× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08b0e5a577ae24ebe8692f2f08b00a84ecb0d846b7f5e1be3745a4eaac7665f0
Detection ratio: 20 / 66
Analysis date: 2018-03-29 09:40:14 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180329
Avast FileRepMalware 20180329
AVG FileRepMalware 20180329
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180329
Bkav HW32.Packed.AF7B 20180328
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.f1197b 20180225
Cylance Unsafe 20180329
Endgame malicious (high confidence) 20180316
Fortinet W32/Kryptik.GDRZ!tr 20180329
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180329
MAX malware (ai score=94) 20180329
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20180329
Palo Alto Networks (Known Signatures) generic.ml 20180329
Rising Trojan.Kryptik!8.8 (TFE:2:5DY5QsxCyYN) 20180329
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180329
Symantec Trojan.Gen.2 20180329
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180329
Ad-Aware 20180329
AhnLab-V3 20180329
Alibaba 20180329
ALYac 20180329
Antiy-AVL 20180329
Arcabit 20180329
Avast-Mobile 20180328
Avira (no cloud) 20180329
AVware 20180329
BitDefender 20180329
CAT-QuickHeal 20180329
ClamAV 20180329
CMC 20180329
Comodo 20180329
Cyren 20180329
DrWeb 20180329
eGambit 20180329
Emsisoft 20180329
ESET-NOD32 20180329
F-Prot 20180329
F-Secure 20180329
GData 20180329
Ikarus 20180329
Jiangmin 20180329
K7AntiVirus 20180329
K7GW 20180328
Kingsoft 20180329
Malwarebytes 20180329
McAfee 20180329
Microsoft 20180329
eScan 20180329
NANO-Antivirus 20180329
nProtect 20180329
Panda 20180329
Qihoo-360 20180329
SUPERAntiSpyware 20180329
Symantec Mobile Insight 20180311
Tencent 20180329
TheHacker 20180327
TrendMicro 20180329
TrendMicro-HouseCall 20180329
Trustlook 20180329
VBA32 20180328
VIPRE 20180329
ViRobot 20180329
WhiteArmor 20180324
Yandex 20180329
Zillya 20180328
Zoner 20180328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name fileusers.exe
Internal name fileusers.exe
File version 5.1.7601.17514 (win7sp1_rtm.101119-1850)
Description File Server User Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-02-03 14:10:11
Entry Point 0x0000536B
Number of sections 7
PE sections
PE imports
CreateCompatibleBitmap
SetPaletteEntries
GetFileTime
WaitForMultipleObjectsEx
GetLogicalProcessorInformation
Heap32ListFirst
GetProcessShutdownParameters
ResetEvent
GetCommandLineA
GetCurrentThreadId
GetConsoleScreenBufferInfo
GetUserDefaultLCID
ReadConsoleOutputAttribute
CM_Get_Res_Des_Data_Size
GetSysColorBrush
GetUserObjectInformationA
GetThreadDesktop
SetClipboardData
SetCursor
AddPrinterDriverA
SCardListCardsA
StgSetTimes
OleSave
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_BITMAP 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.9

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
File Server User Client

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
91136

EntryPoint
0x536b

OriginalFileName
fileusers.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
1994:02:03 15:10:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
fileusers.exe

ProductVersion
5.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2d98d46ba830d952d7bfefde1e9ba536
SHA1 534da71f1197b81b33715efa8828c3b9b72d8a72
SHA256 08b0e5a577ae24ebe8692f2f08b00a84ecb0d846b7f5e1be3745a4eaac7665f0
ssdeep
1536:JSqB4+JSmC6+VUmYqbq6XbWI8DPRIGojjFRHPZ+gJyRLK7NRyAFz/72Xx8XiYf:JSKJ/F+jqObW9DPRevFRhnJydKnBUBYf

authentihash 6cb789365cd3561bfeaccecab1fb225b2a7d0b7891152703bc0f581633cc472a
imphash da2909aedc11a8318573fb9696ac3d7d
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-29 08:49:00 UTC ( 10 months, 3 weeks ago )
Last submission 2018-08-08 09:58:34 UTC ( 6 months, 1 week ago )
File names 9528.exe
45390.exe
74244.exe
54333.exe
167841.exe
5222.exe
13090.exe
3456.exe
5501.exe
1089.exe
97320.exe
7697.exe
5687.exe
30603368.exe
68328.exe
output.113049838.txt
8655.exe
00945.exe
47903.exe
fileusers.exe
9684.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs