× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe23315f53df918f86665554d881016154542effcd5f82a3ba236baeabf64181
File name: g.exe
Detection ratio: 23 / 68
Analysis date: 2017-11-17 21:57:10 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.KT.2.Mv0@auE0K!m 20171117
Antiy-AVL Trojan/MSIL.Disfa 20171117
Arcabit Trojan.Heur.KT.2.ECE881 20171117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171117
BitDefender Gen:Trojan.Heur.KT.2.Mv0@auE0K!m 20171117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171117
eGambit Unsafe.AI_Score_94% 20171117
Emsisoft Gen:Trojan.Heur.KT.2.Mv0@auE0K!m (B) 20171117
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of MSIL/Kryptik.LQR 20171117
F-Secure Gen:Trojan.Heur.KT.2.Mv0@auE0K!m 20171117
Fortinet MSIL/Kryptik.LQR!tr 20171117
GData Gen:Trojan.Heur.KT.2.Mv0@auE0K!m 20171117
Sophos ML heuristic 20170914
MAX malware (ai score=82) 20171117
McAfee Artemis!119555D3EC3F 20171117
McAfee-GW-Edition Artemis!Trojan 20171117
eScan Gen:Trojan.Heur.KT.2.Mv0@auE0K!m 20171117
Qihoo-360 HEUR/QVM03.0.4131.Malware.Gen 20171117
SentinelOne (Static ML) static engine - malicious 20171113
Symantec Trojan.Cridex 20171117
AegisLab 20171117
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171117
Avast 20171117
Avast-Mobile 20171117
AVG 20171117
Avira (no cloud) 20171117
AVware 20171117
Bkav 20171117
CAT-QuickHeal 20171117
ClamAV 20171117
CMC 20171117
Comodo 20171117
Cyren 20171117
DrWeb 20171117
F-Prot 20171117
Ikarus 20171117
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171117
Kaspersky 20171117
Kingsoft 20171117
Malwarebytes 20171117
Microsoft 20171117
NANO-Antivirus 20171117
nProtect 20171117
Palo Alto Networks (Known Signatures) 20171117
Panda 20171117
Rising 20171117
Sophos AV 20171117
SUPERAntiSpyware 20171117
Symantec Mobile Insight 20171117
Tencent 20171117
TheHacker 20171117
TotalDefense 20171117
TrendMicro 20171117
TrendMicro-HouseCall 20171117
Trustlook 20171117
VBA32 20171117
VIPRE 20171117
ViRobot 20171117
Webroot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171117
ZoneAlarm by Check Point 20171117
Zoner 20171117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
HaeB2jvLxGFLuBnPyyqlikTK5GQ4lgKYIc4WpIMAF9uc2eL8t

Product jckfRearJsnjFlx0k0C0Bj8kENeyX0R3w8MpE1oU9kbbHjEcE
Original name g.exe
Internal name g.exe
File version 66.41.38.66
Description Ytf9FWFWMcJcaDLYUeLUXiJnnk9lQLwo9sLeDsCc9voA3FdbY
Comments Xoe2Zg9bqCHq0lMLZgHRsbmKg1Z3ADscK0qLQqUXMCEuRUo8I
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-17 10:54:37
Entry Point 0x001A200A
Number of sections 5
.NET details
Module Version ID 472e10b6-cff1-4abf-b5df-8acdb577392a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Xoe2Zg9bqCHq0lMLZgHRsbmKg1Z3ADscK0qLQqUXMCEuRUo8I

InitializedDataSize
1006080

ImageVersion
0.0

ProductName
jckfRearJsnjFlx0k0C0Bj8kENeyX0R3w8MpE1oU9kbbHjEcE

FileVersionNumber
66.41.38.66

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
g.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
66.41.38.66

TimeStamp
2017:11:17 11:54:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
g.exe

ProductVersion
66.41.38.66

FileDescription
Ytf9FWFWMcJcaDLYUeLUXiJnnk9lQLwo9sLeDsCc9voA3FdbY

OSVersion
4.0

FileOS
Win32

LegalCopyright
HaeB2jvLxGFLuBnPyyqlikTK5GQ4lgKYIc4WpIMAF9uc2eL8t

MachineType
Intel 386 or later, and compatibles

CompanyName
kn7O5GDnMSvExqixIc94JuxjvIb9zTXzSPpxtPrUzFBAm3Gcw

CodeSize
675840

FileSubtype
0

ProductVersionNumber
66.41.38.66

EntryPoint
0x1a200a

ObjectFileType
Executable application

AssemblyVersion
53.15.21.13

Compressed bundles
File identification
MD5 119555d3ec3fd34ef73d508fcc6995c5
SHA1 98293b80ccf312a8da99c2b5ca36656adebd0d0f
SHA256 fe23315f53df918f86665554d881016154542effcd5f82a3ba236baeabf64181
ssdeep
24576:LeYnJ2udxWvmvG8RRHZmRq/ntOftnkRczVYw691LWRbfSiMVAnT+wPG1uUuNZMG:LvhWWG8n6qAtnkazVq1cbvMIOVG

authentihash 1449f67a209c003e98b78e05ab733d007deea1fd1c86d7568a824dc034427ade
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.6 MB ( 1682944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-11-17 21:57:10 UTC ( 1 year, 6 months ago )
Last submission 2018-02-01 21:08:59 UTC ( 1 year, 3 months ago )
File names output.112469119.txt
g.exe
VirusShare_119555d3ec3fd34ef73d508fcc6995c5
test (136).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!