× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1174b42273031b35327a2222217c63d231db168acfb6f0f712817ae22b4d779f
File name: 1174b42273031b35327a2222217c63d231db168acfb6f0f712817ae22b4d779f
Detection ratio: 28 / 71
Analysis date: 2018-12-06 09:03:33 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Trojan.Multi.Generic.4!c 20181206
Avast Win32:BankerX-gen [Trj] 20181206
AVG Win32:BankerX-gen [Trj] 20181206
Comodo .UnclassifiedMalware@0 20181206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181206
Cyren W32/Emotet.KG.gen!Eldorado 20181206
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GHBR 20181205
F-Prot W32/Emotet.KG.gen!Eldorado 20181206
Fortinet W32/Kryptik.GHBR!tr 20181206
Ikarus Win32.Outbreak 20181205
Sophos ML heuristic 20181128
Malwarebytes Trojan.Emotet 20181206
MAX malware (ai score=100) 20181206
McAfee Emotet-FKU!4207183F1E16 20181206
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181206
Microsoft Trojan:Win32/Emotet.AC!bit 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181206
Qihoo-360 HEUR/QVM20.1.AB91.Malware.Gen 20181206
Rising Trojan.Kryptik!8.8 (CLOUD) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181206
Symantec ML.Attribute.HighConfidence 20181206
TrendMicro TrojanSpy.Win32.EMOTET.THABOFAH 20181206
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABOFAH 20181206
Webroot W32.Trojan.Emotet 20181206
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181206
Ad-Aware 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast-Mobile 20181206
Avira (no cloud) 20181206
AVware 20180925
Babable 20180918
Baidu 20181206
BitDefender 20181206
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181206
CMC 20181205
Cybereason 20180308
DrWeb 20181206
eGambit 20181206
Emsisoft 20181206
F-Secure 20181206
GData 20181206
Jiangmin 20181206
K7AntiVirus 20181205
K7GW 20181205
Kaspersky 20181206
Kingsoft 20181206
eScan 20181206
NANO-Antivirus 20181206
Panda 20181205
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trapmine 20181205
Trustlook 20181206
VBA32 20181205
VIPRE 20181205
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-05 23:15:18
Entry Point 0x00003600
Number of sections 5
PE sections
PE imports
LookupPrivilegeDisplayNameA
GetSidSubAuthority
GetTextFaceW
CreateICA
GetWinMetaFileBits
GetModuleHandleA
GetNamedPipeClientComputerNameA
ICCompressorChoose
SysReAllocStringLen
VariantTimeToDosDateTime
NDRCContextBinding
UrlCanonicalizeA
EnumWindowStationsA
GetCursor
waveOutGetID
gethostbyaddr
SCardLocateCardsW
Ord(29)
RtlInterlockedPopEntrySList
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:05 15:15:18-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x3600

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4207183f1e1608b094f09ab81f5e949d
SHA1 10e005b3854cda4d562e9e6b4636f24170a2d647
SHA256 1174b42273031b35327a2222217c63d231db168acfb6f0f712817ae22b4d779f
ssdeep
3072:wsh/kEEDRReQWkt3jiHOF9kz4tig+MoHgRuYv:wPEgRRIUkOF9iCi2eq

authentihash 95f2fede35580b61c480afb70a0b74b2d72b883cf81f5cb8aba0f4ad115eee74
imphash b1116121b742f28502c2491d6b4e6824
File size 512.0 KB ( 524288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-05 23:17:24 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-05 23:17:24 UTC ( 2 months, 2 weeks ago )
File names 7.exe
6015.exe
303.exe
909.exe
865.exe
523269.exe
032.exe
24.exe
590.exe
4138589.exe
wups.
emitiface.exe
34942674.exe
0938999.exe
597.exe
825.exe
77.exe
118900.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!