× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a25b15598b6fa1ec0205f5d6357def32eccba94ffd5899d1705fb09db831134
File name: shlstarta.exe
Detection ratio: 10 / 66
Analysis date: 2018-09-17 06:33:43 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20180915
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180917
Microsoft Trojan:Win32/Emotet.AC!bit 20180916
Qihoo-360 HEUR/QVM20.1.EB7F.Malware.Gen 20180917
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgG6MVF7NH9mLw) 20180917
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180916
Ad-Aware 20180913
AegisLab 20180917
AhnLab-V3 20180916
Alibaba 20180713
ALYac 20180917
Antiy-AVL 20180916
Arcabit 20180917
Avast 20180917
Avast-Mobile 20180917
AVG 20180917
Avira (no cloud) 20180917
AVware 20180917
Babable 20180907
Baidu 20180914
BitDefender 20180917
Bkav 20180915
ClamAV 20180917
CMC 20180916
Comodo 20180917
Cybereason 20180225
Cylance 20180917
Cyren 20180917
DrWeb 20180917
eGambit 20180917
Emsisoft 20180917
ESET-NOD32 20180917
F-Prot 20180917
F-Secure 20180917
Fortinet 20180917
GData 20180917
Ikarus 20180916
Jiangmin 20180917
K7AntiVirus 20180917
K7GW 20180917
Kaspersky 20180917
Kingsoft 20180917
Malwarebytes 20180917
MAX 20180917
McAfee 20180917
eScan 20180917
NANO-Antivirus 20180917
Palo Alto Networks (Known Signatures) 20180917
Panda 20180916
Sophos AV 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TrendMicro 20180917
TrendMicro-HouseCall 20180917
Trustlook 20180917
VBA32 20180914
VIPRE 20180917
ViRobot 20180917
Webroot 20180917
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180917
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2017 - TortoiseSVN

Product TortoiseSVN
Original name TSVNCache.exe
Internal name QllZd.dll
File version 91.333.22.1
Description QWerd
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-17 06:17:13
Entry Point 0x000020C3
Number of sections 7
PE sections
PE imports
InitiateSystemShutdownA
RegDisablePredefinedCacheEx
RemoveUsersFromEncryptedFile
AVIStreamReadFormat
CM_Get_Device_Interface_List_SizeW
GetDateFormatA
GetTimeZoneInformation
GetFileSize
GetModuleHandleA
GetCommandLineW
GetProcessHandleCount
acmStreamOpen
ICSeqCompressFrameStart
PowerRestoreDefaultPowerSchemes
RasGetEntryPropertiesA
I_RpcNegotiateTransferSyntax
ShellAboutA
PhysicalToLogicalPoint
GetCursor
FindWindowExA
GetOpenClipboardWindow
PeekMessageW
GetActiveWindow
SetRectEmpty
GetClipboardViewer
BringWindowToTop
IsCharLowerW
SetActiveWindow
GetRawInputDeviceInfoW
InternetOpenUrlW
CloseDriver
CryptCATCDFEnumAttributes
SCardListCardsW
PropVariantClear
HGLOBAL_UserFree
OleIsRunning
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QWerd

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x20c3

OriginalFileName
TSVNCache.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2017 - TortoiseSVN

FileVersion
91.333.22.1

TimeStamp
2018:09:17 08:17:13+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

ProductVersion
91.333.22.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
12288

ProductName
TortoiseSVN

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e8a5b372e0b182ce6b8f2484e7fee1df
SHA1 940027ed5595dc77c7099c3615b0bad84f50e83b
SHA256 0a25b15598b6fa1ec0205f5d6357def32eccba94ffd5899d1705fb09db831134
ssdeep
3072:PALt7SjH4F6eyrCjCcmsR6qWreC9gZxiYOhyJ:PALIXqtmdcC9gZQ

authentihash cbb63954af0bcfc684b91eef40a9bf742a3bf2050b79312b4e2ac8448090a0ce
imphash 982698a85000b67bd9ec6ba29ba898c9
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-17 06:22:25 UTC ( 5 months, 1 week ago )
Last submission 2018-09-17 06:33:43 UTC ( 5 months, 1 week ago )
File names Ppl5XyBToNXp.exe
EvpDOEZbr.exe
o9F2BL04P.exe
QllZd.dll
windowbang.exe
ziV1QdCb5mV7.exe
7lZNCKPmMrV0.exe
v8GYJSlUz.exe
608.exe
shlstarta.exe
tKRbrlaxLo.exe
be9UOdpETYm.exe
Gpfl1c2vX.exe
h5KX7ECdBaO.exe
y8RTWodAx.exe
0fKrzmI0.exe
pnY3KdVs25J6.exe
TT4DMLWZ26bi.exe
qSTQhymXu.exe
TSVNCache.exe
lee4ommRHeI6.exe
mgQCpiQyLitt.exe
fWgIQtTut1.exe
z2ui0v9NUw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!