× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00caa539aa187eb971e78df22170d2946b9d5f476786063fd3bfc502463396f5
File name: NCLENTRY.EXE
Detection ratio: 21 / 68
Analysis date: 2018-08-19 13:34:26 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.273983 20180819
Arcabit Trojan.Ursu.D42E3F 20180819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180818
BitDefender Gen:Variant.Ursu.273983 20180819
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CIPD 20180819
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180819
MAX malware (ai score=80) 20180819
McAfee Artemis!A04E3A9D8175 20180819
McAfee-GW-Edition BehavesLike.Win32.Emotet.fm 20180819
Microsoft Trojan:Win32/Emotet.AC!bit 20180819
eScan Gen:Variant.Ursu.273983 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Qihoo-360 HEUR/QVM20.1.4892.Malware.Gen 20180819
Rising Trojan.Cloxer!8.F54F (CLOUD) 20180819
Symantec ML.Attribute.HighConfidence 20180818
Webroot W32.Trojan.Emotet 20180819
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180819
AegisLab 20180819
AhnLab-V3 20180819
Alibaba 20180713
ALYac 20180819
Antiy-AVL 20180819
Avast 20180819
Avast-Mobile 20180819
AVG 20180819
Avira (no cloud) 20180819
AVware 20180819
Babable 20180725
Bkav 20180817
CAT-QuickHeal 20180819
ClamAV 20180819
CMC 20180817
Comodo 20180819
Cybereason 20180225
Cyren 20180819
DrWeb 20180819
eGambit 20180819
Emsisoft 20180819
F-Prot 20180819
F-Secure 20180819
Fortinet 20180819
GData 20180819
Ikarus 20180819
Jiangmin 20180819
K7AntiVirus 20180819
K7GW 20180819
Kingsoft 20180819
Malwarebytes 20180819
NANO-Antivirus 20180819
Panda 20180819
SentinelOne (Static ML) 20180701
Sophos AV 20180819
SUPERAntiSpyware 20180819
Symantec Mobile Insight 20180814
TACHYON 20180819
Tencent 20180819
TheHacker 20180818
TotalDefense 20180818
TrendMicro 20180819
TrendMicro-HouseCall 20180819
Trustlook 20180819
VBA32 20180817
VIPRE 20180819
ViRobot 20180819
Yandex 20180818
Zillya 20180817
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wsmprovhost.exe
Internal name wsmprovhost.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description wsmprovhost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-19 09:45:50
Entry Point 0x0000C191
Number of sections 5
PE sections
PE imports
GetTokenInformation
LogonUserW
GetSecurityDescriptorControl
GetSidLengthRequired
GetCurrentHwProfileA
GetFileSecurityA
QueryUsersOnEncryptedFile
IsValidSecurityDescriptor
EnumServicesStatusA
FindTextA
GetDeviceCaps
GetBrushOrgEx
EqualRgn
GetPolyFillMode
DPtoLP
ExtCreatePen
GetVolumePathNameW
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
VirtualAllocEx
GetWindowsDirectoryW
GetCommandLineW
GetProcessHeap
ExpandEnvironmentStringsW
FindResourceExA
GlobalAddAtomW
GetStringTypeA
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextVolumeMountPointW
IsProcessorFeaturePresent
ReleaseActCtx
ExitThread
FindFirstFileExW
FindAtomW
LocalSize
GetThreadId
GetTimeZoneInformation
LoadResource
LocalFileTimeToFileTime
GetComputerNameExW
LoadRegTypeLib
ExtractAssociatedIconW
InitializeSecurityContextA
SetFocus
GetWindowThreadProcessId
GetClassLongW
FlashWindow
GetScrollInfo
GetMessageExtraInfo
DrawStateA
GetRawInputData
GetSysColorBrush
GetScrollRange
LoadImageA
GetDlgItem
GetDC
SetParent
CloseClipboard
GetKeyState
GetKeyboardType
ExitWindowsEx
DrawTextExA
DdePostAdvise
FindNextUrlCacheEntryW
FindCloseUrlCache
DeletePortW
strtod
vfwprintf
fgetwc
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
wsmprovhost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
303104

EntryPoint
0xc191

OriginalFileName
wsmprovhost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:19 11:45:50+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
wsmprovhost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
55808

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a04e3a9d8175532d36e86bb515da5370
SHA1 13fd96bf0ea1c8cefd0fe6211ccd428af32d558d
SHA256 00caa539aa187eb971e78df22170d2946b9d5f476786063fd3bfc502463396f5
ssdeep
6144:LdDgzchEGTxq2CnKTroktRGF6fgWMJ17yTJKtKmQ/rBT:Ldcz0qDKTrokvGEfe3y4g3BT

authentihash 49a3da0edb277c455fbba12b157a6c5c7bb48bf1d6f34dcb0fa32a4c6310d78f
imphash 77001e9baeda72b9fd946c5b05f12d12
File size 346.5 KB ( 354816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-19 09:55:55 UTC ( 6 months, 1 week ago )
Last submission 2018-09-24 16:02:48 UTC ( 5 months ago )
File names 55989290.exe
a04e3a9d8175532d36e86bb515da5370.virobj
output.113875450.txt
952388.exe
wsmprovhost.exe
NCLENTRY.EXE
zbetcheckin_tracker_dTofA3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!