× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a5564e43c4650f7378cb65e6d4eea276604ca361d9f323ced0ca82e35e105f2
File name: dcomshed.exe
Detection ratio: 24 / 67
Analysis date: 2017-11-29 18:05:49 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Filerepmalware.Gen!c 20171129
Avast FileRepMalware 20171129
AVG FileRepMalware 20171129
Avira (no cloud) TR/Crypt.ZPACK.hbzdj 20171129
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171129
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.e6cf42 20171103
Cylance Unsafe 20171129
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FZTJ 20171129
Fortinet W32/Kryptik.FZTF!tr 20171129
GData Win32.Trojan-Spy.Emotet.GT 20171129
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171129
Malwarebytes Trojan.Emotet 20171129
McAfee Artemis!300FC7AE4222 20171129
McAfee-GW-Edition Artemis!Trojan 20171129
Panda Trj/Genetic.gen 20171129
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/EncPk-ANR 20171129
Symantec Trojan.Emotet 20171129
TrendMicro-HouseCall Suspicious_GEN.F47V1129 20171129
Webroot W32.Trojan.Emotet 20171129
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171129
Ad-Aware 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast-Mobile 20171129
AVware 20171129
BitDefender 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
F-Prot 20171129
F-Secure 20171129
Ikarus 20171129
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kingsoft 20171129
MAX 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Qihoo-360 20171129
Rising 20171129
SUPERAntiSpyware 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TrendMicro 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2017 Bruce Sckeet

Product Bruce Sckeet Organiz
Original name lolola.exe
Internal name lolola
File version 15.0.1.0
Description Steven Mark Slivader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-29 19:40:33
Entry Point 0x00001800
Number of sections 5
PE sections
PE imports
CM_Get_Device_ID_List_Size_ExW
OpenThread
GetThreadPriority
CompareFileTime
FileTimeToSystemTime
GetModuleFileNameW
GetFileTime
CreateFileW
VirtualQuery
CloseHandle
lstrcmpiW
GetVersion
GetCurrentThread
PathIsPrefixW
ChangeDisplaySettingsExW
RegisterClassW
GetInputState
wsprintfW
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
86528

ImageVersion
0.0

ProductName
Bruce Sckeet Organiz

FileVersionNumber
10.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Steven Mark Slivader

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
lolola.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.0.1.0

TimeStamp
2017:11:29 20:40:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lolola

ProductVersion
15.0.1.0

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2005-2017 Bruce Sckeet

MachineType
Intel 386 or later, and compatibles

CompanyName
Bruce Sckeet

CodeSize
26624

FileSubtype
0

ProductVersionNumber
10.0.1.0

EntryPoint
0x1800

ObjectFileType
Dynamic link library

File identification
MD5 300fc7ae4222a9eb37a529f1677efce7
SHA1 d31fec5e6cf42d92174bb9db7780047bac535aaa
SHA256 2a5564e43c4650f7378cb65e6d4eea276604ca361d9f323ced0ca82e35e105f2
ssdeep
1536:Ybx44OIKUFgapUwjbxdh3BWKOThgSyXpDiWkdpYoA7P96SSsFWKkShu7VeW:yOEFgapUwjl/egSyzkXO7PY1kWxSiZ

authentihash d8b7b5f59d333a4f4bc0acf3d07482c314389772c9199669a9640ae7674fb53d
imphash b88f6ac4a3f8d83f742949e9f8311f74
File size 96.5 KB ( 98816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-29 10:43:44 UTC ( 6 months, 4 weeks ago )
Last submission 2018-05-08 03:49:35 UTC ( 1 month, 2 weeks ago )
File names lolola.exe
lolola
lookupdevice.exe
etD5wU.exe
dcomshed.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications