p.exe

Scan p.exe - Powered by Reason Core Security
Version:
3, 3, 8, 1

MD5:
52ee5997da970304f3ef4136eb76bdb4

SHA-1:
bea457cd3f0de0cd8ee80c17364de057b63214e6

SHA-256:
7004993057974cb047d71418dcc67427e0459f3d9059384f35dfe5862147af2b

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/6/2016 11:12:34 AM UTC  (today)

Scan engine
Detection
Engine version

CMC Antivirus
Trojan-Spy.Win32.Zbot!O
1.1.0.977

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-BAY.K
7.7104

The Hacker
Backdoor/Poison.evja
6.8.0.5.466

File size:
635.5 KB (650,715 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\p.exe

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aCm:uRmJkcoQricOIQxiZY1iaCm

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Entropy:
6.5014

Code size:
514 KB (526,336 bytes)

Scan p.exe - Powered by Reason Core Security