× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e2d32cdf300437c1ea6c316bff25f8f453c152acc0e4a5420754c2dfc48208b
File name: e9893018a8652f796ed7e1692b517ed4b8bea2c4
Detection ratio: 24 / 68
Analysis date: 2018-07-15 05:39:33 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180715
Avast Win32:Malware-gen 20180715
AVG Win32:Malware-gen 20180715
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180712
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180715
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIUM 20180715
GData Win32.Trojan.Agent.U5RMWY 20180715
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180715
MAX malware (ai score=92) 20180715
McAfee Artemis!ED920673F0CD 20180715
McAfee-GW-Edition Artemis!Trojan 20180715
Microsoft Trojan:Win32/Emotet.AC!bit 20180714
Palo Alto Networks (Known Signatures) generic.ml 20180715
Qihoo-360 HEUR/QVM20.1.8199.Malware.Gen 20180715
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180715
Symantec Packed.Generic.517 20180714
TrendMicro TROJ_GEN.USGE18 20180715
TrendMicro-HouseCall TROJ_GEN.USGE18 20180715
Webroot W32.Trojan.Emotet 20180715
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180715
Ad-Aware 20180715
AhnLab-V3 20180714
Alibaba 20180713
ALYac 20180715
Antiy-AVL 20180715
Arcabit 20180715
Avast-Mobile 20180715
Avira (no cloud) 20180714
AVware 20180715
Babable 20180406
BitDefender 20180715
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180715
CMC 20180714
Comodo 20180715
Cybereason 20180225
Cyren 20180715
DrWeb 20180715
eGambit 20180715
Emsisoft 20180715
F-Prot 20180715
F-Secure 20180714
Fortinet 20180715
Ikarus 20180714
Jiangmin 20180715
K7AntiVirus 20180715
K7GW 20180715
Kingsoft 20180715
Malwarebytes 20180715
eScan 20180715
NANO-Antivirus 20180715
Panda 20180714
Rising 20180715
SUPERAntiSpyware 20180715
TACHYON 20180715
Tencent 20180715
TheHacker 20180712
TotalDefense 20180714
Trustlook 20180715
VBA32 20180713
VIPRE 20180715
ViRobot 20180714
Yandex 20180713
Zillya 20180713
Zoner 20180714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wfw.fwf
Internal name вввы (03.2)
Description Windows Cryptographic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x00001970
Number of sections 6
PE sections
PE imports
SetBitmapBits
lstrlenA
FlsFree
SystemTimeToTzSpecificLocalTime
DdeDisconnectList
ShowCursor
GetClipboardOwner
CryptCATCDFEnumMembers
UninstallColorProfileW
isleadbyte
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Cryptographic

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
10240

EntryPoint
0x1970

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
(03.2)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ddfdgf dgdsger

CodeSize
101888

ProductName
Microsoft Windows Operating S

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 ed920673f0cd3b97873033323424ed9b
SHA1 e9893018a8652f796ed7e1692b517ed4b8bea2c4
SHA256 0e2d32cdf300437c1ea6c316bff25f8f453c152acc0e4a5420754c2dfc48208b
ssdeep
1536:kmTWjw5fy9oSzn+kxhuxYS6z89PivvCNtgxI8VHAhsVSk8ey:DmOa9dMSCNSxIQssVqb

authentihash f77fd55adc42248243fe58d5e835ab323b7e7cb6573b5119f5476ddc9c35c274
imphash 56fca92441c8b371779bf93f57ea10a6
File size 106.5 KB ( 109056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-14 22:04:32 UTC ( 7 months, 1 week ago )
Last submission 2018-10-27 16:13:12 UTC ( 3 months, 3 weeks ago )
File names ed920673f0cd3b97873033323424ed9b.vir
4.exe
e9893018a8652f796ed7e1692b517ed4b8bea2c4
79YwXeXKRhZXvrb.exe
wfw.fwf
вввы (03.2)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!