× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e66b2344ddd179e300539401220fc44665f30b90fff1e22c2a1882fe79602e7c
File name: 2efaa3c3c02c7fdaaf552baf8aab0fd0
Detection ratio: 38 / 66
Analysis date: 2018-06-01 06:43:17 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30904425 20180601
AegisLab Troj.W32.Generic!c 20180601
AhnLab-V3 Trojan/Win32.Kryptik.C2548374 20180601
ALYac Trojan.GenericKD.30904425 20180601
Arcabit Trojan.Generic.D1D79069 20180601
Avast Win32:Malware-gen 20180601
AVG Win32:Malware-gen 20180601
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9859 20180601
BitDefender Trojan.GenericKD.30904425 20180601
Cylance Unsafe 20180601
Cyren W32/Kryptik.EN.gen!Eldorado 20180601
DrWeb Trojan.DownLoader26.39159 20180601
Emsisoft Trojan.GenericKD.30904425 (B) 20180601
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Kryptik.MWY 20180601
F-Prot W32/Kryptik.EN.gen!Eldorado 20180601
F-Secure Trojan.GenericKD.30904425 20180601
Fortinet MSIL/Kryptik.MWY!tr 20180601
GData Win32.Trojan.Agent.L7VUQO 20180601
Ikarus Trojan.MSIL.Inject 20180531
Sophos ML heuristic 20180503
Kaspersky HEUR:Trojan.Win32.Generic 20180601
Malwarebytes Trojan.PasswordStealer.MSIL.Generic 20180601
MAX malware (ai score=95) 20180601
McAfee Packed-FEP!2EFAA3C3C02C 20180601
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20180601
eScan Trojan.GenericKD.30904425 20180601
NANO-Antivirus Trojan.Win32.Kryptik.fdbqtx 20180601
Palo Alto Networks (Known Signatures) generic.ml 20180601
Panda Trj/CI.A 20180531
Qihoo-360 Win32/Trojan.e6d 20180601
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Kryptik-BZ 20180601
Symantec Packed.Generic.511 20180601
Tencent Win32.Trojan.Generic.Hwxe 20180601
TrendMicro TROJ_GEN.R020C0OEV18 20180601
TrendMicro-HouseCall TROJ_GEN.R020C0OEV18 20180601
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180601
Alibaba 20180601
Antiy-AVL 20180601
Avast-Mobile 20180531
Avira (no cloud) 20180531
AVware 20180601
Babable 20180406
Bkav 20180531
CAT-QuickHeal 20180531
ClamAV 20180531
CMC 20180529
Comodo 20180601
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180601
Jiangmin 20180601
K7AntiVirus 20180601
K7GW 20180601
Kingsoft 20180601
Microsoft 20180601
nProtect 20180601
Rising 20180601
SUPERAntiSpyware 20180601
Symantec Mobile Insight 20180601
TheHacker 20180531
TotalDefense 20180531
Trustlook 20180601
VBA32 20180531
VIPRE 20180601
ViRobot 20180601
Webroot 20180601
Yandex 20180529
Zillya 20180531
Zoner 20180531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name lZ8yn4gXn6nBJwxG.CIL.exe
Internal name lZ8yn4gXn6nBJwxG.CIL.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-31 06:47:19
Entry Point 0x0002143E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_HTML 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
560128

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
lZ8yn4gXn6nBJwxG.CIL.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:05:31 07:47:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lZ8yn4gXn6nBJwxG.CIL.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
128512

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x2143e

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Execution parents
File identification
MD5 2efaa3c3c02c7fdaaf552baf8aab0fd0
SHA1 7044c665670a377147cba87fe3db1caae9fdd84b
SHA256 e66b2344ddd179e300539401220fc44665f30b90fff1e22c2a1882fe79602e7c
ssdeep
12288:sm7XlNdVv7fggfsPu72mYZjz1ll1VKEN38+ln36iAFaw5MwENE4E93y18TOo:RHLEPzTl1EENzn3i4Uqe9CGj

authentihash 5ca7d0c888c88d43105c5ccd08954da788870fe89fb16444d6ab9dba52cc792b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 673.0 KB ( 689152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-31 10:34:53 UTC ( 1 month, 2 weeks ago )
Last submission 2018-06-19 16:39:50 UTC ( 4 weeks, 1 day ago )
File names doc01289098490pdf.exe
doc01289098490pdf.exe
lZ8yn4gXn6nBJwxG.CIL.exe
<SAMPLE.EXE>
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!