× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14be9c27b89b5e0c48232d052e57a93baf64f6150f13b31f11215c3a1906b2c8
File name: qHH25JaU3UYv0n61q.exe
Detection ratio: 35 / 69
Analysis date: 2018-09-26 17:51:26 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40521275 20180926
AhnLab-V3 Trojan/Win32.Emotet.R237988 20180926
ALYac Trojan.GenericKD.40521275 20180926
Arcabit Trojan.Generic.D26A4E3B 20180926
Avast Win32:MalwareX-gen [Trj] 20180926
AVG Win32:MalwareX-gen [Trj] 20180926
BitDefender Trojan.GenericKD.40521275 20180926
CAT-QuickHeal Trojan.Drixed.100454 20180926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180926
Cyren W32/Emotet.GP.gen!Eldorado 20180926
Emsisoft Trojan.Emotet (A) 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLBH 20180926
F-Prot W32/Emotet.GP.gen!Eldorado 20180926
F-Secure Trojan.GenericKD.40521275 20180926
Fortinet W32/Kryptik.GLBH!tr 20180926
GData Trojan.GenericKD.40521275 20180926
Ikarus Trojan.Win32.Crypt 20180926
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.besf 20180926
Malwarebytes Trojan.Emotet 20180926
McAfee Emotet-FJG!A8F54942C286 20180926
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180926
Microsoft Trojan:Win32/Emotet.AC!bit 20180926
eScan Trojan.GenericKD.40521275 20180926
Palo Alto Networks (Known Signatures) generic.ml 20180926
Panda Trj/RnkBend.A 20180926
Qihoo-360 HEUR/QVM20.1.19D7.Malware.Gen 20180926
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgOjYHGht61ixA) 20180926
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20180926
Symantec Trojan.Gen.2 20180926
VIPRE Trojan.Win32.Generic!BT 20180926
Webroot W32.Trojan.Emotet 20180926
AegisLab 20180926
Alibaba 20180921
Antiy-AVL 20180926
Avast-Mobile 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
Bkav 20180925
ClamAV 20180926
CMC 20180926
Comodo 20180926
Cybereason 20180225
DrWeb 20180926
eGambit 20180926
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kingsoft 20180926
MAX 20180926
NANO-Antivirus 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180926
TrendMicro-HouseCall 20180926
Trustlook 20180926
VBA32 20180926
ViRobot 20180926
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Product Micros
Internal name spwi
File version 6.1.760
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-25 11:16:32
Entry Point 0x00004A90
Number of sections 5
PE sections
PE imports
EnumServicesStatusExW
InitiateSystemShutdownA
LookupAccountSidW
GetTextCharset
GetUserDefaultUILanguage
IsThreadAFiber
FindResourceExA
LocalLock
GetBinaryTypeW
GetFileSize
DeleteVolumeMountPointW
FindFirstVolumeMountPointW
GetLargestConsoleWindowSize
FormatMessageW
LocalHandle
lstrcmpW
GetCommConfig
FreeContextBuffer
GetClipboardViewer
GetLastInputInfo
GetKeyboardLayoutList
GetTabbedTextExtentW
DrawTextExA
IsCharLowerW
GetMenuBarInfo
DeletePrinterDriverExW
SCardGetProviderIdA
fwprintf
ungetwc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
159744

UninitializedDataSize
0

LinkerVersion
16.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x4a90

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. Al

FileVersion
6.1.760

TimeStamp
2018:09:25 13:16:32+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
spwi

ProductVersion
6.1.760

SubsystemVersion
4.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpor

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a8f54942c286ee264028f3d5bbf8ff0f
SHA1 024a68a4c0fb41a9877fbf884e52589aca76e190
SHA256 14be9c27b89b5e0c48232d052e57a93baf64f6150f13b31f11215c3a1906b2c8
ssdeep
3072:YzMGAYggjxPldwxqoiw3tmX00C4Nbj9yNwwjU:YzMGAujxtmXiw9mW4NPUGwj

authentihash 7a9c6f659461fe7f600dd42e102a699f27007da6135a73af7aeeeff84ed42118
imphash d295461382da2fe07f817c11412e184f
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-25 11:19:59 UTC ( 3 months, 3 weeks ago )
Last submission 2018-11-16 18:38:42 UTC ( 2 months ago )
File names qHH25JaU3UYv0n61q.exe
spwi
22079944.EXE
FIGTKWNWUKMW.EXE
filestaupe.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!