× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01efa34e36caa245d5622ed54cb2c9666a17fa97ed47c2ce71c39823496cb756
File name: wouegbspv.exe
Detection ratio: 39 / 66
Analysis date: 2018-10-22 01:25:06 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Win32.Virtob.Gen.12.Dam 20181021
Arcabit Win32.Virtob.Gen.12.Dam 20181022
Avast Win32:Vitro 20181021
AVG Win32:Vitro 20181021
Avira (no cloud) TR/Crypt.ZPACK.Gen 20181021
Baidu Win32.Virus.Virut.gen 20181019
BitDefender Win32.Virtob.Gen.12.Dam 20181021
Bkav W32.HfsAutoA. 20181019
CAT-QuickHeal W32.Virut.G 20181021
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.d861fe 20180225
Cylance Unsafe 20181022
Emsisoft Win32.Virtob.Gen.12.Dam (B) 20181022
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Virut.NBP 20181021
F-Secure Win32.Virtob.Gen.12.Dam 20181022
Fortinet W32/Virut.CE 20181021
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20181021
Kaspersky HEUR:Trojan.Win32.Generic 20181022
Malwarebytes Trojan.MalPack 20181021
MAX malware (ai score=86) 20181022
McAfee Artemis!BEB2F8AD861F 20181021
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dh 20181022
Microsoft Trojan:Win32/Vigorf.A 20181022
eScan Win32.Virtob.Gen.12.Dam 20181021
NANO-Antivirus Virus.Win32.Virut-Gen.bwpxnc 20181022
Palo Alto Networks (Known Signatures) generic.ml 20181022
Panda Trj/CI.A 20181021
Qihoo-360 HEUR/QVM10.1.AEE9.Malware.Gen 20181022
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazqlGoZeMeMVrZ32DzaRH8B3) 20181021
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181022
Symantec W32.Virut.CF 20181021
Tencent Win32.Trojan.Generic.Pjxa 20181022
TrendMicro TROJ_GEN.R02DC0OJL18 20181021
TrendMicro-HouseCall TROJ_GEN.R02DC0OJL18 20181021
Yandex Win32.Virut.AB.Gen 20181020
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181021
AegisLab 20181021
AhnLab-V3 20181021
Alibaba 20180921
ALYac 20181022
Antiy-AVL 20181019
Avast-Mobile 20181021
Babable 20180918
ClamAV 20181021
CMC 20181021
Cyren 20181021
DrWeb 20181022
eGambit 20181022
F-Prot 20181022
Ikarus 20181021
Jiangmin 20181022
K7AntiVirus 20181021
Kingsoft 20181022
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181021
TheHacker 20181018
TotalDefense 20181021
Trustlook 20181022
VBA32 20181019
ViRobot 20181021
Webroot 20181022
Zillya 20181019
Zoner 20181021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name wouegbspv.exe
File version 1.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-04 13:35:59
Entry Point 0x00006D83
Number of sections 5
PE sections
PE imports
GetLastError
TlsGetValue
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
SetFileApisToANSI
GetEnvironmentStringsW
LoadLibraryA
SetConsoleOutputCP
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetLocaleInfoW
CompareStringW
RaiseException
GetFirmwareEnvironmentVariableW
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetConsoleSelectionInfo
WriteProfileSectionA
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
FindAtomA
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 8
RT_STRING 8
RT_BITMAP 4
RT_GROUP_CURSOR 1
PUMOJUHOGORUNUFIGU 1
RT_ACCELERATOR 1
RT_CURSOR 1
NOBEMITOKUWACITIXAHALUXULUGE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
THAI DEFAULT 27
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0x6d83

MIMEType
application/octet-stream

FileVersion
1.0.1

TimeStamp
2009:12:04 14:35:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wouegbspv.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
142336

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 beb2f8ad861fed9dc7a525d8b9b59cd7
SHA1 47e87fd500006e280c8e6d1a3cb654cdfbd7e08e
SHA256 01efa34e36caa245d5622ed54cb2c9666a17fa97ed47c2ce71c39823496cb756
ssdeep
3072:nkVCaT6vJhBr/fW2EzitJrLEYcXsuV8HRe5WYLWW9wSgp/oaDsQaeTQU:kVCaWJhBbW2EerLEYcXs/HH5dUeTQU

authentihash 3fdbbecf042a28ecde5357d6d91f456a3253e1e624cf61e79960fba96cf5becc
imphash b9498a1b40d1aa7bad0640ab47d00e2d
File size 237.0 KB ( 242688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-22 01:25:06 UTC ( 3 weeks, 1 day ago )
Last submission 2018-10-22 01:25:06 UTC ( 3 weeks, 1 day ago )
File names wouegbspv.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications