× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 149f976562c3d131f4d959464a058501793a83bfa2c6ccc2fdc4952f464d6120
File name: 5fe338a81ba49c953966d640cb09b614.virus
Detection ratio: 51 / 57
Analysis date: 2017-01-11 17:47:57 UTC ( 1 week ago )
Antivirus Result Update
ALYac Win32.Virtob.4.Gen 20170111
AVG Win32/Virut.AC 20170111
AVware Virus.Win32.Madang.d (v) 20170111
Ad-Aware Win32.Virtob.4.Gen 20170111
AhnLab-V3 Win32/Virut.D 20170111
Antiy-AVL Virus/Win32.Virut.n 20170111
Arcabit Win32.Virtob.4.Gen 20170111
Avast Win32:Virut 20170111
Avira (no cloud) W32/Small.L 20170111
Baidu Win32.Virus.Virut.i 20170111
BitDefender Win32.Virtob.4.Gen 20170111
Bkav W32.Vetor.PE 20170111
CAT-QuickHeal W32.Virut.D 20170111
ClamAV Win.Trojan.Virut-230 20170111
Comodo Virus.Win32.Virut.q 20170111
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Virut.10631.A 20170111
DrWeb Win32.Virut.5 20170111
ESET-NOD32 Win32/Virut.U 20170111
Emsisoft Win32.Virtob.4.Gen (B) 20170111
F-Prot W32/Virut.10631.A 20170111
F-Secure Win32.Virtob.4.Gen 20170111
Fortinet W32/Virut.fam 20170111
GData Win32.Virtob.4.Gen 20170111
Ikarus Virus.Win32.Small 20170111
Invincea virus.win32.virut.ae 20170111
Jiangmin Win32/Virut.f 20170111
K7AntiVirus Virus ( 00001b761 ) 20170111
K7GW Virus ( 00001b761 ) 20170111
Kaspersky Virus.Win32.Virut.q 20170111
Kingsoft Win32.Virut.ce.57344 20170111
McAfee W32/Virut.gen.A 20170108
McAfee-GW-Edition BehavesLike.Win32.Virut.qh 20170111
eScan Win32.Virtob.4.Gen 20170111
Microsoft Virus:Win32/Virut.AE 20170111
NANO-Antivirus Virus.Win32.Small.dtdxys 20170111
Panda Generic Malware 20170111
Qihoo-360 Virus.Win32.Virut.AD 20170111
Rising Malware.Heuristic!ET#82% (rdm+) 20170111
Sophos W32/Vetor-A 20170111
Symantec W32.Virut.U 20170111
TheHacker W32/Virut.Q1 20170108
TotalDefense Win32/Virut!generic 20170111
TrendMicro-HouseCall PE_VIRUT.XS-4 20170111
VBA32 Virus.Virut.07 20170110
VIPRE Virus.Win32.Madang.d (v) 20170111
ViRobot Win32.Virut.Gen.B[h] 20170111
Yandex Win32.Madang.C 20170111
Zillya Virus.Virut.Win32.31 20170111
Zoner Win32.Virut.A 20170111
nProtect Virus/W32.Virut.D 20170111
AegisLab 20170111
Alibaba 20170111
CMC 20170111
Malwarebytes 20170111
SUPERAntiSpyware 20170111
Tencent 20170111
Trustlook 20170111
WhiteArmor 20170111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002-2003 Microsoft Corporation. All rights reserved.

Product Watson Subscriber for SENS Network Notifications
Original name dwtrig20.exe
Internal name dwtrig20.exe
File version 11.0.8160
Description Watson Subscriber for SENS Network Notifications
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2055-05-25 18:10:40
Entry Point 0x00024B60
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
AddAccessDeniedAce
CopySid
RegQueryValueExA
InitializeAcl
RegDeleteKeyW
InitializeSecurityDescriptor
ConvertSidToStringSidA
RegQueryValueExW
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
GetTokenInformation
IsValidSid
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
AddAce
GetLastError
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetShortPathNameW
GetModuleFileNameW
GlobalFree
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
VirtualFree
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetSystemDefaultLCID
lstrlenW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetProcAddress
GetCurrentThread
OpenMutexA
CreateMutexA
RaiseException
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
SetEvent
LocalFree
TerminateProcess
GetLongPathNameW
CreateEventW
lstrcmpiW
GlobalAlloc
CreateProcessW
GetFileAttributesW
InterlockedDecrement
Sleep
TlsSetValue
GetSystemWindowsDirectoryW
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
_except_handler3
_cexit
_c_exit
memmove
_exit
_adjust_fdiv
__setusermatherr
__p__commode
__dllonexit
__p__fmode
__wgetmainargs
_controlfp
_amsg_exit
exit
_XcptFilter
__p___winitenv
_wtol
_onexit
_initterm
__set_app_type
LoadRegTypeLib
LoadTypeLib
SysFreeString
SysAllocString
SHGetSpecialFolderPathW
SystemParametersInfoW
CoInitializeEx
CoUninitialize
CoRevokeClassObject
StringFromIID
CoCreateInstance
StringFromCLSID
CoRegisterClassObject
CoTaskMemFree
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

ProductName
Watson Subscriber for SENS Network Notifications

FileVersionNumber
11.0.8160.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
100864

FileTypeExtension
exe

OriginalFileName
dwtrig20.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
11.0.8160

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2055:05:25 19:10:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dwtrig20.exe

SubsystemVersion
4.0

ProductVersion
11.0.8160

FileDescription
Watson Subscriber for SENS Network Notifications

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2002-2003 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
26112

FileSubtype
0

ProductVersionNumber
11.0.8160.0

EntryPoint
0x24b60

ObjectFileType
Executable application

File identification
MD5 5fe338a81ba49c953966d640cb09b614
SHA1 6ba4d2f0dd2e9d050631821da44ae557c85660d1
SHA256 149f976562c3d131f4d959464a058501793a83bfa2c6ccc2fdc4952f464d6120
ssdeep
1536:o1UmxIyYclkOZB4NgbeG/H4m5u1FaeepAi26y1HPU:9y28C2bD/H4m5u1E9W

authentihash 816966d7e08af941a6d87ee5c596c773dfe2def1af822fc62d263ce39ee148a0
imphash 590291a24e818bb78c2fe32d715f214a
File size 54.5 KB ( 55850 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-11 17:47:57 UTC ( 1 week ago )
Last submission 2017-01-11 17:47:57 UTC ( 1 week ago )
File names dwtrig20.exe
5fe338a81ba49c953966d640cb09b614.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections
UDP communications