ea13dfec9321ebe19cce64ec6fc5431b

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Aug-04 09:31:06
Detected languages English - United States
CompanyName Microsoft Corporation
FileDescription Microsoft
FileVersion 10.0.30319.1 built by: RTMRel
InternalName devenv.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename devenv.exe
ProductName Microsoft®
ProductVersion 10.0.30319.1

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Malicious VirusTotal score: 48/65 (Scanned on 2017-07-30 09:25:22) MicroWorld-eScan: Gen:Heur.MSIL.Krypt.2
CAT-QuickHeal: Trojan.Generic
K7GW: Trojan ( 0049b7451 )
K7AntiVirus: Trojan ( 0049b7451 )
Arcabit: Trojan.MSIL.Krypt.2
TrendMicro: TROJ_GEN.R047C0DDL17
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9999
Symantec: Trojan Horse
TrendMicro-HouseCall: TROJ_GEN.R047C0DDL17
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Gen:Heur.MSIL.Krypt.2
NANO-Antivirus: Trojan.Win32.Disfa.cuyyww
AegisLab: Troj.W32.Generic!c
Avast: MSIL:GenMalicious-ATV [Trj]
Tencent: Win32.Trojan.Generic.Ajlb
Ad-Aware: Gen:Heur.MSIL.Krypt.2
Emsisoft: Gen:Heur.MSIL.Krypt.2 (B)
Comodo: UnclassifiedMalware
F-Secure: Gen:Heur.MSIL.Krypt.2
DrWeb: Trojan.Starter.2890
VIPRE: Trojan.Win32.Generic!BT
Invincea: heuristic
McAfee-GW-Edition: Artemis!Trojan
Sophos: Mal/Bladabi-J
SentinelOne: static engine - malicious
Cyren: W32/Trojan.KQOA-2316
Webroot: W32.Malware.Gen
Avira: TR/Anaki.A.112
Antiy-AVL: Trojan/Win32.AGeneric
Kingsoft: Win32.Troj.Undef.(kcloud)
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Anaki.A!gfc
ViRobot: Trojan.Win32.Z.Anaki.268800
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: Gen:Heur.MSIL.Krypt.2
AhnLab-V3: Trojan/Win32.Bladabindi.C230655
McAfee: Artemis!EA13DFEC9321
AVware: Trojan.Win32.Generic!BT
MAX: malware (ai score=84)
Cylance: Unsafe
ESET-NOD32: a variant of MSIL/Kryptik.YL
Rising: Trojan.Generic (cloud:3hTYnaxZbyB)
Yandex: Trojan.Agent!wjy9rlEkAkI
Ikarus: Trojan-Spy.HawkEye
Fortinet: W32/Generic.YL!tr
AVG: MSIL:GenMalicious-ATV [Trj]
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: Win32/Trojan.d60

Hashes

MD5 ea13dfec9321ebe19cce64ec6fc5431b
SHA1 22523cb88010929eeac1e8eb2ca58b7409039679
SHA256 e3a2c090f5e78fc1396694b11891523fc1a8208258f6b9c7d501a2e171f7782e
SHA3 caeafe43fca250ab9af9cbb60e2a45afcd182539ea91a2c2b3012b4ee4da4bfa
SSDeep 6144:Ki6AW1LHZvNeiHgxeYBer1wXDEZzy/iJZ:KilWxBAx7+cAZzMg
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2014-Aug-04 09:31:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x3b600
SizeOfInitializedData 0x6200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x3d53e (Section: .text)
BaseOfCode 0x2000
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x46000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3b631dc9f84c54f0b4d7f5f2960ae361
SHA1 19ea3b99f8fa5d6cc1b67377e243e6a14baa9225
SHA256 98554b431282295f93851e2a32adc1ba4ea9d5b284104fad72134980f389e525
SHA3 8f7bce0dcbb58a3ce3589f4aec512c65dabfdef0be634e375ced339ca76dd578
VirtualSize 0x3b544
VirtualAddress 0x2000
SizeOfRawData 0x3b600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.09168

.rsrc

MD5 74e7a103b3b0606e3286c5e7dbcdde89
SHA1 a28ebefd2c1d4e5dd97d37d207eb454618e73ec8
SHA256 959e1bc702c9ab126b537ed9503d94b49a90d0c8d00ebdb03a5aeb59b29eea9e
SHA3 1f5694344cc515e921174cdf2569b24ce6f59d684973915ede24f364de7dd13b
VirtualSize 0x6000
VirtualAddress 0x3e000
SizeOfRawData 0x6000
PointerToRawData 0x3b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.53673

.reloc

MD5 bcb8d6a489fb6d8ad4d7ef0faa3158a4
SHA1 38920efc3ca419b1a119babefcbd1866dc8b45bd
SHA256 04f914ff9c26eb6a1b4921c644f731fbdbe48536644411ab008abc0642e5e89a
SHA3 951b8b2e9aa86307d12b59ff93caa4db5c2abd28e81599c2d6ff538b5d041db8
VirtualSize 0xc
VirtualAddress 0x44000
SizeOfRawData 0x200
PointerToRawData 0x41800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

12

Type SIMON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x5851
Entropy 7.52228
Detected Filetype GZip Compressed Archive
MD5 29e2e3bd5a724e43c3dfd82500b22b80
SHA1 4ed5506bf112c72469a269e0210d9aece2e0dabc
SHA256 b3a6ac3852e3546629bacb337d00c47cc347d51f764daeb56d74c8de7c9c68b5
SHA3 c5606d2612bdc2d430def5aff9f21f4d57e834fb6a1b94fd67d794884751f8b8

1

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x330
Entropy 3.41201
MD5 341c951af0a02a056388c25285d71389
SHA1 70441a17676548413580eac3bfae1abd019cfbf6
SHA256 9bfc0e6e96cd4a727cc49c4d5bcc3bc16664067a5b90f348d5a9f114229b0929
SHA3 950f44937fc76e3a52f6d6508dd722421fec80e5f48740a82ce3cc65074eed07

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ea
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 770a4320336495b7f07f0711380cc7dde1965bafc8765ba2aa981bfc87020d72

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.30319.1
ProductVersion 10.0.30319.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Microsoft
FileVersion (#2) 10.0.30319.1 built by: RTMRel
InternalName devenv.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename devenv.exe
ProductName Microsoft®
ProductVersion (#2) 10.0.30319.1
Resource LangID English - United States

TLS Callbacks

Load Configuration

Errors