× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fed6dd288e9db1e12267ddd35f9e84d0e6676cd512d6eb4ceb959898a481adf6
File name: output.114418619.txt
Detection ratio: 38 / 67
Analysis date: 2018-10-29 19:16:29 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40647275 20181029
ALYac Trojan.GenericKD.40647275 20181029
Arcabit Trojan.Generic.D26C3A6B 20181029
Avast Win32:Trojan-gen 20181029
AVG Win32:Trojan-gen 20181029
BitDefender Trojan.GenericKD.40647275 20181029
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.2a2d50 20180225
Cylance Unsafe 20181029
Cyren W32/Trojan.PVCG-4652 20181029
DrWeb Trojan.DownLoader27.12570 20181029
Emsisoft Trojan.GenericKD.40647275 (B) 20181029
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Kryptik.NEC 20181029
Fortinet MSIL/Kryptik.LOA!tr 20181029
GData Trojan.GenericKD.40647275 20181029
Ikarus Trojan.MSIL.Crypt 20181029
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00529aa11 ) 20181029
K7GW Trojan ( 00529aa11 ) 20181029
Kaspersky HEUR:Trojan.MSIL.NanoBot.gen 20181029
Malwarebytes Trojan.MalPack.MSIL.Generic 20181029
MAX malware (ai score=99) 20181029
McAfee RDN/Generic.grp 20181029
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20181029
Microsoft Trojan:Win32/Skeeyah.A!bit 20181029
eScan Trojan.GenericKD.40647275 20181029
NANO-Antivirus Trojan.Win32.NanoBot.fjrill 20181029
Palo Alto Networks (Known Signatures) generic.ml 20181029
Panda Trj/GdSda.A 20181029
Qihoo-360 Win32/Trojan.BO.573 20181029
Rising Trojan.Kryptik!8.8 (CLOUD) 20181029
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181029
Symantec Trojan.Gen.2 20181029
TrendMicro TROJ_GEN.R004C0PJS18 20181029
TrendMicro-HouseCall TROJ_GEN.R004C0PJS18 20181029
ZoneAlarm by Check Point HEUR:Trojan.MSIL.NanoBot.gen 20181029
AegisLab 20181029
AhnLab-V3 20181029
Alibaba 20180921
Antiy-AVL 20181029
Avast-Mobile 20181029
Avira (no cloud) 20181029
Babable 20180918
Baidu 20181029
Bkav 20181029
CAT-QuickHeal 20181028
ClamAV 20181029
CMC 20181029
eGambit 20181029
F-Prot 20181029
Jiangmin 20181029
Kingsoft 20181029
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TotalDefense 20181029
Trustlook 20181029
VBA32 20181029
VIPRE None
ViRobot 20181029
Webroot 20181029
Yandex 20181026
Zillya 20181029
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)360.cn Inc.All Rights Reserved.

Product 360安全衛士
Original name 360HImmu.exe
Internal name 360HImmu.exe
File version 1, 0, 0, 1045
Description 360安全衛士 系統防黑加固模組
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-21 00:39:21
Entry Point 0x000A8686
Number of sections 3
.NET details
Module Version ID 52ec35d4-2ed0-47bc-b9a6-519e07c5eb34
PE sections
Overlays
MD5 e0533d2aea48901de69fbfb4301b7fc0
File type ASCII text
Offset 702464
Size 1172
Entropy 5.52
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 4
RT_VERSION 2
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
CHINESE TRADITIONAL 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1045

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

FileDescription
360

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
19968

EntryPoint
0xa8686

OriginalFileName
360HImmu.exe

MIMEType
application/octet-stream

LegalCopyright
(C)360.cn Inc.All Rights Reserved.

FileVersion
1, 0, 0, 1045

TimeStamp
2018:10:21 01:39:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
360HImmu.exe

ProductVersion
1, 0, 0, 1045

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
360

CodeSize
681984

ProductName
360

ProductVersionNumber
1.0.0.1045

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 401777285029c8cc0059a69f27106096
SHA1 c0225912a2d5062b3565687fcc7e3ecb0aa12909
SHA256 fed6dd288e9db1e12267ddd35f9e84d0e6676cd512d6eb4ceb959898a481adf6
ssdeep
12288:JUwBXP7L9ZzU3kQWqAwz1BhO7sDUFf1CAYsuKqzMDEh4GIaTME1ZLo0ySW6f36ax:JhBXX9Z+DhOQDW1rYzjV24zLeI+e

authentihash 464b734fa8cb37f27bc499982dae5de7a404b1bb3e0d84170fbfeec5c994bfb0
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 687.1 KB ( 703636 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-10-26 04:54:27 UTC ( 2 weeks, 4 days ago )
Last submission 2018-10-29 19:16:29 UTC ( 2 weeks, 1 day ago )
File names output.114418619.txt
360HImmu.exe
x.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections