× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 190bf8feb875e47bb2111bcb3e826bc7594451799dc54ccc6bde4114e90beef9
File name: C94AC921.exe
Detection ratio: 12 / 68
Analysis date: 2018-06-24 08:17:51 UTC ( 8 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180624
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180622
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.4a4d53 20180225
Cylance Unsafe 20180624
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GHWC!tr 20180624
Sophos ML heuristic 20180601
Palo Alto Networks (Known Signatures) generic.ml 20180624
Qihoo-360 HEUR/QVM20.1.0DBC.Malware.Gen 20180624
Symantec ML.Attribute.HighConfidence 20180623
Webroot W32.Trojan.Emotet 20180624
Ad-Aware 20180624
AegisLab 20180622
AhnLab-V3 20180623
Alibaba 20180622
ALYac 20180624
Antiy-AVL 20180624
Arcabit 20180624
Avast 20180624
Avast-Mobile 20180623
Avira (no cloud) 20180623
AVware 20180624
Babable 20180406
BitDefender 20180624
Bkav 20180623
CAT-QuickHeal 20180623
ClamAV 20180624
CMC 20180624
Comodo 20180624
Cyren 20180624
DrWeb 20180624
eGambit 20180624
Emsisoft 20180624
ESET-NOD32 20180624
F-Prot 20180624
F-Secure 20180624
GData 20180624
Ikarus 20180623
Jiangmin 20180624
K7AntiVirus 20180624
K7GW 20180624
Kaspersky 20180624
Kingsoft 20180624
Malwarebytes 20180624
MAX 20180624
McAfee 20180624
McAfee-GW-Edition 20180624
Microsoft 20180624
eScan 20180624
NANO-Antivirus 20180624
Panda 20180623
Rising 20180624
SentinelOne (Static ML) 20180618
Sophos AV 20180624
SUPERAntiSpyware 20180624
Symantec Mobile Insight 20180619
TACHYON 20180624
Tencent 20180624
TheHacker 20180624
TotalDefense 20180624
TrendMicro 20180624
TrendMicro-HouseCall 20180624
Trustlook 20180624
VBA32 20180622
VIPRE 20180624
ViRobot 20180623
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180624
Zoner 20180623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-24 07:41:13
Entry Point 0x00001978
Number of sections 6
PE sections
PE imports
RegDeleteValueA
GdiFlush
GetROP2
GetNearestPaletteIndex
GetWorldTransform
CreateCompatibleBitmap
ImmGetCompositionWindow
GetSystemTime
LocalFree
LCMapStringW
GetConsoleFontSize
GetCurrentProcessId
SetFilePointer
GetThreadUILanguage
BackupWrite
GetCommandLineA
LockFile
MprConfigInterfaceTransportGetHandle
SafeArrayUnlock
VarBstrFromBool
BSTR_UserUnmarshal
RpcBindingToStringBindingW
I_RpcServerSetAddressChangeFn
PathParseIconLocationW
StrStrIW
DrawEdge
GetClipboardViewer
GetParent
GetSubMenu
GetKBCodePage
GetQueueStatus
LookupIconIdFromDirectory
AttachThreadInput
IsWindowVisible
DeferWindowPos
keybd_event
GetClassInfoW
ToUnicode
GetShellWindow
GetWindowContextHelpId
GetInputState
VerQueryValueW
VerFindFileW
WintrustRemoveActionID
SCardTransmit
GetColorDirectoryW
StgIsStorageFile
PdhEnumObjectsHW
URLOpenStreamA
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:24 09:41:13+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15872

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1978

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1d1926eb3477366069a91a624cfbb918
SHA1 47c46074a4d5360e4cfb879b023b9de9bc335427
SHA256 190bf8feb875e47bb2111bcb3e826bc7594451799dc54ccc6bde4114e90beef9
ssdeep
3072:0oCf9ZIZTAiokkqKc8TJT4XlOWvHkt9W95HD9ey3l6VX2fZQhUib:0oAQpAioxqKXJwAWvH68r33QMo

authentihash ffafbfc659f5c0abe28937d564fc5c391750aa36b0ceb68aa9e953f733e37c5d
imphash 68399b3fde09dce1700713c1ffaddfa7
File size 187.0 KB ( 191488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-24 08:17:51 UTC ( 8 months ago )
Last submission 2019-02-14 06:44:29 UTC ( 1 week, 1 day ago )
File names C94AC921.exe
f4b9c1cb6dbe68c76773765a3177d3fca8bffb39
46876.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!