× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4f4fa484af248360e2ef183f09b57ad1f6be81943f05a2c43a0943f7a44fb9d
File name: 7.exe
Detection ratio: 6 / 67
Analysis date: 2018-10-17 04:17:03 UTC ( 5 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20181017
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.6b2bfe 20180225
Cylance Unsafe 20181017
Ikarus AdWare.MSIL.Csdimonetize 20181016
SentinelOne (Static ML) static engine - malicious 20181011
Ad-Aware 20181017
AegisLab 20181017
AhnLab-V3 20181016
Alibaba 20180921
ALYac 20181017
Antiy-AVL 20181017
Arcabit 20181017
Avast 20181017
Avast-Mobile 20181016
AVG 20181017
Babable 20180918
Baidu 20181015
BitDefender 20181017
Bkav 20181016
CAT-QuickHeal 20181013
ClamAV 20181016
CMC 20181016
Comodo 20181017
Cyren 20181017
DrWeb 20181017
eGambit 20181017
Emsisoft 20181017
Endgame 20180730
ESET-NOD32 20181017
F-Prot 20181017
F-Secure 20181017
Fortinet 20181017
GData 20181017
Sophos ML 20180717
Jiangmin 20181017
K7AntiVirus 20181017
K7GW 20181016
Kaspersky 20181017
Kingsoft 20181017
Malwarebytes 20181017
MAX 20181017
McAfee 20181017
McAfee-GW-Edition 20181017
Microsoft 20181017
eScan 20181017
NANO-Antivirus 20181017
Palo Alto Networks (Known Signatures) 20181017
Panda 20181016
Qihoo-360 20181017
Rising 20181017
Sophos AV 20181017
SUPERAntiSpyware 20181015
Symantec 20181016
Symantec Mobile Insight 20181001
TACHYON 20181017
Tencent 20181017
TheHacker 20181015
TotalDefense 20181016
TrendMicro 20181017
TrendMicro-HouseCall 20181017
Trustlook 20181017
VBA32 20181016
ViRobot 20181017
Webroot 20181017
Yandex 20181016
Zillya 20181016
ZoneAlarm by Check Point 20181017
Zoner 20181016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © GitHub 2013-2015

Product Update
Original name update.exe
Internal name update.exe
File version 0.0.0.1
Description Update
Comments Update
Signature verification The digital signature of the object did not verify.
Signing date 12:54 PM 2/14/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-08 19:11:16
Entry Point 0x0008131E
Number of sections 4
.NET details
Module Version ID 1f60f8e2-a14f-4ea7-8575-4085e2a86738
TypeLib ID ab574b26-f354-4ec6-b056-a009ceb9d934
PE sections
Overlays
MD5 ae015d89e20fc26504abd319aba9f778
File type data
Offset 526848
Size 15704
Entropy 7.14
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Update

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Update

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x8131e

OriginalFileName
update.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright GitHub 2013-2015

FileVersion
0.0.0.1

TimeStamp
2018:10:08 21:11:16+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
update.exe

ProductVersion
0.0.0.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GitHub

CodeSize
521216

ProductName
Update

ProductVersionNumber
0.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.1

File identification
MD5 6468db1571b22b7acc7c4f0fd8eb129d
SHA1 fe22d906b2bfeb42be4afd0632697091a2118ef6
SHA256 e4f4fa484af248360e2ef183f09b57ad1f6be81943f05a2c43a0943f7a44fb9d
ssdeep
12288:6btD0+ir/vFV8dCsH5EfFHvjRHGOgyN6w69vna+JbbaH84q:I+Jr/v0YUeFPjRzulfVJbuS

authentihash 53cf79eeb6ff787b1f83906ea68a504f94b37ca6456a2181f1253f13cbbb01bf
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 529.8 KB ( 542552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (34.2%)
Win64 Executable (generic) (30.3%)
Windows screen saver (14.3%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-10-17 04:17:03 UTC ( 5 months ago )
Last submission 2018-10-17 04:17:03 UTC ( 5 months ago )
File names 7.exe
update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections