× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29580c38ecaa61c0335a07f6bbbf0fe61fa597bc3c7282eb42954277217c675b
File name: .
Detection ratio: 40 / 67
Analysis date: 2018-07-16 20:25:16 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31095465 20180716
AegisLab Troj.Banker.W32.Emotet!c 20180716
AhnLab-V3 Trojan/Win32.Emotet.R231763 20180716
ALYac Trojan.GenericKD.31095465 20180716
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180716
Arcabit Trojan.Generic.D1DA7AA9 20180716
Avast FileRepMalware 20180716
AVG FileRepMalware 20180716
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180716
BitDefender Trojan.GenericKD.31095465 20180716
Comodo .UnclassifiedMalware 20180716
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180716
Cyren W32/Trojan.IMUE-6306 20180716
Emsisoft Trojan.GenericKD.31095465 (B) 20180716
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIUR 20180716
Fortinet W32/Kryptik.GIUR!tr 20180716
GData Trojan.GenericKD.31095465 20180716
Ikarus Trojan.Win32.Crypt 20180716
Sophos ML heuristic 20180601
K7GW Trojan ( 00537caf1 ) 20180716
Kaspersky Trojan-Banker.Win32.Emotet.axqm 20180716
Malwarebytes Spyware.Emotet 20180716
MAX malware (ai score=95) 20180716
McAfee Generic.dvz 20180716
McAfee-GW-Edition Artemis 20180716
Microsoft Trojan:Win32/Fuerboos.A!cl 20180716
eScan Trojan.GenericKD.31095465 20180716
NANO-Antivirus Trojan.Win32.Emotet.ffjptd 20180716
Panda Trj/GdSda.A 20180716
Qihoo-360 Win32/Trojan.6ba 20180716
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgTLYFRAh8IbQA) 20180716
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180716
Symantec Packed.Generic.517 20180716
TrendMicro TROJ_GEN.USGF18 20180716
TrendMicro-HouseCall TROJ_GEN.USGF18 20180716
Webroot W32.Trojan.Emotet 20180716
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.axqm 20180716
Alibaba 20180713
Avast-Mobile 20180716
Avira (no cloud) 20180716
AVware 20180716
Babable 20180406
Bkav 20180716
CAT-QuickHeal 20180716
ClamAV 20180716
CMC 20180716
Cybereason 20180225
DrWeb 20180716
eGambit 20180716
F-Prot 20180716
F-Secure 20180706
Jiangmin 20180716
K7AntiVirus 20180716
Kingsoft 20180716
Palo Alto Networks (Known Signatures) 20180716
SUPERAntiSpyware 20180716
TACHYON 20180716
Tencent 20180716
TheHacker 20180716
TotalDefense 20180716
Trustlook 20180716
VBA32 20180716
VIPRE 20180716
ViRobot 20180716
Yandex 20180716
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wfw.fwf
Internal name вввы (03.2)
Description Windows Cryptographic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x00001949
Number of sections 6
PE sections
PE imports
SetBitmapBits
lstrlenA
FlsFree
SystemTimeToTzSpecificLocalTime
DdeDisconnectList
ShowCursor
GetClipboardOwner
CryptCATCDFEnumMembers
UninstallColorProfileW
isleadbyte
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Cryptographic

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
10240

EntryPoint
0x1949

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
(03.2)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ddfdgf dgdsger

CodeSize
100864

ProductName
Microsoft Windows Operating S

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 49baf99cf0df6100e73e146dc064e5da
SHA1 a5a7c668ac4626abab15c98932d592f01ffc59a2
SHA256 29580c38ecaa61c0335a07f6bbbf0fe61fa597bc3c7282eb42954277217c675b
ssdeep
1536:UQb0RjBIyHv3PpVJvU69idzyabaetfey:UQb0RmyHHTqdzdrZb

authentihash e908cffbd771c4de3a3fddfa0aa61749d7e67b8ec050a2cc085281e3b5e954d7
imphash 71c4156212a82abeba56801e0d235d1c
File size 105.5 KB ( 108032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-15 18:17:55 UTC ( 7 months ago )
Last submission 2018-07-21 06:36:14 UTC ( 7 months ago )
File names wfw.fwf
вввы (03.2)
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!