× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 141c5f862c723ab68ca3fa253178ea5f49bcc619f20a147260c2135c221845dc
File name: ENaLU.exe
Detection ratio: 9 / 66
Analysis date: 2018-11-15 15:42:31 UTC ( 3 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181115
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cybereason malicious.148810 20180225
Cylance Unsafe 20181115
Endgame malicious (high confidence) 20181108
Microsoft Trojan:Win32/Fuerboos.A!cl 20181115
NANO-Antivirus Virus.Win32.Gen.ccmw 20181115
Qihoo-360 HEUR/QVM20.1.39A8.Malware.Gen 20181115
Symantec ML.Attribute.HighConfidence 20181115
Ad-Aware 20181115
AegisLab 20181115
AhnLab-V3 20181115
Alibaba 20180921
Antiy-AVL 20181115
Arcabit 20181115
Avast 20181115
Avast-Mobile 20181115
Avira (no cloud) 20181115
Babable 20180918
Baidu 20181115
BitDefender 20181115
Bkav 20181115
CAT-QuickHeal 20181115
ClamAV 20181115
CMC 20181115
Cyren 20181115
DrWeb 20181115
eGambit 20181115
Emsisoft 20181115
ESET-NOD32 20181115
F-Prot 20181115
F-Secure 20181115
Fortinet 20181115
GData 20181115
Ikarus 20181115
Sophos ML 20181108
Jiangmin 20181115
K7AntiVirus 20181113
K7GW 20181115
Kaspersky 20181115
Kingsoft 20181115
Malwarebytes 20181115
MAX 20181115
McAfee 20181115
McAfee-GW-Edition 20181115
eScan 20181115
Palo Alto Networks (Known Signatures) 20181115
Panda 20181115
Rising 20181115
SentinelOne (Static ML) 20181011
Sophos AV 20181115
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TotalDefense 20181115
TrendMicro 20181115
TrendMicro-HouseCall 20181115
Trustlook 20181115
VBA32 20181115
VIPRE 20181115
ViRobot 20181115
Webroot 20181115
Yandex 20181115
Zillya 20181115
ZoneAlarm by Check Point 20181115
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights

Product Microsoft (R) SQL Mo
Internal name SQLCEOLED
File version 3.00.
Description Microsoft SQL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-15 23:40:24
Entry Point 0x000107A2
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
IsWellKnownSid
GetSidIdentifierAuthority
GetClusterResourceNetworkName
FindTextA
ExtTextOutW
ExtEscape
GetTextAlign
GetTextColor
GetWorldTransform
GetPaletteEntries
GetRegionData
GetTextFaceW
DeleteObject
DefineDosDeviceW
FindFirstChangeNotificationA
FileTimeToSystemTime
lstrlenA
GlobalFree
SetEvent
GlobalFindAtomA
DefineDosDeviceA
GetProcessId
GetCommTimeouts
GetConsoleCursorInfo
GetConsoleTitleW
GetCommProperties
GetCompressedFileSizeA
GetTempPathA
LocalFlags
FindResourceExW
GetCurrentProcess
FindAtomW
GetSystemDirectoryA
GetModuleHandleW
GlobalMemoryStatus
GetEnvironmentVariableA
GetFileAttributesExA
GetTickCount
GetEnvironmentVariableW
GetErrorInfo
EnumWindowStationsA
GetClassInfoExW
DrawStateA
EnumWindowStationsW
FlashWindowEx
GetClipboardData
InsertMenuItemW
DrawIcon
GetClipboardSequenceNumber
LockWorkStation
DestroyIcon
GetClientRect
DrawMenuBar
IsIconic
FrameRect
GetWindowTextLengthA
GetKeyboardState
GetWindowModuleFileNameW
DestroyAcceleratorTable
GetSysColorBrush
LockWindowUpdate
GetSystemMenu
FindWindowExW
GetWindowRgnBox
GetWindowInfo
GetMenuStringW
FindFirstUrlCacheGroup
GetUrlCacheEntryInfoExW
timeGetTime
strlen
strcspn
FindMimeFromData
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
100

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Microsoft SQL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
409600

EntryPoint
0x107a2

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights

FileVersion
3.00.

TimeStamp
2018:11:16 00:40:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SQLCEOLED

ProductVersion
3

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpora

CodeSize
0

ProductName
Microsoft (R) SQL Mo

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
Compressed bundles
File identification
MD5 49c2de01488106b728698c1e05184fc4
SHA1 b91353fc886d8a0aa767614ec71f3b460a5e0eed
SHA256 141c5f862c723ab68ca3fa253178ea5f49bcc619f20a147260c2135c221845dc
ssdeep
3072:9AbFcZgnxrA59XSWmStJBntLPKMK+VBAcF28s1BPGfEL1amP+3UIn:O+/tmSv9Vrs3eL

authentihash de7fb82a4c7064ec835e72af9ad625e9de3a10cd3c00fce68df988e26f643e19
imphash 2b242778e1955aa864768f3a22c6b3f8
File size 464.0 KB ( 475136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-15 15:42:31 UTC ( 3 months ago )
Last submission 2018-12-16 08:10:28 UTC ( 2 months ago )
File names lQEtaOzULH.exe
3ttzHlfx7.exe
vM6HDMd1p.exe
rStMkEJkbG.exe
zNnZRYmeE.exe
output.114513757.txt
OcEEelU7aGiC.exe
hexaiface.exe
A5V86kLRrH.exe
VC8EPHog.exe
Lxl4sPqe.exe
m5Tjhq3x2h.exe
ZdBFsQTx.exe
49c2de01488106b728698c1e05184fc4
kC0hpkEhsA9.exe
nirmalathe.exe
XZw5DUdxWR.exe
Gg8ZFyhql.exe
output.114502913.txt
Emotet-malware-binary 1509.exe
8P5vGqr18F.exe
shimscofire.exe
statusappx.exe
hz1xuXIpt.exe
vzo.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!