× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03bbd70591730fdea53ee221cf0b4e6608062c266e5c5c745208c73edb9f755c
File name: 6ee513ae196a1587b6d67423b82381740980b10b
Detection ratio: 23 / 69
Analysis date: 2018-06-20 05:30:41 UTC ( 8 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180620
AhnLab-V3 Trojan/Win32.Agent.C2575439 20180620
Avast Win32:Malware-gen 20180620
AVG FileRepMalware 20180620
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20180620
Comodo CloudScanner.Trojan.Gen 20180620
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180620
Emsisoft Trojan.Emotet (A) 20180620
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.FVEZ!tr 20180620
Ikarus Trojan-Banker.Emotet 20180619
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180620
MAX malware (ai score=94) 20180620
McAfee GenericRXFV-BS!8266A576FA10 20180620
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fm 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Symantec ML.Attribute.HighConfidence 20180620
TrendMicro-HouseCall Suspicious_GEN.F47V0619 20180620
VBA32 BScope.Malware-Cryptor.Win32.Cb 20180619
Webroot W32.Trojan.Emotet 20180620
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180620
Ad-Aware 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Arcabit 20180620
Avast-Mobile 20180619
Avira (no cloud) 20180619
AVware 20180618
Babable 20180406
BitDefender 20180620
Bkav 20180619
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Cybereason 20180225
Cyren 20180620
DrWeb 20180620
eGambit 20180620
ESET-NOD32 20180620
F-Prot 20180620
F-Secure 20180620
GData 20180620
Jiangmin 20180620
K7AntiVirus 20180619
K7GW 20180620
Kingsoft 20180620
Malwarebytes 20180620
Microsoft 20180619
eScan 20180620
NANO-Antivirus 20180620
Panda 20180619
Qihoo-360 20180620
Rising 20180620
SentinelOne (Static ML) 20180618
Sophos AV 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180619
TrendMicro 20180620
Trustlook 20180620
VIPRE 20180620
ViRobot 20180619
Yandex 20180618
Zillya 20180619
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-20 04:30:21
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
NotifyBootConfigStatus
CryptReleaseContext
RegCloseKey
OpenSCManagerW
RegEnumKeyW
LookupPrivilegeDisplayNameA
QueryServiceConfigW
CM_Get_Resource_Conflict_DetailsW
ClusterRegSetValue
ClusterRegCreateKey
ImageList_Create
CertFindSubjectInSortedCTL
CertCreateCertificateChainEngine
CertSaveStore
CertGetEnhancedKeyUsage
JetCommitTransaction
GetKerningPairsW
LineTo
SetColorAdjustment
DeleteDC
CopyEnhMetaFileW
SetAbortProc
CreateFontIndirectA
CreateRectRgnIndirect
CreateEnhMetaFileA
CreateDIBSection
GetLayout
EnumFontFamiliesW
GetTextFaceA
ImmConfigureIMEW
GetSystemDefaultLangID
GetBinaryTypeA
SetVolumeLabelA
WaitForDebugEvent
SetTimeZoneInformation
Process32First
SetCalendarInfoW
GetStartupInfoW
SetEndOfFile
FlushFileBuffers
GetModuleFileNameA
FlsFree
WinExec
FindActCtxSectionStringW
LZSeek
LZOpenFileW
MprAdminInterfaceDisconnect
MprAdminInterfaceSetInfo
NetServerGetInfo
NetShareEnumSticky
BSTR_UserSize
LHashValOfNameSys
VariantTimeToSystemTime
VariantCopyInd
glTexCoord2f
UuidToStringA
NdrClientInitializeNew
RpcMgmtWaitServerListen
NdrOleAllocate
SetupGetTargetPathW
SetupDiSetDeviceRegistryPropertyA
SetupDiGetINFClassW
SetupDiInstallClassW
SetupDiBuildDriverInfoList
SetupOpenMasterInf
SetupDiGetClassInstallParamsA
SHSetLocalizedName
PathAddBackslashA
SHGetInverseCMAP
PathIsRelativeA
UrlIsW
PathRemoveArgsW
PathRenameExtensionA
PathCanonicalizeW
AcquireCredentialsHandleW
wsprintfA
EnumWindowStationsA
CreateMenu
GetMessagePos
GetClipCursor
GetScrollRange
GetInputState
AnyPopup
GetDialogBaseUnits
MoveWindow
GetMessageExtraInfo
GetMonitorInfoA
EnumPropsA
GetWindowContextHelpId
BroadcastSystemMessageA
CloseWindowStation
PeekMessageW
FtpOpenFileA
SendDriverMessage
mmioAscend
waveOutGetID
timeBeginPeriod
GetPrinterDriverW
WTHelperProvDataFromStateData
wcstod
iswpunct
fgetws
fputws
CoUnmarshalInterface
WriteClassStm
CoMarshalHresult
StringFromCLSID
CoDisconnectObject
HBITMAP_UserUnmarshal
PdhEnumObjectItemsHW
IsAsyncMoniker
CoInternetIsFeatureEnabled
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
235520

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:20 05:30:21+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
109568

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 8266a576fa102100a74e7110da71d34f
SHA1 6ee513ae196a1587b6d67423b82381740980b10b
SHA256 03bbd70591730fdea53ee221cf0b4e6608062c266e5c5c745208c73edb9f755c
ssdeep
1536:JANzdE72Mgaz7FYOLd8TgPwHKVkLyCtWuPYVO2AEHVLI89CLu/:eN5R4dipqyL01AEHVLN9C

authentihash 84701df7c482b49d17ec992a883b72375a6199396150fbb7eefa9cde798a44cf
imphash e8f2a4d7cffb9e5f02164e0c34cf48db
File size 333.5 KB ( 341504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 21:33:16 UTC ( 8 months ago )
Last submission 2018-08-02 07:42:48 UTC ( 6 months, 2 weeks ago )
File names 2052.exe
269124.exe.4.dr
03bbd70591730fdea53ee221cf0b4e6608062c266e5c5c745208c73edb9f755c.bin.rename
14092.exe
1797.exe
33186.exe.2.dr
23903.exe
1290.exe
5146.exe
7923.exe
53874.exe
36040.exe
6151.exe
22023.exe
6871.exe
4bfc535d78d96550e89ab8e4b99f4f76bddea881
Y4IY2uarTeBQTrBo.exe
6860.exe
55548.exe
95011.exe
2531.exe
0455.exe
6ee513ae196a1587b6d67423b82381740980b10b
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!