× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f4a46f0e3eb33e49bb0289ca169507edf5568bfbd518d2242ca59c2bcbe5dc5
File name: UNITYSEARCHA.EXE
Detection ratio: 26 / 68
Analysis date: 2018-09-17 06:51:56 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.58649 20180913
ALYac Gen:Variant.Barys.58649 20180917
Arcabit Trojan.Barys.DE519 20180917
BitDefender Gen:Variant.Barys.58649 20180917
CAT-QuickHeal Trojan.Emotet.X4 20180917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5fc08b 20180225
Cylance Unsafe 20180917
Emsisoft Gen:Variant.Barys.58649 (B) 20180917
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CLHH 20180917
F-Secure Gen:Variant.Barys.58649 20180917
GData Gen:Variant.Barys.58649 20180917
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bduq 20180917
MAX malware (ai score=87) 20180917
McAfee-GW-Edition BehavesLike.Win32.Generic.fm 20180917
Microsoft Trojan:Win32/Fuerboos.A!cl 20180916
eScan Gen:Variant.Barys.58649 20180917
Qihoo-360 HEUR/QVM20.1.EB7F.Malware.Gen 20180917
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgG6MVF7NH9mLw) 20180917
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANX 20180917
Symantec ML.Attribute.HighConfidence 20180916
Webroot W32.Trojan.Emotet 20180917
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bduq 20180917
AegisLab 20180917
AhnLab-V3 20180916
Alibaba 20180713
Antiy-AVL 20180916
Avast 20180917
Avast-Mobile 20180917
AVG 20180917
Avira (no cloud) 20180917
AVware 20180917
Babable 20180907
Baidu 20180914
Bkav 20180915
ClamAV 20180917
CMC 20180916
Comodo 20180917
Cyren 20180917
DrWeb 20180917
eGambit 20180917
F-Prot 20180917
Fortinet 20180917
Ikarus 20180916
Jiangmin 20180917
K7AntiVirus 20180917
K7GW 20180917
Kingsoft 20180917
Malwarebytes 20180917
McAfee 20180917
NANO-Antivirus 20180917
Palo Alto Networks (Known Signatures) 20180917
Panda 20180916
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180917
TrendMicro-HouseCall 20180917
Trustlook 20180917
VBA32 20180914
VIPRE 20180917
ViRobot 20180917
Yandex 20180915
Zillya 20180914
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-16 18:46:28
Entry Point 0x0001DE78
Number of sections 7
PE sections
PE imports
InitiateSystemShutdownA
RegDisablePredefinedCacheEx
RemoveUsersFromEncryptedFile
AVIStreamReadFormat
GetDateFormatA
GetTimeZoneInformation
GetFileSize
GetModuleHandleA
GetCommandLineW
GetProcessHandleCount
acmStreamOpen
ICSeqCompressFrameStart
PowerRestoreDefaultPowerSchemes
RasGetEntryPropertiesA
I_RpcNegotiateTransferSyntax
CM_Get_Device_Interface_List_SizeW
ShellAboutA
GetCursor
FindWindowExA
GetOpenClipboardWindow
GetRawInputDeviceInfoW
GetActiveWindow
GetClipboardViewer
SetRectEmpty
PhysicalToLogicalPoint
BringWindowToTop
IsCharLowerW
SetActiveWindow
PeekMessageW
InternetOpenUrlW
CloseDriver
CryptCATCDFEnumAttributes
SCardListCardsW
PropVariantClear
OleIsRunning
HGLOBAL_UserFree
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:16 19:46:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x1de78

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1006425862

File identification
MD5 a1e1c7f5fc08b783b7b922e471a0ad20
SHA1 93fccaa0bdc95ad0a55f5697340a2c09f8c98493
SHA256 0f4a46f0e3eb33e49bb0289ca169507edf5568bfbd518d2242ca59c2bcbe5dc5
ssdeep
6144:8pCWX1ooYzdrBWBPjb8yDS/xMF2qfFTvPL9qSuwsW:80WXGowdtWjgqS/xMAsF/9nuk

authentihash d644b72fbe9fb7b4768a2854b19d97b04e53eb2d45ab2cef35f70ac2ba11f489
imphash 357acda84763c44ea71b803f102d29f3
File size 352.0 KB ( 360448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-17 06:51:56 UTC ( 5 months, 1 week ago )
Last submission 2018-09-17 06:51:56 UTC ( 5 months, 1 week ago )
File names UNITYSEARCHA.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!