| SHA256: | e598a163fc66dd71a0ed4d38f9e361599778e275c6a15b7bc227a6405948b2c4 |
| File name: | good.exe |
| Detection ratio: | 47 / 68 |
| Analysis date: | 2019-01-06 20:04:02 UTC ( 1 month, 2 weeks ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| AhnLab-V3 | Backdoor/Win32.Bladabindi.C906179 | 20190106 |
| ALYac | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| Antiy-AVL | Trojan[Backdoor]/MSIL.Bladabindi.as | 20190106 |
| Arcabit | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| Avast | MSIL:Bladabindi-JK [Trj] | 20190106 |
| AVG | MSIL:Bladabindi-JK [Trj] | 20190106 |
| Avira (no cloud) | TR/Dropper.Gen | 20190106 |
| Baidu | MSIL.Backdoor.Bladabindi.a | 20190104 |
| BitDefender | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| CAT-QuickHeal | Trojan.YakbeexMSIL.ZZ4 | 20190106 |
| ClamAV | Win.Trojan.B-468 | 20190106 |
| Comodo | Backdoor.MSIL.Bladabindi.BA@7oej5x | 20190106 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (D) | 20181022 |
| Cybereason | malicious.8fa471 | 20180225 |
| Cylance | Unsafe | 20190106 |
| Cyren | W32/MSIL_Bladabindi.A.gen!Eldorado | 20190106 |
| DrWeb | Trojan.MulDrop7.48997 | 20190106 |
| eGambit | Unsafe.AI_Score_98% | 20190106 |
| Emsisoft | Generic.MSIL.Bladabindi.62A4FFBB (B) | 20190106 |
| Endgame | malicious (high confidence) | 20181108 |
| ESET-NOD32 | a variant of MSIL/Bladabindi.BB | 20190106 |
| F-Prot | W32/MSIL_Bladabindi.A.gen!Eldorado | 20190106 |
| F-Secure | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| Fortinet | MSIL/Bladabindi.AS!tr | 20190106 |
| GData | Win32.Malware.Bucaspys.A | 20190106 |
| Ikarus | Backdoor.MSIL | 20190106 |
| Sophos ML | heuristic | 20181128 |
| Jiangmin | TrojanDropper.Autoit.dce | 20190106 |
| K7AntiVirus | Trojan ( 700000121 ) | 20190106 |
| K7GW | Trojan ( 700000121 ) | 20190106 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20190106 |
| Malwarebytes | Backdoor.Bladabindi | 20190106 |
| MAX | malware (ai score=89) | 20190106 |
| McAfee | BackDoor-FDNN!23DA8A28FA47 | 20190106 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.pm | 20190106 |
| Microsoft | Backdoor:MSIL/Bladabindi | 20190106 |
| eScan | Generic.MSIL.Bladabindi.62A4FFBB | 20190106 |
| Qihoo-360 | HEUR/QVM03.0.5F19.Malware.Gen | 20190106 |
| Rising | Backdoor.MSIL.Bladabindi!1.9E49 (CLASSIC) | 20190106 |
| SentinelOne (Static ML) | static engine - malicious | 20181223 |
| Sophos AV | Mal/Bladabi-D | 20190106 |
| Symantec | ML.Attribute.HighConfidence | 20190105 |
| TrendMicro-HouseCall | BKDR_BLADABI.SMC | 20190106 |
| Webroot | W32.Malware.Gen | 20190106 |
| Zillya | Trojan.Bladabindi.Win32.97072 | 20190105 |
| ZoneAlarm by Check Point | HEUR:Trojan.Win32.Generic | 20190106 |
| Acronis | 20181227 | |
| AegisLab | 20190106 | |
| Alibaba | 20180921 | |
| Avast-Mobile | 20190106 | |
| Babable | 20180918 | |
| Bkav | 20190104 | |
| CMC | 20190106 | |
| Kingsoft | 20190106 | |
| NANO-Antivirus | 20190106 | |
| Palo Alto Networks (Known Signatures) | 20190106 | |
| Panda | 20190106 | |
| SUPERAntiSpyware | 20190102 | |
| TACHYON | 20190106 | |
| Tencent | 20190106 | |
| TheHacker | 20190104 | |
| Trapmine | 20190103 | |
| Trustlook | 20190106 | |
| VBA32 | 20190104 | |
| ViRobot | 20190106 | |
| Yandex | 20181229 | |
| Zoner | 20190106 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-29 08:36:47
Entry Point 0x0000DC2E
Number of sections 3
.NET details
Module Version ID
ea40e3b5-599d-4b52-88b7-b8097659a8aa
TypeLib ID
1f8b2271-7303-4f2f-8b4b-556a5fcb3c86
PE sections
PE imports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2018:11:29 09:36:47+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
48640
LinkerVersion
8.0
ImageFileCharacteristics
Executable, 32-bit
EntryPoint
0xdc2e
InitializedDataSize
1536
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
UninitializedDataSize
0
File identification
MD5 23da8a28fa471b50a5998557cd333ef5
SHA1 9641c45b9b3504e7d07fbb895ac0aafb05071a74
SHA256 e598a163fc66dd71a0ed4d38f9e361599778e275c6a15b7bc227a6405948b2c4
ssdeep
768:2Jsh93RcdVSX22HWNq696c6yxVBjkcbSoi3xCy9l1s3Oee2C:2Jsj3GdVSXfAqyxLIcpKYy9rse1
File size
49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
| TrID |
Generic CIL Executable (.NET, Mono, etc.) (55.8%) Win64 Executable (generic) (21.0%) Windows screen saver (9.9%) Win32 Dynamic Link Library (generic) (5.0%) Win32 Executable (generic) (3.4%) |
Tags
peexe
assembly
VirusTotal metadata
First submission
2019-01-06 20:04:02 UTC ( 1 month, 2 weeks ago )
Last submission
2019-01-31 07:43:31 UTC ( 3 weeks, 2 days ago )
| File names |
output.114887479.txt good.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!