× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da0d74b7f5311b41225a925270a00a41c639b0fec3f8ec3008b4f08afe805df8
File name: crypted.120.exe
Detection ratio: 2 / 57
Analysis date: 2015-05-12 11:53:23 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150512
Tencent Trojan.Win32.Qudamah.Gen.18 20150512
Ad-Aware 20150512
AegisLab 20150512
Yandex 20150511
AhnLab-V3 20150512
Alibaba 20150512
ALYac 20150512
Antiy-AVL 20150512
Avast 20150512
AVG 20150512
Avira (no cloud) 20150512
AVware 20150512
Baidu-International 20150511
BitDefender 20150512
Bkav 20150512
ByteHero 20150512
CAT-QuickHeal 20150512
ClamAV 20150512
CMC 20150508
Comodo 20150512
Cyren 20150512
DrWeb 20150512
Emsisoft 20150512
ESET-NOD32 20150512
F-Prot 20150512
F-Secure 20150512
Fortinet 20150512
GData 20150512
Ikarus 20150512
Jiangmin 20150511
K7AntiVirus 20150512
K7GW 20150512
Kingsoft 20150512
Malwarebytes 20150512
McAfee 20150512
McAfee-GW-Edition 20150511
Microsoft 20150512
eScan 20150512
NANO-Antivirus 20150512
Norman 20150512
nProtect 20150512
Panda 20150512
Qihoo-360 20150512
Rising 20150512
Sophos AV 20150512
SUPERAntiSpyware 20150512
Symantec 20150512
TheHacker 20150511
TotalDefense 20150512
TrendMicro 20150512
TrendMicro-HouseCall 20150512
VBA32 20150511
VIPRE 20150512
ViRobot 20150512
Zillya 20150510
Zoner 20150511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
CentreingChangingAustria AgarCodifyUses (C) ValetUncovers

Product WizardsTripod
Original name VoidChitAllied.exe
Internal name VoidChitAllied????
File version 2.0.9.7
Description ArmisticeAccursed
Comments CiviliseAncientBrainteasing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-13 06:47:12
Entry Point 0x000276EE
Number of sections 3
.NET details
Module Version ID cf1f8f5f-6326-412d-a244-8d7bb9dde9ce
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
CiviliseAncientBrainteasing

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.9.7

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ArmisticeAccursed

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x276ee

OriginalFileName
VoidChitAllied.exe

MIMEType
application/octet-stream

LegalCopyright
CentreingChangingAustria AgarCodifyUses (C) ValetUncovers

FileVersion
2.0.9.7

TimeStamp
2012:05:13 07:47:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VoidChitAllied

ProductVersion
2.0.9.7

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BorrowersUndigestedBolstered

CodeSize
153600

ProductName
WizardsTripod

ProductVersionNumber
2.0.9.7

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
4.5.5.1

File identification
MD5 dd7adc5b140835dc22f6c95694f9c015
SHA1 0cc8801e15349c5b6b86120b42679e2547fd66fd
SHA256 da0d74b7f5311b41225a925270a00a41c639b0fec3f8ec3008b4f08afe805df8
ssdeep
3072:3nH/EFG2HnEmoAkQu2vzAsciBo1jTomEhBiRW6wA4PCLwms8:XH/IELAkqMnygjOBiE6LWC4

authentihash d2efe56dd416765afa70dda104d52eba15000fcc3d88d93b5736f2fa539b0a12
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-05-12 09:58:57 UTC ( 2 years, 7 months ago )
Last submission 2016-03-15 01:08:39 UTC ( 1 year, 9 months ago )
File names 7777777.exe
crypted.120.bin
crypted.120[1].vxe
7777777.exe.279078.DROPPED
crypted.120.exe
da0d74b7f5311b41225a925270a00a41c639b0fec3f8ec3008b4f08afe805df8.exe
dd7adc5b140835dc22f6c95694f9c015.exe
da0d74b7f5311b41225a925270a00a41c639b0fec3f8ec3008b4f08afe805df8.bin
VoidChitAllied.exe
2015-05-12-malware-returned-from-92.63.88.87-port-8080.exe
DA0D74B7F5311B41225A925270A00A41C639B0FEC3F8EC3008B4F08AFE805DF8.exe
crypted120.exe
VoidChitAllied????
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections