× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd5267b3c58ea721a5c606367293ed6bcd2f83fd762ab8114fa023ffeeb37c53
File name: output.113049857.txt
Detection ratio: 30 / 64
Analysis date: 2018-03-29 16:57:58 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30495106 20180329
AegisLab Uds.Dangerousobject.Multi!c 20180329
AhnLab-V3 Trojan/Win32.ADH.C78592 20180329
Arcabit Trojan.Generic.D1D15182 20180329
Avast Win32:Malware-gen 20180329
AVG Win32:Malware-gen 20180329
Avira (no cloud) TR/Dropper.MSIL.hyhwa 20180329
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9968 20180329
BitDefender Trojan.GenericKD.30495106 20180329
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cybereason malicious.71fdf1 20180225
Cylance Unsafe 20180329
DrWeb Trojan.Siggen7.43491 20180329
Emsisoft Trojan.GenericKD.30495106 (B) 20180329
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of MSIL/Kryptik.NJJ 20180329
GData Trojan.GenericKD.30495106 20180329
Ikarus Win32.Outbreak 20180329
Sophos ML heuristic 20180121
Kaspersky Backdoor.Win32.Androm.plqh 20180329
MAX malware (ai score=94) 20180329
McAfee RDN/Generic.grp 20180329
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20180329
eScan Trojan.GenericKD.30495106 20180329
Palo Alto Networks (Known Signatures) generic.ml 20180329
Qihoo-360 HEUR/QVM03.0.239B.Malware.Gen 20180329
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Gen.2 20180329
TrendMicro-HouseCall Suspicious_GEN.F47V0329 20180329
ZoneAlarm by Check Point Backdoor.Win32.Androm.plqh 20180329
Alibaba 20180329
ALYac 20180329
Antiy-AVL 20180329
Avast-Mobile 20180329
AVware 20180329
Bkav 20180329
CAT-QuickHeal 20180329
ClamAV 20180329
CMC 20180329
Comodo 20180329
Cyren 20180329
eGambit 20180329
F-Prot 20180329
Fortinet 20180329
Jiangmin 20180329
K7AntiVirus 20180329
K7GW 20180329
Kingsoft 20180329
Malwarebytes 20180329
Microsoft 20180329
NANO-Antivirus 20180329
nProtect 20180329
Panda 20180329
Rising 20180329
Sophos AV 20180329
SUPERAntiSpyware 20180329
Symantec Mobile Insight 20180311
Tencent 20180329
TheHacker 20180327
TotalDefense 20180329
TrendMicro 20180329
Trustlook 20180329
VBA32 20180329
VIPRE 20180329
ViRobot 20180329
Yandex 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 American Electric Power Company, Inc.

Product Change Auditor for Logon Activity
Original name jujjj.exe
Internal name jujjj.exe
File version 18.11.2.1
Description Change Auditor for Logon Activity
Comments caws25gkjnq
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-19 13:55:18
Entry Point 0x0007F26E
Number of sections 3
.NET details
Module Version ID 5bad7d28-9de8-428c-956c-b94b97917f8b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
caws25gkjnq

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
18.11.2.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Change Auditor for Logon Activity

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
70144

EntryPoint
0x7f26e

OriginalFileName
jujjj.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 American Electric Power Company, Inc.

FileVersion
18.11.2.1

TimeStamp
2017:06:19 06:55:18-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
jujjj.exe

ProductVersion
18.11.2.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
American Electric Power Company, Inc.

CodeSize
513024

ProductName
Change Auditor for Logon Activity

ProductVersionNumber
18.11.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 bc8eaa97dbf3268f8b8725ddedf58793
SHA1 88cd60771fdf17b1965e30836c1da9d41a3b003a
SHA256 dd5267b3c58ea721a5c606367293ed6bcd2f83fd762ab8114fa023ffeeb37c53
ssdeep
12288:XyFzxuQXueUyqEZ7jFVLJgXoVVC9qUweZR3Ik:CFFz+EZ7XLJgI4n/3I

authentihash 1febd9c65dc438a44069e41a236feb92661a0642eab6dac018eecf4fc4981b60
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 570.0 KB ( 583680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-03-29 06:17:21 UTC ( 10 months, 3 weeks ago )
Last submission 2018-04-02 10:45:36 UTC ( 10 months, 2 weeks ago )
File names SmartaDAV.exe
adobe.123
jujjj.exe
output.112990169.txt
003f81a1f1daff2aa6be299a370af4e50c5c1d34
output.113049857.txt
yed4ed4w25657h6f7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!