× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e598a163fc66dd71a0ed4d38f9e361599778e275c6a15b7bc227a6405948b2c4
File name: good.exe
Detection ratio: 47 / 68
Analysis date: 2019-01-06 20:04:02 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Generic.MSIL.Bladabindi.62A4FFBB 20190106
AhnLab-V3 Backdoor/Win32.Bladabindi.C906179 20190106
ALYac Generic.MSIL.Bladabindi.62A4FFBB 20190106
Antiy-AVL Trojan[Backdoor]/MSIL.Bladabindi.as 20190106
Arcabit Generic.MSIL.Bladabindi.62A4FFBB 20190106
Avast MSIL:Bladabindi-JK [Trj] 20190106
AVG MSIL:Bladabindi-JK [Trj] 20190106
Avira (no cloud) TR/Dropper.Gen 20190106
Baidu MSIL.Backdoor.Bladabindi.a 20190104
BitDefender Generic.MSIL.Bladabindi.62A4FFBB 20190106
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4 20190106
ClamAV Win.Trojan.B-468 20190106
Comodo Backdoor.MSIL.Bladabindi.BA@7oej5x 20190106
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.8fa471 20180225
Cylance Unsafe 20190106
Cyren W32/MSIL_Bladabindi.A.gen!Eldorado 20190106
DrWeb Trojan.MulDrop7.48997 20190106
eGambit Unsafe.AI_Score_98% 20190106
Emsisoft Generic.MSIL.Bladabindi.62A4FFBB (B) 20190106
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Bladabindi.BB 20190106
F-Prot W32/MSIL_Bladabindi.A.gen!Eldorado 20190106
F-Secure Generic.MSIL.Bladabindi.62A4FFBB 20190106
Fortinet MSIL/Bladabindi.AS!tr 20190106
GData Win32.Malware.Bucaspys.A 20190106
Ikarus Backdoor.MSIL 20190106
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Autoit.dce 20190106
K7AntiVirus Trojan ( 700000121 ) 20190106
K7GW Trojan ( 700000121 ) 20190106
Kaspersky HEUR:Trojan.Win32.Generic 20190106
Malwarebytes Backdoor.Bladabindi 20190106
MAX malware (ai score=89) 20190106
McAfee BackDoor-FDNN!23DA8A28FA47 20190106
McAfee-GW-Edition BehavesLike.Win32.Generic.pm 20190106
Microsoft Backdoor:MSIL/Bladabindi 20190106
eScan Generic.MSIL.Bladabindi.62A4FFBB 20190106
Qihoo-360 HEUR/QVM03.0.5F19.Malware.Gen 20190106
Rising Backdoor.MSIL.Bladabindi!1.9E49 (CLASSIC) 20190106
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Bladabi-D 20190106
Symantec ML.Attribute.HighConfidence 20190105
TrendMicro-HouseCall BKDR_BLADABI.SMC 20190106
Webroot W32.Malware.Gen 20190106
Zillya Trojan.Bladabindi.Win32.97072 20190105
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190106
Acronis 20181227
AegisLab 20190106
Alibaba 20180921
Avast-Mobile 20190106
Babable 20180918
Bkav 20190104
CMC 20190106
Kingsoft 20190106
NANO-Antivirus 20190106
Palo Alto Networks (Known Signatures) 20190106
Panda 20190106
SUPERAntiSpyware 20190102
TACHYON 20190106
Tencent 20190106
TheHacker 20190104
Trapmine 20190103
Trustlook 20190106
VBA32 20190104
ViRobot 20190106
Yandex 20181229
Zoner 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-29 08:36:47
Entry Point 0x0000DC2E
Number of sections 3
.NET details
Module Version ID ea40e3b5-599d-4b52-88b7-b8097659a8aa
TypeLib ID 1f8b2271-7303-4f2f-8b4b-556a5fcb3c86
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:29 09:36:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48640

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0xdc2e

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 23da8a28fa471b50a5998557cd333ef5
SHA1 9641c45b9b3504e7d07fbb895ac0aafb05071a74
SHA256 e598a163fc66dd71a0ed4d38f9e361599778e275c6a15b7bc227a6405948b2c4
ssdeep
768:2Jsh93RcdVSX22HWNq696c6yxVBjkcbSoi3xCy9l1s3Oee2C:2Jsj3GdVSXfAqyxLIcpKYy9rse1

authentihash 967ca2a13c8465939b9b87903604739e182225765b6086de1aa23e0a03c55c47
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 49.5 KB ( 50688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2019-01-06 20:04:02 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-31 07:43:31 UTC ( 3 weeks, 2 days ago )
File names output.114887479.txt
good.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!