× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a052f224ebb4756ff432307a9c9ce8de0940f762ce89089d14787d4b8be170cf
File name: dumped.exe
Detection ratio: 8 / 53
Analysis date: 2016-07-05 07:02:47 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MSIL.C956989 20160704
Avira (no cloud) TR/Agent.hna 20160705
Cyren W32/MSIL_Injector.CW.gen!Eldorado 20160705
ESET-NOD32 Win32/Agent.XYI 20160705
Kaspersky Trojan.Win32.Agent.ijdt 20160705
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20160705
Microsoft VirTool:MSIL/Luxod.B 20160705
Panda Trj/Orbond.A 20160704
Ad-Aware 20160704
AegisLab 20160704
Alibaba 20160704
ALYac 20160704
Antiy-AVL 20160705
Arcabit 20160705
Avast 20160705
AVG 20160705
AVware 20160705
Baidu 20160705
BitDefender 20160705
Bkav 20160704
CAT-QuickHeal 20160705
ClamAV 20160705
CMC 20160704
Comodo 20160705
DrWeb 20160705
Emsisoft 20160704
F-Prot 20160705
F-Secure 20160705
Fortinet 20160705
GData 20160705
Ikarus 20160705
Jiangmin 20160705
K7AntiVirus 20160705
K7GW 20160705
Kingsoft 20160705
Malwarebytes 20160705
McAfee 20160705
eScan 20160705
NANO-Antivirus 20160705
nProtect 20160704
Qihoo-360 20160705
Sophos AV 20160705
SUPERAntiSpyware 20160705
Symantec 20160701
Tencent 20160705
TheHacker 20160705
TrendMicro 20160705
TrendMicro-HouseCall 20160704
VBA32 20160703
VIPRE 20160704
ViRobot 20160704
Zillya 20160704
Zoner 20160704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product BullWorker
Original name BullWorker.exe
Internal name BullWorker.exe
File version 1.0.0.0
Description BullWorker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-04 14:42:36
Entry Point 0x000942AE
Number of sections 3
.NET details
Module Version ID 5050bb87-7509-4610-acd6-8cd92dce635e
TypeLib ID 67e15591-34f4-4881-9139-9bfacc26870f
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x942ae

OriginalFileName
BullWorker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:07:04 15:42:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BullWorker.exe

ProductVersion
1.0.0.0

FileDescription
BullWorker

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
599040

ProductName
BullWorker

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 07bf2353e21afc3b870ea5bc87247825
SHA1 8690059f4af120ab051b76655217664ddd577eff
SHA256 a052f224ebb4756ff432307a9c9ce8de0940f762ce89089d14787d4b8be170cf
ssdeep
12288:GiuiXz91pNyEEZV4dawM19F8mycAN6cLH8eSgull:GiPPpNyETxQ9F8zBc9gull

authentihash 3a042cf21dae76aa453bca50bb9f0674b33baceaa3eb83a80a0f5d266e284d03
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 588.0 KB ( 602112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (39.3%)
UPX compressed Win32 Executable (16.4%)
Win64 Executable (generic) (14.8%)
Win32 EXE Yoda's Crypter (14.2%)
Windows screen saver (7.0%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-07-05 07:02:47 UTC ( 1 year, 3 months ago )
Last submission 2016-07-13 03:22:24 UTC ( 1 year, 3 months ago )
File names BullWorker.exe
dumped.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!