× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f3ebcd2aa038209719e43f3f552ff0d78ada9b871b338d89f9b9a4b7aa6a0fbb
File name: f3ebcd2aa038209719e43f3f552ff0d78ada9b871b338d89f9b9a4b7aa6a0fbb
Detection ratio: 64 / 68
Analysis date: 2018-03-04 12:25:39 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BNST 20180304
AegisLab Win.Backdoor.Bladabindi.mBi5 20180304
AhnLab-V3 Backdoor/Win32.Bladabindi.R91438 20180304
ALYac Trojan.Agent.BNST 20180304
Antiy-AVL Trojan[Backdoor]/MSIL.Bladabindi.as 20180304
Arcabit Trojan.Agent.BNST 20180303
Avast MSIL:Agent-DRD [Trj] 20180304
AVG MSIL:Agent-DRD [Trj] 20180304
Avira (no cloud) TR/Dropper.Gen7 20180301
AVware Backdoor.MSIL.Bladabindi.a (v) 20180304
Baidu MSIL.Backdoor.Bladabindi.a 20180302
BitDefender Trojan.Agent.BNST 20180304
Bkav W32.AtedypoLSTM.Trojan 20180303
CAT-QuickHeal Backdoor.Bladabindi.AL3 20180304
ClamAV Win.Trojan.B-468 20180304
CMC Backdoor.MSIL.Agent!O 20180304
Comodo Backdoor.MSIL.Bladabindi.A 20180304
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.7e2c5b 20180225
Cylance Unsafe 20180304
Cyren W32/MSIL_Bladabindi.AU.gen!Eldorado 20180304
DrWeb Trojan.DownLoader11.18111 20180304
eGambit Unsafe.AI_Score_98% 20180304
Emsisoft Trojan.Agent.BNST (B) 20180304
Endgame malicious (high confidence) 20180302
ESET-NOD32 MSIL/Bladabindi.BH 20180304
F-Prot W32/MSIL_Bladabindi.AU.gen!Eldorado 20180304
F-Secure Trojan.Agent.BNST 20180304
Fortinet MSIL/Agent.LI!tr 20180304
GData MSIL.Backdoor.Bladabindi.AV 20180304
Ikarus Trojan.MSIL.Bladabindi 20180304
Sophos ML heuristic 20180120
Jiangmin Trojan/Generic.bcgcy 20180304
K7AntiVirus Trojan ( 700000121 ) 20180304
K7GW Trojan ( 700000121 ) 20180304
Kaspersky HEUR:Trojan.Win32.Generic 20180302
Kingsoft Win32.Troj.Undef.(kcloud) 20180304
Malwarebytes Backdoor.Bladabindi.Generic 20180304
MAX malware (ai score=99) 20180304
McAfee Trojan-FIGN 20180304
McAfee-GW-Edition BehavesLike.Win32.BackdoorNJRat.mm 20180304
Microsoft Backdoor:MSIL/Bladabindi 20180304
eScan Trojan.Agent.BNST 20180304
NANO-Antivirus Trojan.Win32.Bladabindi.eronkr 20180304
Palo Alto Networks (Known Signatures) generic.ml 20180304
Panda Trj/CI.A 20180304
Qihoo-360 Win32/Trojan.253 20180304
Rising Backdoor.MSIL.Bladabindi!1.9E49 (CLASSIC) 20180304
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/DotNet-P 20180304
SUPERAntiSpyware Trojan.Agent/Gen-Bladabindi 20180304
Symantec Backdoor.Ratenjay 20180303
Tencent Win32.Trojan.Generic.Ozsh 20180304
TheHacker Trojan/Bladabindi.bh 20180303
TotalDefense Win32/DotNetDl.A!generic 20180304
TrendMicro BKDR_BLADABI.SMC 20180304
TrendMicro-HouseCall BKDR_BLADABI.SMC 20180304
VBA32 Backdoor.Bladabindi 20180303
VIPRE Backdoor.MSIL.Bladabindi.a (v) 20180304
ViRobot Backdoor.Win32.Bladabindi.Gen.A 20180303
Webroot W32.Malware.gen 20180304
Yandex Trojan.Agent!Y1sowrzLF4U 20180303
Zillya Backdoor.Agent.Win32.55242 20180302
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180304
Alibaba 20180302
Avast-Mobile 20180304
nProtect 20180304
Symantec Mobile Insight 20180220
Trustlook 20180304
WhiteArmor 20180223
Zoner 20180304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-31 11:29:09
Entry Point 0x0000748E
Number of sections 3
.NET details
Module Version ID 627924b7-0baf-4b42-bbab-afbcc81f0275
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:31 11:29:09+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
22016

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x748e

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 450f2817e2c5be69bc453be1f61671e4
SHA1 61fd5148ec072bb3bc772424381ede3ff450d88f
SHA256 f3ebcd2aa038209719e43f3f552ff0d78ada9b871b338d89f9b9a4b7aa6a0fbb
ssdeep
384:jLMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZvE:jEb9glF51LRpcnuD

authentihash 1bfa11eea4d78b60914985026ff069bc69d726bfada4102c53bf5d96737d41c7
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 23.5 KB ( 24064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.0%)
Win64 Executable (generic) (20.7%)
Windows screen saver (9.8%)
Win32 Dynamic Link Library (generic) (4.9%)
Win32 Executable (generic) (3.3%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-03-03 14:28:34 UTC ( 1 year ago )
Last submission 2018-03-04 12:25:39 UTC ( 1 year ago )
File names 450f2817e2c5be69bc453be1f61671e4.virus
Server.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!