× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb606715536a7272bbb91781d8950f65e0bb29bd9eb5fabfa797db89a3397174
File name: eb606715536a7272bbb91781d8950f65e0bb29bd9eb5fabfa797db89a3397174
Detection ratio: 32 / 64
Analysis date: 2017-09-05 17:02:52 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.m48a 20170905
Avast Win32:Malware-gen 20170905
AVG Win32:Malware-gen 20170905
Avira (no cloud) TR/Dropper.MSIL.jairq 20170905
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
CAT-QuickHeal Backdoor.Androm 20170905
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170905
Cyren W32/Agent.AOM.gen!Eldorado 20170905
DrWeb Trojan.PWS.Stealer.19347 20170905
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of MSIL/Injector.SVU 20170905
F-Prot W32/Agent.AOM.gen!Eldorado 20170905
Fortinet W32/Androm.NXDS!tr.bdr 20170905
GData Win32.Trojan.Agent.AD4JGX 20170905
Ikarus Win32.Outbreak 20170905
Sophos ML heuristic 20170822
K7AntiVirus Trojan ( 005151e51 ) 20170905
K7GW Hacktool ( 655367771 ) 20170905
Kaspersky Backdoor.Win32.Androm.nxds 20170905
MAX malware (ai score=100) 20170905
McAfee Artemis!30A76F7935AA 20170905
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20170905
Palo Alto Networks (Known Signatures) generic.ml 20170905
Qihoo-360 HEUR/QVM03.0.9F6B.Malware.Gen 20170905
Rising Backdoor.Androm!8.113 (cloud:cFYJmDayj8P) 20170901
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170905
Symantec W32.Golroted 20170905
VIPRE Trojan.Win32.Generic!BT 20170905
Webroot W32.Trojan.Gen 20170905
ZoneAlarm by Check Point Backdoor.Win32.Androm.nxds 20170905
Ad-Aware 20170905
AhnLab-V3 20170905
Alibaba 20170905
ALYac 20170905
Antiy-AVL 20170905
Arcabit 20170905
AVware 20170905
BitDefender 20170905
ClamAV 20170905
CMC 20170902
Comodo 20170905
Emsisoft 20170905
F-Secure 20170905
Jiangmin 20170905
Kingsoft 20170905
Malwarebytes 20170905
Microsoft 20170905
eScan 20170905
NANO-Antivirus 20170905
nProtect 20170905
Panda 20170905
SUPERAntiSpyware 20170905
Symantec Mobile Insight 20170901
Tencent 20170905
TheHacker 20170904
TotalDefense 20170905
TrendMicro 20170905
TrendMicro-HouseCall 20170905
Trustlook 20170905
VBA32 20170905
ViRobot 20170905
WhiteArmor 20170829
Yandex 20170904
Zillya 20170905
Zoner 20170905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2015

Product WinDec
Original name work.scr.exe
Internal name work.scr.exe
File version 15.5.11.16
Description WinDecoderNew
Comments Decoder for videos
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-04 10:20:50
Entry Point 0x000345CE
Number of sections 3
.NET details
Module Version ID 0e586803-f68b-4c61-8a5e-17fc58d92744
TypeLib ID b7578777-60cd-4fe0-ae24-0a0609555ec8
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Decoder for videos

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.5.11.16

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
WinDecoderNew

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x345ce

OriginalFileName
work.scr.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2015

FileVersion
15.5.11.16

TimeStamp
2017:09:04 12:20:50+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
work.scr.exe

ProductVersion
15.5.11.16

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
208896

ProductName
WinDec

ProductVersionNumber
15.5.11.16

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.1.8.16

Compressed bundles
File identification
MD5 30a76f7935aa35cb2a5e6b1bd4d6aa49
SHA1 8f0b90f0b390e14c59b30a058ad0ab3f183c2cde
SHA256 eb606715536a7272bbb91781d8950f65e0bb29bd9eb5fabfa797db89a3397174
ssdeep
3072:ONxy5AGCerPmKP5jleSejwFnYHzXLFAXdhS/fJIqX03yS:+yyTSPb5jETwZYLJyk/a203

authentihash d08cfea83aba3850b1d2d29c22da9ab53d9dee8f8664519b73f3069e31c217de
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-09-05 04:29:53 UTC ( 1 year, 8 months ago )
Last submission 2019-03-06 04:02:21 UTC ( 2 months, 2 weeks ago )
File names wire.exe
8f0b90f0b390e14c59b30a058ad0ab3f183c2cde
VirusShare_30a76f7935aa35cb2a5e6b1bd4d6aa49
work.scr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications