× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e43fbd8ae950cd5b2bc6f9046e6e3fb6c7842e4b50344a622abc13ca9853aa9
File name: windowiowa.exe
Detection ratio: 36 / 66
Analysis date: 2018-10-31 22:45:58 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31324458 20181031
AhnLab-V3 Trojan/Win32.Emotet.R212958 20181031
ALYac Trojan.Autoruns.GenericKDS.31324458 20181031
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181031
Avast Win32:BankerX-gen [Trj] 20181031
AVG Win32:BankerX-gen [Trj] 20181031
BitDefender Trojan.Autoruns.GenericKDS.31324458 20181031
CAT-QuickHeal Trojan.Emotet.X4 20181031
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Emsisoft Trojan.Autoruns.GenericKDS.31324458 (B) 20181031
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMDL 20181031
F-Secure Trojan.Autoruns.GenericKDS.31324458 20181031
Fortinet W32/GenKryptik.CPKT!tr 20181031
GData Trojan.Autoruns.GenericKDS.31324458 20181031
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181031
K7GW Riskware ( 0040eff71 ) 20181031
Kaspersky Trojan-Banker.Win32.Emotet.blft 20181031
Malwarebytes Trojan.Emotet 20181031
MAX malware (ai score=100) 20181031
McAfee RDN/Generic.grp 20181031
McAfee-GW-Edition BehavesLike.Win32.Emotet.gm 20181031
Microsoft Trojan:Win32/Emotet!rfn 20181031
eScan Trojan.Autoruns.GenericKDS.31324458 20181031
NANO-Antivirus Virus.Win32.Gen.ccmw 20181031
Palo Alto Networks (Known Signatures) generic.ml 20181031
Panda Trj/GdSda.A 20181031
Qihoo-360 HEUR/QVM19.1.DB75.Malware.Gen 20181031
Rising Trojan.Emotet!8.B95 (CLOUD) 20181031
Sophos AV Mal/EncPk-ANY 20181031
Symantec Trojan.Emotet 20181031
Tencent Win32.Trojan-banker.Emotet.Dyqd 20181031
ViRobot Trojan.Win32.Z.Highconfidence.444928 20181031
Webroot W32.Trojan.Gen 20181031
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.blft 20181031
AegisLab 20181031
Alibaba 20180921
Arcabit 20181031
Avast-Mobile 20181031
Avira (no cloud) 20181031
Babable 20180918
Baidu 20181031
Bkav 20181031
ClamAV 20181031
CMC 20181031
Cybereason 20180225
Cylance 20181031
Cyren 20181031
DrWeb 20181031
eGambit 20181031
F-Prot 20181031
Jiangmin 20181031
Kingsoft 20181031
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181031
TheHacker 20181031
TotalDefense 20181031
TrendMicro 20181031
TrendMicro-HouseCall 20181031
Trustlook 20181031
VBA32 20181031
VIPRE 20181031
Yandex 20181030
Zillya 20181030
Zoner 20181031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows®
Original name MSXBSE40.
Internal name MSXBSE40
File version 6.1.7600
Description Microsoft Jet xBA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-29 19:30:23
Entry Point 0x00003582
Number of sections 5
PE sections
PE imports
CertCompareIntegerBlob
GetBitmapDimensionEx
GetPixelFormat
GetGraphicsMode
GetModuleHandleA
SetConsoleScreenBufferSize
HeapSize
ICSeqCompressFrame
NetShareCheck
SHQueryValueExW
SHCreateThreadRef
GetRawInputDeviceList
GetPrinterDataW
HGLOBAL_UserMarshal
Number of PE resources by type
RT_STRING 93
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 94
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.9951.0

LanguageCode
Japanese

FileFlagsMask
0x003f

FileDescription
Microsoft Jet xBA

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
434688

EntryPoint
0x3582

OriginalFileName
MSXBSE40.

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7600

TimeStamp
2018:10:29 20:30:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSXBSE40

ProductVersion
6.1.7600

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
14848

ProductName
Microsoft Windows

ProductVersionNumber
7.0.9951.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 853bf49d101c83c625e4c748710e307d
SHA1 3115b9b737899149f26e573e55131f353548c753
SHA256 0e43fbd8ae950cd5b2bc6f9046e6e3fb6c7842e4b50344a622abc13ca9853aa9
ssdeep
3072:DuBo7b6jZKrJIFGqJoVcN1YwQlhA9i8ugBRtwzoFxWLWOvyyxTIP7ycJ0QLOkM6R:MMTuFLSFjILsE

authentihash 80c1ad3743754eb2629497b0320cffca1aaef08dc756c89d8c756a3348ead305
imphash f761db588ed9b747b845aeea75f8abbc
File size 434.5 KB ( 444928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-29 21:46:28 UTC ( 3 months, 3 weeks ago )
Last submission 2018-10-29 21:46:28 UTC ( 3 months, 3 weeks ago )
File names windowiowa.exe
MSXBSE40.
MSXBSE40
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!