× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc48a20a90b44dcdc75d5ccc27fb858e1add46670cb63292a8b0090562bc4a86
File name: PROTESTO.exe
Detection ratio: 15 / 56
Analysis date: 2016-06-10 21:53:18 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lXRd 20160610
AhnLab-V3 Trojan/Win32.MSIL 20160610
Avira (no cloud) TR/Drop.Agent.qgng 20160610
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160608
Cyren W32/GenBl.5F543DF6!Olympus 20160610
DrWeb Trojan.Siggen6.61862 20160610
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.CLG 20160610
Fortinet MSIL/TrojanDropper.CLG!tr 20160610
Ikarus Trojan.MSIL.Spy 20160610
Kaspersky UDS:DangerousObject.Multi.Generic 20160610
McAfee Artemis!5F543DF60028 20160610
McAfee-GW-Edition Artemis 20160610
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160610
Rising Malware.Generic!1PfaJr0FOvN@d (Thunder) 20160610
Symantec Heur.AdvML.C 20160610
Ad-Aware 20160610
Alibaba 20160608
ALYac 20160610
Antiy-AVL 20160610
Arcabit 20160610
Avast 20160610
AVG 20160610
AVware 20160610
Baidu-International 20160606
BitDefender 20160610
Bkav 20160610
CAT-QuickHeal 20160610
ClamAV 20160610
CMC 20160607
Comodo 20160610
Emsisoft 20160610
F-Prot 20160610
F-Secure 20160610
GData 20160610
Jiangmin 20160610
K7AntiVirus 20160610
K7GW 20160610
Kingsoft 20160610
Malwarebytes 20160610
Microsoft 20160610
eScan 20160610
NANO-Antivirus 20160610
nProtect 20160610
Panda 20160610
Sophos AV 20160610
SUPERAntiSpyware 20160610
Tencent 20160610
TheHacker 20160610
TrendMicro 20160610
TrendMicro-HouseCall 20160610
VBA32 20160610
VIPRE 20160610
ViRobot 20160610
Yandex 20160609
Zillya 20160610
Zoner 20160610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product Windows05
Original name NOVO_LOAD_DRBOYY_2.exe
Internal name NOVO_LOAD_DRBOYY_2.exe
File version 1.0.0.0
Description Windows05
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-09 07:57:34
Entry Point 0x00111A1E
Number of sections 4
.NET details
Module Version ID d5742466-26ae-4cc9-a694-fd41d0d27aeb
TypeLib ID 49173948-3cf5-42c0-8eb7-40ca1e7c6522
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x111a1e

OriginalFileName
NOVO_LOAD_DRBOYY_2.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:06:09 08:57:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NOVO_LOAD_DRBOYY_2.exe

ProductVersion
1.0.0.0

FileDescription
Windows05

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1113088

ProductName
Windows05

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 5f543df60028ea5329d42b558f0e499e
SHA1 74b5d0af2fc52cd5fc8b5f5ddd84bc259caa6101
SHA256 dc48a20a90b44dcdc75d5ccc27fb858e1add46670cb63292a8b0090562bc4a86
ssdeep
24576:YnSmDiQngNLRTOLZL52e/oI0jX3jzXDE/gi1aua6M52kkNq8lKEag:YnHDiQnI1TOLZL5d/o1Xz7DE/gioeM5k

authentihash 3d113a144f6e8fd0286fb644847d93365f0f3924022e0e0343a3fcedcd3721a7
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.1 MB ( 1118208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-06-10 16:53:29 UTC ( 1 year, 4 months ago )
Last submission 2016-06-13 05:45:25 UTC ( 1 year, 4 months ago )
File names NOVO_LOAD_DRBOYY_2.exe
PROTESTO.exe";filename*=UTF-8''PROTESTO.exe
PROTESTO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!