× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7d4a87c0874789deabcd425cef8fcee522742502044fe63b611bc71b22e1938
File name: ff424c0901ae607f9d7d2352210780a533ab2434
Detection ratio: 43 / 55
Analysis date: 2016-07-09 23:05:04 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.53689 20160709
AegisLab Troj.W32.Gen.lYL2 20160709
AhnLab-V3 Backdoor/Win32.Trojan.N1628271584 20160709
ALYac Gen:Variant.Barys.53689 20160709
Antiy-AVL Trojan[Dropper]/Win32.FrauDrop 20160709
Arcabit Trojan.Barys.DD1B9 20160709
Avast Win32:Malware-gen 20160709
AVG Bladabindi.CLKV 20160709
Avira (no cloud) BDS/Bladabindi.154624.1 20160709
AVware Trojan.Win32.Generic!BT 20160709
BitDefender Gen:Variant.Barys.53689 20160709
Bkav W32.Clod7a5.Trojan.b593 20160708
CAT-QuickHeal Backdoor.BLA.r4 20160709
Comodo UnclassifiedMalware 20160709
Cyren W32/Trojan.CITT-2805 20160709
Emsisoft Gen:Variant.Barys.53689 (B) 20160709
ESET-NOD32 MSIL/Bladabindi.BC 20160709
F-Prot W32/Trojan2.OVQY 20160709
F-Secure Gen:Variant.Barys.53689 20160709
Fortinet W32/FrauDrop.AJSVY!tr 20160709
GData Gen:Variant.Barys.53689 20160709
Ikarus Trojan.MSIL.Bladabindi 20160709
Jiangmin TrojanDropper.FrauDrop.acnd 20160709
K7AntiVirus Trojan ( 0049370a1 ) 20160709
K7GW Trojan ( 0049370a1 ) 20160709
Kaspersky HEUR:Trojan.Win32.Generic 20160709
Malwarebytes Backdoor.Bladabindi 20160709
McAfee Artemis!04B4D44B4524 20160709
McAfee-GW-Edition Artemis!Trojan 20160709
Microsoft Backdoor:MSIL/Bladabindi 20160709
eScan Gen:Variant.Barys.53689 20160709
NANO-Antivirus Trojan.Win32.FrauDrop.dufoch 20160709
Panda Trj/CI.A 20160709
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160710
Sophos AV Mal/Generic-S 20160709
Symantec Heur.AdvML.C 20160709
Tencent Win32.Backdoor.Bladabindi.Frw 20160710
TrendMicro TROJ_GEN.R0CCC0DGM15 20160709
VBA32 TrojanDropper.FrauDrop 20160708
VIPRE Trojan.Win32.Generic!BT 20160709
ViRobot Trojan.Win32.Z.Bladabindi.154624.T[h] 20160709
Yandex Trojan.DR.FrauDrop!hLbCVuCMIVc 20160709
Zillya Dropper.FrauDrop.Win32.30926 20160709
Alibaba 20160708
Baidu 20160706
ClamAV 20160709
CMC 20160704
DrWeb 20160709
Kingsoft 20160710
nProtect 20160708
SUPERAntiSpyware 20160709
TheHacker 20160709
TotalDefense 20160709
TrendMicro-HouseCall 20160709
Zoner 20160709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015

Product System Cmd
Original name System Cmd.exe
Internal name System Cmd.exe
File version 1.0.0.0
Description System Cmd
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-03 13:06:03
Entry Point 0x00026C0E
Number of sections 4
.NET details
Module Version ID ce797d5d-884e-4f77-bc15-8c8ba5025dfe
TypeLib ID 79ca7f8d-a78e-4d6b-8b51-200673a86ce4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2560

ImageVersion
0.0

ProductName
System Cmd

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
System Cmd

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
System Cmd.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2015:07:03 14:06:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
System Cmd.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2015

MachineType
Intel 386 or later, and compatibles

CodeSize
151040

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x26c0e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 04b4d44b4524cb1988b488ecf6369344
SHA1 ff424c0901ae607f9d7d2352210780a533ab2434
SHA256 e7d4a87c0874789deabcd425cef8fcee522742502044fe63b611bc71b22e1938
ssdeep
3072:eCgI4rkz3RjAUs49zonKKthemBGw/DMwNyNNk3luy:exITDmw9cnbGaDMwNyN

authentihash 05f8200cf00e9c6f851649d9dd15ee414a91336288b5a453839d25449c166f97
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 151.0 KB ( 154624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-07-21 01:18:45 UTC ( 3 years, 7 months ago )
Last submission 2015-07-21 01:18:45 UTC ( 3 years, 7 months ago )
File names System Cmd.exe
system.exe
E7D4A87C0874789DEABCD425CEF8FCEE522742502044FE63B611BC71B22E1938.EXE
0e08dd9f1d8b2e22d7c0d8a188e17ba9.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0DGM15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!