× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 194040e0c7f86cc7e761bfdcb10c2d42abc15b1f789091d61fdb885cd62e4cfc
File name: xld0Qse.exe
Detection ratio: 19 / 70
Analysis date: 2018-12-03 19:55:27 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181203
Comodo TrojWare.Win32.Trojan.XPack.~gen1@1rwlif 20181203
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.f437c7 20180225
Cylance Unsafe 20181203
eGambit Unsafe.AI_Score_99% 20181203
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181203
McAfee Artemis!1A05B26F437C 20181203
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181203
Microsoft Trojan:Win32/Emotet.AC!bit 20181203
Palo Alto Networks (Known Signatures) generic.ml 20181203
Qihoo-360 HEUR/QVM20.1.9FD9.Malware.Gen 20181203
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181203
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181203
Webroot W32.Trojan.Emotet 20181203
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181203
Ad-Aware 20181203
AegisLab 20181203
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181203
Antiy-AVL 20181202
Arcabit 20181203
Avast 20181203
Avast-Mobile 20181203
Avira (no cloud) 20181203
Babable 20180918
Baidu 20181203
BitDefender 20181203
Bkav 20181203
CAT-QuickHeal 20181203
ClamAV 20181203
CMC 20181203
Cyren 20181203
DrWeb 20181203
Emsisoft 20181203
ESET-NOD32 20181203
F-Prot 20181203
F-Secure 20181203
Fortinet 20181203
GData 20181203
Ikarus 20181203
Jiangmin 20181203
K7AntiVirus 20181203
K7GW 20181203
Kingsoft 20181203
Malwarebytes 20181203
MAX 20181203
eScan 20181203
NANO-Antivirus 20181203
Panda 20181203
Sophos AV 20181203
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181203
Tencent 20181203
TheHacker 20181202
TotalDefense 20181203
Trapmine 20181128
TrendMicro 20181203
TrendMicro-HouseCall 20181203
Trustlook 20181203
VBA32 20181203
VIPRE 20181202
ViRobot 20181203
Yandex 20181130
Zillya 20181203
Zoner 20181203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 16:15:57
Entry Point 0x000045E0
Number of sections 5
PE sections
PE imports
CM_Reenumerate_DevNode_Ex
ImageList_SetIconSize
CryptMsgGetAndVerifySigner
SelectClipPath
LineTo
GetRandomRgn
GetVolumePathNamesForVolumeNameW
GlobalMemoryStatus
GetDriveTypeW
GetNamedPipeClientComputerNameA
GetBinaryTypeW
GetModuleHandleA
Process32First
lstrlenW
GetStringTypeExA
FillConsoleOutputAttribute
SetupDiDestroyDriverInfoList
SetupDefaultQueueCallbackW
SHRegQueryInfoUSKeyW
StrChrA
StrSpnW
GetComputerObjectNameW
InsertMenuA
GetPriorityClipboardFormat
BeginDeferWindowPos
GetMenu
EnumDisplayMonitors
ExcludeUpdateRgn
GetUpdateRect
RealGetWindowClassA
InternetFindNextFileA
AddPrinterW
g_rgSCardT1Pci
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:03 17:15:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x45e0

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 1a05b26f437c77493b60fc15ef1da444
SHA1 0adfddf098df3fa37df4ad906bf6c282a8517a88
SHA256 194040e0c7f86cc7e761bfdcb10c2d42abc15b1f789091d61fdb885cd62e4cfc
ssdeep
3072:s7TYQI83xzZzYIs7zfs1bCczPx4mxY0QP9w:s3YQI8347jRczJ4j/

authentihash 9292cc33018e43b794fc354577b00ce37d433e6489d9b829bfe5181be7a4d6a2
imphash 3898e3681bc9d91d8f0d20b4cbad20a6
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 16:20:58 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-03 17:04:03 UTC ( 2 months, 3 weeks ago )
File names 45623691.exe
49103679.exe
898.exe
4006.exe
wups.
cyrlreports.exe
xld0Qse.exe
androidcyan.exe
95.exe
831.exe
478517.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!