× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd636160f60655ec7ed66df984f0c509976caedcbcd18b4fdaa6dbe3b300f36f
File name: mi.exe
Detection ratio: 8 / 54
Analysis date: 2016-08-01 12:43:45 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Generic!c 20160801
ESET-NOD32 a variant of MSIL/Injector.PZA 20160801
Kaspersky HEUR:Trojan.Win32.Generic 20160801
McAfee Artemis!509C1A4CA1DF 20160801
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20160801
Qihoo-360 Win32/Trojan.e6d 20160801
Symantec SAPE.Heur.98937 20160801
Tencent Win32.Trojan.Inject.Auto 20160801
Ad-Aware 20160801
AhnLab-V3 20160801
Alibaba 20160801
ALYac 20160801
Antiy-AVL 20160801
Arcabit 20160801
Avast 20160801
AVG 20160801
Avira (no cloud) 20160801
AVware 20160801
Baidu 20160801
BitDefender 20160801
Bkav 20160801
CAT-QuickHeal 20160801
ClamAV 20160801
CMC 20160801
Comodo 20160801
Cyren 20160801
DrWeb 20160801
Emsisoft 20160801
F-Prot 20160801
F-Secure 20160801
Fortinet 20160801
GData 20160801
Ikarus 20160801
Jiangmin 20160801
K7AntiVirus 20160801
K7GW 20160801
Kingsoft 20160801
Malwarebytes 20160801
Microsoft 20160801
eScan 20160801
NANO-Antivirus 20160801
nProtect 20160729
Panda 20160801
Sophos AV 20160801
SUPERAntiSpyware 20160801
TheHacker 20160729
TotalDefense 20160801
TrendMicro 20160801
TrendMicro-HouseCall 20160801
VBA32 20160801
VIPRE 20160801
ViRobot 20160801
Yandex 20160731
Zillya 20160731
Zoner 20160801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product vdgibrhsl
Original name vdgibrhsl.exe
Internal name vdgibrhsl.exe
File version 45.1.555.21
Description Media center expand system
Comments vdgibrhsl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-31 22:27:40
Entry Point 0x000D1B8E
Number of sections 3
.NET details
Module Version ID cb9184d7-21b9-4a46-a2ee-6c64b3603569
TypeLib ID 40f7159f-958f-4886-87c6-3fbd8531a4db
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
vdgibrhsl

InitializedDataSize
2048

ImageVersion
0.0

ProductName
vdgibrhsl

FileVersionNumber
45.1.555.21

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
vdgibrhsl.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
45.1.555.21

TimeStamp
2016:07:31 23:27:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vdgibrhsl.exe

ProductVersion
45.1.555.21

FileDescription
Media center expand system

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2016

MachineType
Intel 386 or later, and compatibles

CodeSize
850944

FileSubtype
0

ProductVersionNumber
45.1.555.21

EntryPoint
0xd1b8e

ObjectFileType
Executable application

AssemblyVersion
45.1.555.21

Compressed bundles
File identification
MD5 509c1a4ca1dfd590eca0b4f163621354
SHA1 3cdaf79d3237ba094e2477a8a38e10d95355813a
SHA256 fd636160f60655ec7ed66df984f0c509976caedcbcd18b4fdaa6dbe3b300f36f
ssdeep
12288:kjsf5bxsz+zlDDYRJT72wPcXnW3kUDYXehwPWubtW/G7G5yQ4HTvCCNfz10al/qa:AP+hgRhtPBY18G7EyHzCKbyCqzHrOv

authentihash 839ad5762757183c0fce9607b98d9ebc36173c985420db0a29b43f7a8de6fa70
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 833.5 KB ( 853504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-08-01 11:31:14 UTC ( 2 years, 9 months ago )
Last submission 2017-08-04 18:13:29 UTC ( 1 year, 9 months ago )
File names mi.exe
VirusShare_509c1a4ca1dfd590eca0b4f163621354
aa
mi.exe
509c1a4ca1dfd590eca0b4f163621354
mi.exe
mi[1].exe
509c1a4ca1dfd590eca0b4f163621354
vdgibrhsl.exe
QTwhWHu1YP.xdp
509c1a4ca1dfd590eca0b4f163621354.exe
509c1a4ca1dfd590eca0b4f163621354
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications