× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 217755dd9764c3ca51150b6e22a48cbb75b90a1cc7cf2079221a92b73e69c950
File name: efSCSK3QHpBoezrWs1.exe
Detection ratio: 42 / 70
Analysis date: 2019-01-12 08:58:36 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.QZ 20190112
AhnLab-V3 Trojan/Win32.Emotet.R251442 20190112
ALYac Trojan.Emotet.QZ 20190112
Avast Win32:BankerX-gen [Trj] 20190112
AVG Win32:BankerX-gen [Trj] 20190112
BitDefender Trojan.Emotet.QZ 20190112
Comodo Malware@#p7e8xq6z3igv 20190112
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.692042 20190109
Cylance Unsafe 20190113
Cyren W32/Trojan.VTHU-2574 20190112
eGambit Unsafe.AI_Score_99% 20190113
Emsisoft Trojan.Emotet.QZ (B) 20190112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOND 20190112
F-Secure Trojan.Emotet.QZ 20190111
Fortinet W32/Kryptik.GOKZ!tr 20190112
GData Trojan.Emotet.QZ 20190112
Ikarus Trojan.Emotet 20190112
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190112
K7GW Riskware ( 0040eff71 ) 20190112
Kaspersky Trojan-Banker.Win32.Emotet.byvp 20190112
Malwarebytes Trojan.Emotet 20190112
MAX malware (ai score=100) 20190113
McAfee Emotet-FLN!5B0C6C2B2EAB 20190112
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190112
Microsoft Trojan:Win32/Emotet.AC!bit 20190112
eScan Trojan.Emotet.QZ 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190113
Panda Trj/RnkBend.A 20190112
Qihoo-360 HEUR/QVM19.1.7719.Malware.Gen 20190113
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190112
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190112
Symantec Packed.Generic.517 20190112
Tencent Win32.Trojan-banker.Emotet.Suxw 20190113
Trapmine suspicious.low.ml.score 20190103
TrendMicro TROJ_FRS.VSN0BA19 20190112
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHGC.hp 20190113
Webroot W32.Trojan.Emotet 20190113
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byvp 20190112
Acronis 20190111
AegisLab 20190112
Alibaba 20180921
Antiy-AVL 20190112
Avast-Mobile 20190112
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190112
DrWeb 20190112
F-Prot 20190112
Jiangmin 20190112
Kingsoft 20190113
NANO-Antivirus 20190112
SUPERAntiSpyware 20190109
TACHYON 20190112
TheHacker 20190106
TotalDefense 20190112
Trustlook 20190113
VBA32 20190111
VIPRE 20190113
ViRobot 20190113
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright c 2000

Product Ulead VerCheck
Original name VerCheck.exe
Internal name VerCheck
File version 4, 0, 0, 0
Description VerCheck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-11 09:36:59
Entry Point 0x0000259E
Number of sections 5
PE sections
PE imports
LookupPrivilegeDisplayNameA
GetSidIdentifierAuthority
GetWindowsAccountDomainSid
IsValidAcl
GetServiceKeyNameA
FindTextW
GetFileTitleW
GetLogColorSpaceA
LineTo
FrameRgn
GetTextFaceW
GetCharWidthW
GetTextCharset
GetBitmapBits
DefineDosDeviceW
FlushConsoleInputBuffer
GetConsoleOutputCP
GetConsoleFontSize
lstrlenA
GetConsoleCP
ExitProcess
ExpandEnvironmentStringsW
GetCurrentProcess
GetConsoleMode
GetSystemDefaultLCID
FreeEnvironmentStringsW
VerifyScripts
FillConsoleOutputAttribute
GetCurrentThread
lstrcpynW
GetTimeFormatW
GetTempPathA
GetFileSizeEx
GetFileInformationByHandle
GetSystemDefaultUILanguage
FreeConsole
GetCommConfig
GetModuleHandleW
LocalFree
GetEnvironmentVariableA
GetConsoleWindow
GetCurrentConsoleFont
GetLongPathNameA
GetErrorInfo
ExtractAssociatedIconA
ExtractIconW
FindExecutableA
ExtractAssociatedIconW
GetMenuItemCount
LookupIconIdFromDirectory
LoadMenuA
LockWindowUpdate
DefWindowProcW
DefFrameProcA
CreateIconFromResource
GetUserObjectInformationA
GetMenuStringA
DefMDIChildProcA
LoadKeyboardLayoutA
GetProcessWindowStation
GetClassLongA
GetKeyState
GetPrinterDriverW
GetPrinterW
strtod
mbtowc
fputws
strtoul
GetConvertStg
FaultInIEFeature
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VerCheck

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
147456

EntryPoint
0x259e

OriginalFileName
VerCheck.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright c 2000

FileVersion
4, 0, 0, 0

TimeStamp
2019:01:11 10:36:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VerCheck

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ulead

CodeSize
20480

ProductName
Ulead VerCheck

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5b0c6c2b2eabd4c1e2606290f6efba89
SHA1 3459feb69204212dea4d20cc30321adc1e48de68
SHA256 217755dd9764c3ca51150b6e22a48cbb75b90a1cc7cf2079221a92b73e69c950
ssdeep
3072:AW4JVufEbnjgunWs/toLzx9MnBiLTCvtDTQHV/4i3AZ:AtHpnVnWwttnj

authentihash 9d221c46689fa28bbdbe7f2a073eeca63c5e76a625d91a1375e9dce6338d7514
imphash f6f055ef58db7919627bb08bb87a8ae1
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 01:39:27 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 01:39:27 UTC ( 1 month, 1 week ago )
File names efSCSK3QHpBoezrWs1.exe
VerCheck
VerCheck.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!