Detection ratio: 27 / 57
Analysis date: 2015-05-16 16:01:18 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2384644 20150516
ALYac Trojan.GenericKD.2384644 20150516
Avast Win32:Malware-gen 20150516
AVware Trojan.Win32.Generic!BT 20150516
BitDefender Trojan.GenericKD.2384644 20150516
Emsisoft Trojan.GenericKD.2384644 (B) 20150516
ESET-NOD32 a variant of MSIL/Injector.JPK 20150516
F-Secure Trojan.GenericKD.2384644 20150516
Fortinet W32/Cridex.WR!worm 20150516
GData Trojan.GenericKD.2384644 20150516
K7AntiVirus Riskware ( 0040eff71 ) 20150516
K7GW Riskware ( 0040eff71 ) 20150516
Kaspersky Worm.Win32.Cridex.wr 20150516
Malwarebytes Trojan.Tinba 20150516
McAfee RDN/Generic.tfr!en 20150516
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20150516
Microsoft Trojan:Win32/Dynamer!ac 20150516
eScan Trojan.GenericKD.2384644 20150516
nProtect Trojan.GenericKD.2384644 20150515
Panda Trj/CI.A 20150516
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150516
Sophos AV Mal/Generic-S 20150516
Symantec WS.Reputation.1 20150516
Tencent Trojan.Win32.YY.Gen.18 20150516
TrendMicro TROJ_GEN.R047C0DEF15 20150516
TrendMicro-HouseCall TROJ_GEN.R047C0DEF15 20150516
VIPRE Trojan.Win32.Generic!BT 20150516
AegisLab 20150516
Yandex 20150516
AhnLab-V3 20150516
Alibaba 20150516
Antiy-AVL 20150516
AVG 20150516
Avira (no cloud) 20150516
Baidu-International 20150516
Bkav 20150516
ByteHero 20150516
CAT-QuickHeal 20150516
ClamAV 20150516
CMC 20150513
Comodo 20150516
Cyren 20150516
DrWeb 20150516
F-Prot 20150516
Ikarus 20150516
Jiangmin 20150515
Kingsoft 20150516
NANO-Antivirus 20150516
Norman 20150516
Rising 20150516
SUPERAntiSpyware 20150516
TheHacker 20150515
TotalDefense 20150516
VBA32 20150515
ViRobot 20150516
Zillya 20150515
Zoner 20150515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright

Publisher LoosenMetastatic
Product NarcissisticMeatball
Original name LacksReassuringLaboursaving.exe
Internal name LacksReassuringLaboursaving.exe
File version 8.6.7.6
Description NegatedInfighting
Comments RabbitsMorassesNothing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-30 10:20:55
Entry Point 0x00023F1E
Number of sections 3
.NET details
Module Version ID b9aa9f99-bf37-4c26-9564-8f678861d39d
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
RabbitsMorassesNothing

InitializedDataSize
1536

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.6.7.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
NegatedInfighting

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x23f1e

OriginalFileName
LacksReassuringLaboursaving.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright

FileVersion
8.6.7.6

TimeStamp
2005:12:30 11:20:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LacksReassuringLaboursaving.exe

ProductVersion
8.6.7.6

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LoosenMetastatic

CodeSize
139264

ProductName
NarcissisticMeatball

ProductVersionNumber
8.6.7.6

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.1.6.3

File identification
MD5 da73e95ebeb81873e08decf4ebb8b644
SHA1 9df2cb262eeae3ba57d33afea136ea67ee0d8cdc
SHA256 d76717e425800510103957161467c0bef430e564aff615ff479d1eb681daabd0
ssdeep
3072:hRRt26w+uReJ1btsbGVJ1NEIT3TkK7s9P4RLrN7bj7o4:Tbwi7btsbKJfE2pw4n

authentihash 09e3e537dbfe3e724be8c3bcd70b6fb680b6c139ce0885abb7c55a9cd3615e6b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 138.0 KB ( 141312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-05-08 09:12:24 UTC ( 4 years ago )
Last submission 2015-08-13 21:26:57 UTC ( 3 years, 9 months ago )
File names LacksReassuringLaboursaving.exe
VirusShare_da73e95ebeb81873e08decf4ebb8b644
M2104.mal
aUEg.pdf
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DEF15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications