× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd
File name: ftGdhq8WSQ.exe
Detection ratio: 16 / 68
Analysis date: 2018-09-10 12:39:14 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180910
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180910
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180910
McAfee GenericRXGJ-UI!7F0297E93877 20180910
McAfee-GW-Edition Artemis!Trojan 20180910
Microsoft Trojan:Win32/Emotet.AC!bit 20180910
Palo Alto Networks (Known Signatures) generic.ml 20180910
Rising Trojan.Emotet!8.B95 (CLOUD) 20180910
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180910
Symantec ML.Attribute.HighConfidence 20180910
Webroot W32.Trojan.Emotet 20180910
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180910
Ad-Aware 20180910
AegisLab 20180910
AhnLab-V3 20180910
Alibaba 20180713
ALYac 20180910
Antiy-AVL 20180910
Arcabit 20180910
Avast 20180910
Avast-Mobile 20180910
AVG 20180910
Avira (no cloud) 20180910
AVware 20180910
Babable 20180907
BitDefender 20180910
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180910
CMC 20180910
Comodo 20180910
Cybereason 20180225
Cyren 20180910
DrWeb 20180910
eGambit 20180910
Emsisoft 20180910
ESET-NOD32 20180910
F-Prot 20180910
F-Secure 20180910
Fortinet 20180910
GData 20180910
Ikarus 20180910
Jiangmin 20180910
K7AntiVirus 20180910
K7GW 20180910
Kingsoft 20180910
Malwarebytes 20180910
MAX 20180910
eScan 20180910
NANO-Antivirus 20180910
Panda 20180910
Qihoo-360 20180910
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180910
Tencent 20180910
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180910
TrendMicro-HouseCall 20180910
Trustlook 20180910
VBA32 20180907
VIPRE 20180910
ViRobot 20180910
Yandex 20180908
Zillya 20180908
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001 Hewlett-Packard Company

Product Hewlett-Packard Master Monitor, WINNT version
Original name MSTRMON
Internal name MSTRMON
File version 10.00.14
Description Win32 Master Monitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-10 09:47:48
Entry Point 0x0001C871
Number of sections 5
PE sections
PE imports
RegDisablePredefinedCacheEx
RevertToSelf
GetSaveFileNameW
CryptMsgGetAndVerifySigner
SelectPalette
CreateFontA
GetTextCharacterExtra
GetPath
CreateSolidBrush
ConnectNamedPipe
GetDriveTypeW
GetModuleHandleA
WTSGetActiveConsoleSessionId
UnhandledExceptionFilter
LoadLibraryExW
SetVolumeLabelA
UnlockFileEx
OutputDebugStringA
VerifyScripts
SetLocalTime
VerifyVersionInfoW
LZSeek
LZClose
LZInit
MprConfigTransportSetInfo
MprAdminMIBServerDisconnect
GetActiveObject
VarCyFromR4
VariantTimeToSystemTime
VarParseNumFromStr
glEvalCoord1f
EnumPwrSchemes
RpcServerRegisterAuthInfoW
SetupIterateCabinetW
StrToInt64ExA
PathFindNextComponentW
PathIsRootW
EnumerateSecurityPackagesW
GetCaretBlinkTime
IsWindow
GetParent
InternetReadFile
InternetWriteFile
mixerGetControlDetailsW
waveInGetID
CryptCATPutAttrInfo
CryptCATPutMemberInfo
SCardTransmit
ungetc
realloc
fprintf
fputwc
isdigit
GetHGlobalFromStream
StringFromGUID2
OleBuildVersion
CoInternetCreateZoneManager
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
0

SubsystemVersion
5.0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Win32 Master Monitor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
79872

PrivateBuild
This is a Release version!

EntryPoint
0x1c871

OriginalFileName
MSTRMON

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001 Hewlett-Packard Company

FileVersion
10.00.14

TimeStamp
2018:09:10 11:47:48+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSTRMON

ProductVersion
10.00.14

UninitializedDataSize
1006425862

OSVersion
5.1

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hewlett-Packard

LegalTrademarks
All Rights Reserved.

ProductName
Hewlett-Packard Master Monitor, WINNT version

ProductVersionNumber
10.0.0.14

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7f0297e938775d06c129b71dc986cab1
SHA1 d89bc4d229810524492b2ce731e68afb5e700a01
SHA256 2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd
ssdeep
6144:sXzEO1wWVgh6TNzIDqHve8s/xXB74Zt8U:Czp1ssWqHmvR74Zt8U

authentihash cd7a6f138b9e784ce35b8cd9cf76d09722e2d76a6a50c5cf50f1cc4b3f78d1b2
imphash ef8a5b4c3f8f97e5c38c672c2e432a62
File size 284.5 KB ( 291328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-10 10:10:24 UTC ( 5 months, 2 weeks ago )
Last submission 2018-11-13 17:01:17 UTC ( 3 months, 1 week ago )
File names c5jnBfU2.exe
xgIidGNwitn7.exe
uUwfBH8An.exe
vSQQX76L3Y.exe
Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe
GnlTV99nwF.exe
OamqOypHz.exe
ftGdhq8WSQ.exe
7eO8KjonDU.exe
zLfrCvd4kOu.exe
KQ9wXlYcp.exe
0nfSYdTIENp.exe
zDbioLVth.exe
7f0297e938775d06c129b71dc986cab1.1.bin
hK3MxCoE.exe
7f0297e938775d06c129b71dc986cab1
04.exe
C13vpx1wTUin.exe
leelawstarta.exe
gDriZkJKrPkO.exe
o47KErNzkTXG.exe
cpeS3jHEPU.exe
MSTRMON
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!