× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 202e94258c2bfb90eac41ad2966fed556e427cedfef508c382aad574859492bb
File name: c12a47c696b710dcefd5bc27632982d1c37f47cb
Detection ratio: 37 / 66
Analysis date: 2018-05-15 03:09:26 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.322022 20180515
AegisLab Ml.Attribute.Gen!c 20180515
Avast Win32:Malware-gen 20180514
AVG Win32:Malware-gen 20180514
Avira (no cloud) TR/Crypt.ZPACK.qqopt 20180515
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180511
BitDefender Gen:Variant.Razy.322022 20180515
CAT-QuickHeal Trojan.Drixed.100454 20180514
Comodo CloudScanner.Trojan.Gen 20180515
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180515
Cyren W32/Trojan.QMIP-2549 20180514
eGambit Unsafe.AI_Score_99% 20180515
Emsisoft Gen:Variant.Razy.322022 (B) 20180515
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGRY 20180515
F-Secure Gen:Variant.Razy.322022 20180514
Fortinet W32/Kryptik.GGRY!tr 20180514
Ikarus Win32.Outbreak 20180514
Sophos ML heuristic 20180503
Kaspersky Trojan-Banker.Win32.Emotet.ansv 20180515
Malwarebytes Trojan.Emotet 20180515
MAX malware (ai score=94) 20180515
McAfee RDN/Generic.grp 20180515
McAfee-GW-Edition BehavesLike.Win32.Ransom.ch 20180514
Microsoft Trojan:Win32/Cloxer.D!cl 20180515
eScan Gen:Variant.Razy.322022 20180515
Palo Alto Networks (Known Signatures) generic.ml 20180515
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180515
Symantec ML.Attribute.HighConfidence 20180514
TrendMicro-HouseCall Suspicious_GEN.F47V0514 20180515
VBA32 Malware-Cryptor.Limpopo 20180514
VIPRE Trojan.Win32.Generic!BT 20180515
ViRobot Trojan.Win32.Z.Highconfidence.135168.AZ 20180514
Webroot W32.Trojan.Emotet 20180515
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ansv 20180515
AhnLab-V3 20180514
Alibaba 20180515
ALYac 20180514
Antiy-AVL 20180515
Arcabit 20180514
Avast-Mobile 20180514
AVware 20180428
Babable 20180406
Bkav 20180514
ClamAV 20180514
CMC 20180514
Cybereason None
F-Prot 20180514
GData 20180515
Jiangmin 20180515
K7AntiVirus 20180514
K7GW 20180515
Kingsoft 20180515
NANO-Antivirus 20180515
nProtect 20180515
Panda 20180514
Qihoo-360 20180515
Rising 20180515
SUPERAntiSpyware 20180515
Symantec Mobile Insight 20180515
Tencent 20180515
TheHacker 20180509
TotalDefense 20180514
TrendMicro 20180515
Trustlook 20180515
Yandex 20180513
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-14 16:35:46
Entry Point 0x00001466
Number of sections 4
PE sections
PE imports
DuplicateToken
CertVerifySubjectCertificateContext
GetArcDirection
RemoveFontResourceW
ColorCorrectPalette
SetSystemPaletteUse
ImmConfigureIMEW
GetTickCount64
GetCommandLineA
OpenFile
LocalSize
GetSystemDefaultUILanguage
ScrollConsoleScreenBufferA
Sleep
FindVolumeMountPointClose
GetHandleInformation
SetThreadAffinityMask
SetHandleInformation
FillConsoleOutputAttribute
WriteConsoleW
RevokeActiveObject
SHGetMalloc
PathIsLFNFileSpecW
StrChrA
EndDeferWindowPos
GetScrollBarInfo
GetWindowRect
GetScrollRange
IsDlgButtonChecked
SetWindowContextHelpId
GetDesktopWindow
SetCursorPos
SetMenuDefaultItem
EnumPrinterDriversW
SCardLocateCardsW
Number of PE resources by type
RT_STRING 10
RT_BITMAP 3
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:14 17:35:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
10.0

EntryPoint
0x1466

InitializedDataSize
122880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 06d4a3ca141bd3fad01557cca9b4435a
SHA1 c12a47c696b710dcefd5bc27632982d1c37f47cb
SHA256 202e94258c2bfb90eac41ad2966fed556e427cedfef508c382aad574859492bb
ssdeep
3072:D1K+ssssssssssssssssssssssssssssssssssssssssssssssissssssssssssQ:D1xssssssssssssssssssssssssssss8

authentihash 581e5c8f724911b00c231f640d526b0222de75f6a6c8d4f39f33e0b7fd64096a
imphash a294b05560f043b7f3684b4a81ee8037
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-14 16:40:53 UTC ( 9 months, 1 week ago )
Last submission 2018-05-21 19:02:33 UTC ( 9 months ago )
File names c12a47c696b710dcefd5bc27632982d1c37f47cb
swimserif.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!