× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0db8e31980dd6278305010628e079e138d96b3d798cef0050d608b42e81f12c1
File name: 0db8e31980dd6278305010628e079e138d96b3d798cef0050d608b42e81f12c1
Detection ratio: 12 / 63
Analysis date: 2019-03-20 05:13:29 UTC ( 1 month ago ) View latest
Antivirus Result Update
AegisLab Hacktool.Win32.Krap.lKMc 20190320
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.EVLC 20190320
Fortinet W32/Kryptik.GQEV!tr 20190320
Sophos ML heuristic 20190313
McAfee Emotet-FMI!0785A331A1B5 20190320
Microsoft Trojan:Win32/Emotet.LK!ml 20190320
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgMPAP7Qmc8LBQ) 20190320
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Emotet-Q 20190320
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTH 20190320
VBA32 BScope.Malware-Cryptor.Emotet 20190319
Acronis 20190320
Ad-Aware 20190320
AhnLab-V3 20190319
Alibaba 20190306
ALYac 20190320
Antiy-AVL 20190320
Arcabit 20190320
Avast 20190320
Avast-Mobile 20190319
AVG 20190320
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
BitDefender 20190320
Bkav 20190318
CAT-QuickHeal 20190319
ClamAV 20190319
CMC 20190319
Comodo 20190320
Cybereason 20190109
Cyren 20190320
DrWeb 20190320
eGambit 20190320
Emsisoft 20190320
F-Secure 20190319
GData 20190320
Ikarus 20190319
Jiangmin 20190320
K7AntiVirus 20190320
K7GW 20190320
Kaspersky 20190320
Kingsoft 20190320
Malwarebytes 20190320
MAX 20190320
McAfee-GW-Edition 20190319
eScan 20190320
NANO-Antivirus 20190320
Palo Alto Networks (Known Signatures) 20190320
Panda 20190319
Qihoo-360 20190320
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190320
Tencent 20190320
TheHacker 20190319
TotalDefense 20190318
Trapmine 20190301
Trustlook 20190320
ViRobot 20190320
Yandex 20190318
Zillya 20190319
ZoneAlarm by Check Point 20190320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name OneClickMaintenance.exe
Internal name OneClickMaintenance.exe
File version 5, 0, 0, 6
Description OneClickMaintenance
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:09 AM 3/31/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-20 05:04:42
Entry Point 0x000011D0
Number of sections 4
PE sections
Overlays
MD5 881d55ee9db4d6c1e044a4200d8d49ff
File type data
Offset 354304
Size 3336
Entropy 7.32
PE imports
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegEnumKeyW
RegFlushKey
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
Ord(17)
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_Create
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
ImageList_Read
ImageList_Copy
ImageList_EndDrag
GetSaveFileNameW
GetOpenFileNameW
SetDIBits
GdiFixUpHandle
PlayEnhMetaFileRecord
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
GetObjectType
GdiGetBatchLimit
CopyEnhMetaFileW
GetTextExtentPoint32A
SetPixel
EndDoc
IntersectClipRect
AngleArc
GetTextFaceA
CopyEnhMetaFileA
GetTextExtentPointW
GdiEntry16
CreatePalette
CreateDIBitmap
GdiEntry10
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
SetBkColor
SetWinMetaFileBits
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateRectRgnIndirect
EnumFontsA
GetBitmapBits
GdiGetPageHandle
GetBrushOrgEx
ExcludeClipRect
CLIPOBJ_ppoGetPath
GdiGetDevmodeForPage
SetBkMode
BitBlt
CreateFontA
GetOutlineTextMetricsA
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
GetFontData
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
CreatePolyPolygonRgn
SetPixelV
DeleteObject
CreatePenIndirect
GetTextFaceAliasW
PatBlt
CreatePen
GetMetaRgn
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
XFORMOBJ_iGetXform
GetEnhMetaFileDescriptionW
SetEnhMetaFileBits
SetPaletteEntries
SetDIBitsToDevice
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
AddFontResourceExA
SelectClipRgn
RoundRect
GdiGetCodePage
GetWinMetaFileBits
RealizePalette
GetEnhMetaFileHeader
SetWindowOrgEx
EudcLoadLinkW
GetTextExtentPoint32W
StartDocA
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
EngGradientFill
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
CreateBitmap
CreateDIBSection
GdiSetBatchLimit
SetTextColor
ExtFloodFill
GetCurrentObject
EngAcquireSemaphore
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
ExtTextOutW
CreateCompatibleDC
PolyBezierTo
CreateFontW
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
GetEnhMetaFilePixelFormat
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
CreateTimerQueue
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
EnumSystemLocalesW
LocalAlloc
GetVolumeInformationW
SetErrorMode
lstrcatW
GetLocaleInfoW
EnumResourceLanguagesW
FindResourceExA
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
_lopen
EnumResourceLanguagesA
GetThreadPriority
EnumDateFormatsW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
EnumCalendarInfoW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
TlsGetValue
GlobalFindAtomW
WriteProcessMemory
UpdateResourceW
FileTimeToDosDateTime
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleOutputCP
lstrcmpiW
RaiseException
GlobalAddAtomW
GetLogicalDriveStringsW
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
DeleteTimerQueueTimer
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
GlobalMemoryStatus
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateMutexW
MulDiv
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
SearchPathW
SetCurrentDirectoryW
EnumResourceNamesW
VirtualQuery
VirtualQueryEx
FileTimeToLocalFileTime
SetEndOfFile
FlushViewOfFile
GetVersion
LeaveCriticalSection
GetConsoleAliasesW
HeapFree
EnterCriticalSection
TerminateThread
EnumResourceTypesW
lstrcmpiA
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
CopyFileW
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetModuleHandleW
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetProfileStringW
CompareStringW
lstrcpyW
BeginUpdateResourceW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CreateEventW
EnumResourceNamesA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetUserDefaultLCID
CreateFileMappingW
SuspendThread
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GlobalDeleteAtom
GetShortPathNameW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
GetConsoleAliasesLengthW
GetThreadLocale
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
GetAtomNameA
SwitchToThread
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
EnumResourceTypesA
SetThreadAffinityMask
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
GetFullPathNameW
ReadFile
ReadConsoleOutputCharacterW
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
GetCPInfoExW
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
SetCommConfig
GetLocalTime
UnmapViewOfFile
GetTempPathW
VirtualFree
GetConsoleAliasExesLengthW
Sleep
IsBadReadPtr
VirtualAlloc
GetProcAddress
DragQueryFileW
SHBrowseForFolderW
SHBindToParent
SHChangeNotify
Shell_NotifyIconW
ExtractAssociatedIconExA
SHBrowseForFolderA
SHQueryRecycleBinA
Shell_NotifyIcon
Ord(18)
SHLoadNonloadedIconOverlayIdentifiers
Ord(24)
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHGetPathFromIDListW
ExtractIconEx
SHCreateDirectoryExA
ShellExecuteExW
SHEmptyRecycleBinA
SHGetFileInfoW
SHFileOperationW
WOWShellExecute
SHGetMalloc
SHGetIconOverlayIndexW
DragQueryFile
SHFormatDrive
DragAcceptFiles
SHGetDesktopFolder
Ord(153)
SHGetSpecialFolderPathA
ShellExecuteExA
SHCreateProcessAsUserW
Ord(680)
ShellAboutW
Ord(25)
SHGetDataFromIDListW
DragFinish
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderLocation
Ord(16)
SHGetDataFromIDListA
SHGetPathFromIDList
SHGetFolderPathA
CommandLineToArgvW
DoEnvironmentSubstW
StrCmpNIW
StrStrIW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
CountClipboardFormats
SetTimer
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
SendMessageA
UnregisterClassW
GetClientRect
DefWindowProcW
GetDlgItemTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
LoadImageW
TrackPopupMenu
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
DrawTextW
GetMenuItemID
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
DefMDIChildProcW
IsCharAlphaW
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CharUpperW
PeekMessageA
ChildWindowFromPoint
CopyImage
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
SetClipboardData
GetIconInfo
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
OpenClipboard
IsDialogMessageW
FillRect
EnumThreadWindows
MonitorFromPoint
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
EmptyClipboard
SystemParametersInfoW
OffsetRect
SetFocus
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CharPrevW
GetClipboardData
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
EndDialog
CreateDialogParamW
DrawTextExW
WaitMessage
CreatePopupMenu
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
CreateIconIndirect
ScreenToClient
SetKeyboardState
CreateIcon
GetKeyboardState
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
GetKeyboardLayout
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
ExitWindowsEx
GetMenuStringW
GetAsyncKeyState
CharLowerBuffW
IntersectRect
GetScrollInfo
GetTopWindow
HideCaret
FindWindowW
GetCapture
BeginPaint
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
SendMessageW
SetMenu
LoadIconW
DialogBoxParamW
LoadKeyboardLayoutW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
MessageBoxIndirectW
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
wvsprintfW
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
wsprintfW
DefFrameProcW
IsWindowVisible
SetCursorPos
IsCharAlphaNumericW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
wsprintfA
CharNextW
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
CheckMenuItem
UnhookWindowsHookEx
SetCursor
CoInitializeEx
OleUninitialize
CoUninitialize
IsEqualGUID
OleInitialize
RevokeDragDrop
ReleaseStgMedium
CLSIDFromString
RegisterDragDrop
CoCreateInstance
DoDragDrop
StringFromCLSID
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 21
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
55296

