× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f48c52e93854b2c45233a4f86b97c27e2997c920be9f8b9b646e97f264d18b49
File name: output.113187444.txt
Detection ratio: 43 / 67
Analysis date: 2018-05-08 05:01:34 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.185134 20180508
AegisLab Troj.Msil.Generic!c 20180508
AhnLab-V3 Trojan/Win32.Kryptik.R226752 20180507
ALYac Gen:Variant.Ursu.185134 20180508
Antiy-AVL Trojan/Win32.TSGeneric 20180507
Arcabit Trojan.Ursu.D2D32E 20180508
Avast Win32:Malware-gen 20180508
AVG Win32:Malware-gen 20180508
Avira (no cloud) TR/AD.njLogger.sejyy 20180508
BitDefender Gen:Variant.Ursu.185134 20180508
CAT-QuickHeal Trojan.IGENERIC 20180507
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180508
Cyren W32/Trojan.NQYC-8097 20180508
DrWeb Trojan.PWS.Stealer.19347 20180508
Emsisoft Gen:Variant.Ursu.185134 (B) 20180508
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Kryptik.NUV 20180508
F-Secure Gen:Variant.Ursu.185134 20180508
Fortinet MSIL/Kryptik.NUV!tr 20180508
GData Gen:Variant.Ursu.185134 20180508
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052f1161 ) 20180508
K7GW Trojan ( 0052f1161 ) 20180507
Kaspersky HEUR:Trojan.MSIL.Generic 20180508
MAX malware (ai score=96) 20180508
McAfee RDN/Generic.dx 20180508
McAfee-GW-Edition BehavesLike.Win32.Trojan.gc 20180507
Microsoft Trojan:Win32/Tiggre!plock 20180508
eScan Gen:Variant.Ursu.185134 20180508
NANO-Antivirus Trojan.Win32.Stealer.fbepog 20180508
Palo Alto Networks (Known Signatures) generic.ml 20180508
Panda Trj/CI.A 20180507
Qihoo-360 Win32/Trojan.b77 20180508
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180508
Symantec Trojan Horse 20180508
Tencent Msil.Trojan.Generic.Szbr 20180508
TrendMicro TROJ_GEN.R039C0OE618 20180508
TrendMicro-HouseCall TROJ_GEN.R039C0OE618 20180508
VIPRE Trojan.Win32.Generic!BT 20180508
Webroot W32.Trojan.Gen 20180508
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Generic 20180508
Alibaba 20180508
Avast-Mobile 20180507
AVware 20180428
Babable 20180406
Baidu 20180508
Bkav 20180504
ClamAV 20180508
CMC 20180507
Comodo 20180508
Cybereason None
eGambit 20180508
F-Prot 20180508
Ikarus 20180507
Jiangmin 20180508
Kingsoft 20180508
Malwarebytes 20180508
nProtect 20180508
Rising 20180508
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
TheHacker 20180504
TotalDefense 20180507
Trustlook 20180508
VBA32 20180507
ViRobot 20180507
Yandex 20180506
Zillya 20180507
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2018 Microsoft Corporation. All rights reserved.

Product VS Code By Microsoft
Original name VS_Code.exe
Internal name VS_Code.exe
File version 1.22.0.0
Comments VS Code By Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-04 18:20:46
Entry Point 0x00072D9E
Number of sections 3
.NET details
Module Version ID 4616b729-c648-4bab-af61-0e093b7eb3a4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
VS Code By Microsoft

InitializedDataSize
2560

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.22.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x72d9e

OriginalFileName
VS_Code.exe

MIMEType
application/octet-stream

LegalCopyright
2018 Microsoft Corporation. All rights reserved.

FileVersion
1.22.0.0

TimeStamp
2018:05:04 19:20:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VS_Code.exe

ProductVersion
1.22.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
462336

ProductName
VS Code By Microsoft

ProductVersionNumber
1.22.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.22.0.0

File identification
MD5 c69fe97bdb3753c347a8631311698fe0
SHA1 06c74d2c62c262eb22e09799fb872d104db4aeda
SHA256 f48c52e93854b2c45233a4f86b97c27e2997c920be9f8b9b646e97f264d18b49
ssdeep
12288:11NCSlk2zYtbwXm5wWo4gOfPvJk4394ImFq:HASlk20tbwXm9LgEJk43Cv

authentihash 907b267161ee1de05a76aeaea847f41ab53705b9b3d70339613e6b1025ef9ec5
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 454.5 KB ( 465408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-05-04 19:45:12 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-13 23:37:36 UTC ( 9 months, 1 week ago )
File names output.113160187.txt
output.113187444.txt
VS_Code.exe
explorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections