× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5c8211bcceb2fd509a4f526d63550ef69d84b36b0ba09e0f7b208a72fabc43a
File name: 23s.exe
Detection ratio: 42 / 62
Analysis date: 2018-07-02 23:53:02 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30637761 20180702
AhnLab-V3 Malware/Win32.Generic.C737391 20180702
Avast Win32:GenX-RAT 20180702
AVG Win32:GenX-RAT 20180702
Avira (no cloud) TR/AD.Fynloski.eginy 20180702
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180702
BitDefender Trojan.GenericKD.30637761 20180702
CAT-QuickHeal Trojan.Dynamer 20180702
Comodo UnclassifiedMalware 20180702
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.f95b98 20180225
Cyren W32/Trojan.MJFA-0503 20180702
DrWeb Trojan.PWS.Siggen.12977 20180702
Emsisoft Trojan.GenericKD.30637761 (B) 20180702
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.DNB 20180702
F-Secure Trojan.GenericKD.30637761 20180702
Fortinet MSIL/Kryptik.LHA!tr 20180702
GData Trojan.GenericKD.30637761 20180702
Ikarus Trojan-Dropper.MSIL.Agent 20180702
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005265a71 ) 20180702
K7GW Trojan ( 005265a71 ) 20180703
Kaspersky HEUR:Backdoor.Win32.Generic 20180703
Malwarebytes Trojan.Crypt.MSIL 20180702
MAX malware (ai score=99) 20180703
McAfee GenericRXFQ-ED!03F428533C8E 20180702
McAfee-GW-Edition BehavesLike.Win32.Generic.tt 20180702
Microsoft Backdoor:Win32/Fynloski 20180702
eScan Trojan.GenericKD.30637761 20180702
NANO-Antivirus Trojan.Win32.Fynloski.fapkzp 20180702
Palo Alto Networks (Known Signatures) generic.ml 20180703
Panda Trj/GdSda.A 20180702
Qihoo-360 Win32/Backdoor.d55 20180703
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180703
Symantec ML.Attribute.HighConfidence 20180702
Tencent Win32.Backdoor.Generic.Gvk 20180703
VBA32 TScope.Trojan.MSIL 20180629
VIPRE Trojan.Win32.Generic!BT 20180702
Yandex Trojan.DR.Agent!LpDSE6mHbuY 20180702
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Generic 20180702
AegisLab 20180702
Antiy-AVL 20180702
Arcabit 20180702
Avast-Mobile 20180702
Babable 20180406
Bkav 20180702
ClamAV 20180702
CMC 20180702
eGambit 20180703
F-Prot 20180702
Jiangmin 20180703
Kingsoft 20180703
SUPERAntiSpyware 20180702
TACHYON 20180702
TheHacker 20180628
TotalDefense 20180702
Trustlook 20180703
ViRobot 20180702
Webroot 20180703
Zillya 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-19 16:56:55
Entry Point 0x000CB582
Number of sections 3
.NET details
Module Version ID 45cbd1f3-9bbf-467b-975f-565f12094ac4
PE sections
Overlays
MD5 7ea5d79f43594e3f41e487b6204c43e0
File type ASCII text
Offset 1180160
Size 705304
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:19 17:56:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
824832

LinkerVersion
8.0

EntryPoint
0xcb582

InitializedDataSize
354816

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 03f428533c8e06c25a05c2a689e41914
SHA1 2070227f95b9826737304896b071a82c8ae07360
SHA256 f5c8211bcceb2fd509a4f526d63550ef69d84b36b0ba09e0f7b208a72fabc43a
ssdeep
24576:kCJwDeeNIeQEKpREJIAwmQjM+5hWtWrnngnnnKnanx9:kgheNIS6knPghWErnngnnnKnanz

authentihash afd4699f06602119509df01edfb5102302ab179a0ced2f96e2b37b7b0d17f94f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.8 MB ( 1885464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-04-21 12:55:35 UTC ( 5 months ago )
Last submission 2018-04-22 12:24:22 UTC ( 5 months ago )
File names 23s.exe
f26fc5f5bb531a533db635aac78c314fa91590aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!