ImageVersion
0.0

ProductName
Glary Utilities

FileVersionNumber
5.0.0.6

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
OneClickMaintenance.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5, 0, 0, 6

TimeStamp
2019:03:20 06:04:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OneClickMaintenance.exe

ProductVersion
5.0.0.0

FileDescription
OneClickMaintenance

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
297984

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x11d0

ObjectFileType
Executable application

File identification
MD5 0785a331a1b5f38ffe8d3346abc8b52e
SHA1 d1193f8bb391bc6fb1ac699b4778da5941b1ab1f
SHA256 0db8e31980dd6278305010628e079e138d96b3d798cef0050d608b42e81f12c1
ssdeep
6144:jBf46wO7HK3Uwo5VUg+fsEjoKnun1Knun1Knun1Knun1Knun1Knun1Knun1Knuns:Ff9oWVK2WOWOWOWOWOWOWOWOWroPxe5

authentihash fff81081b9f21c7666aa27e7e8018cdbe19259ee52cf0ca65f7ccabc0e397f60
imphash 49dd1d12b533123c957a21e14c3447dc
File size 349.3 KB ( 357640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-20 05:13:29 UTC ( 1 month ago )
Last submission 2019-03-21 01:56:25 UTC ( 1 month ago )
File names OneClickMaintenance.exe
emotet_e1_0db8e31980dd6278305010628e079e138d96b3d798cef0050d608b42e81f12c1_2019-03-20__051002.exe_
pKovoR2FQfO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections