× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2b7a2150b79b378f585a62d5a453258af243c4a8b75a08535a0d5c65a186390a
File name: WFTMWtj.exe
Detection ratio: 16 / 68
Analysis date: 2018-09-05 11:00:28 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180905
AVG FileRepMalware 20180905
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180905
CAT-QuickHeal Trojan.Emotet.X4 20180904
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5b8e8f 20180225
Cylance Unsafe 20180905
Emsisoft Trojan.Emotet (A) 20180905
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CKEI 20180905
Microsoft Trojan:Win32/Emotet.AC!bit 20180905
NANO-Antivirus Virus.Win32.Gen.ccmw 20180905
Qihoo-360 HEUR/QVM19.1.A93B.Malware.Gen 20180905
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:YZp6NoW5UvQ) 20180905
SentinelOne (Static ML) static engine - malicious 20180830
Webroot W32.Trojan.Emotet 20180905
Ad-Aware 20180905
AegisLab 20180905
AhnLab-V3 20180905
ALYac 20180905
Antiy-AVL 20180905
Arcabit 20180905
Avast-Mobile 20180905
Avira (no cloud) 20180905
AVware 20180823
Babable 20180902
BitDefender 20180905
Bkav 20180905
ClamAV 20180905
CMC 20180905
Comodo 20180905
Cyren 20180905
DrWeb 20180905
eGambit 20180905
F-Prot 20180905
F-Secure 20180905
Fortinet 20180905
GData 20180905
Ikarus 20180905
Sophos ML 20180717
Jiangmin 20180905
K7AntiVirus 20180905
K7GW 20180905
Kaspersky 20180905
Kingsoft 20180905
Malwarebytes 20180905
MAX 20180905
McAfee 20180905
McAfee-GW-Edition 20180905
eScan 20180905
Palo Alto Networks (Known Signatures) 20180905
Panda 20180904
Sophos AV 20180905
SUPERAntiSpyware 20180905
Symantec 20180905
Symantec Mobile Insight 20180831
TACHYON 20180905
Tencent 20180905
TheHacker 20180904
TotalDefense 20180905
TrendMicro 20180905
TrendMicro-HouseCall 20180905
Trustlook 20180905
VBA32 20180905
VIPRE 20180905
ViRobot 20180905
Yandex 20180904
Zillya 20180904
ZoneAlarm by Check Point 20180905
Zoner 20180904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2017 - TortoiseSVN

Product TEwC
Original name TSVN3.dlls
Internal name ehqqqqwrw.dlls
File version 16.9.46.27867
Description Yoni Enterprice
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-05 10:47:04
Entry Point 0x00055675
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
RegFlushKey
QueryUsersOnEncryptedFile
PageSetupDlgW
GetSaveFileNameW
CertRDNValueToStrW
CryptInstallOIDFunctionAddress
CertNameToStrW
JetRetrieveColumn
ImmConfigureIMEW
SetThreadLocale
BuildCommDCBAndTimeoutsA
GetModuleHandleA
LoadLibraryW
CreateJobObjectW
GetBinaryTypeA
ReadFileEx
GetDiskFreeSpaceA
InitializeSListHead
SetThreadExecutionState
LZCopy
MprAdminServerConnect
SafeArrayGetLBound
SafeArrayLock
RasGetSubEntryHandleA
RasEnumConnectionsW
RpcBindingInqAuthClientExW
RpcBindingFromStringBindingA
CM_Get_Resource_Conflict_DetailsW
SHGetFileInfoA
UrlUnescapeA
SHSetValueA
PathIsRelativeA
GetUserNameExA
CheckMenuRadioItem
PackDDElParam
CreateIconIndirect
RetrieveUrlCacheEntryFileA
waveInStop
feof
system
CoRevertToSelf
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.6.27867

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Yoni Enterprice

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
32768

EntryPoint
0x55675

OriginalFileName
TSVN3.dlls

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2017 - TortoiseSVN

FileVersion
16.9.46.27867

TimeStamp
2018:09:05 11:47:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ehqqqqwrw.dlls

ProductVersion
1.9.6.27867

SubsystemVersion
5.0

OSVersion
6.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
https://tortoisesvn.net

CodeSize
364544

ProductName
TEwC

ProductVersionNumber
1.9.6.27867

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5f1446c5b8e8fd15e72defe726485999
SHA1 1931b1a5c20ebe993017553e4d127134d92181a3
SHA256 2b7a2150b79b378f585a62d5a453258af243c4a8b75a08535a0d5c65a186390a
ssdeep
3072:FaW3ZW1ixTq21xb6b4UHtYF4/kl5zxN0hexbXSSyKXg3v/P/:MW3Ad21xeb4UHtKNl5r0YdXS/

authentihash a8c707a24e8c3372ba48e973ada99350dfa6395dc506f0ae5faa4142e015ebeb
imphash 973dadc0fdc1de4e3afc3cc209b2c059
File size 388.0 KB ( 397312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-05 11:00:09 UTC ( 5 months, 2 weeks ago )
Last submission 2018-10-03 21:31:56 UTC ( 4 months, 3 weeks ago )
File names BEeNOuCmPrT.exe
TSVN3.dlls
5f1446c5b8e8fd15e72defe726485999.vir
GOCarbE6.exe
hXSuMJEHd1.exe
WFTMWtj.exe
o9caA4QYi.exe
ehqqqqwrw.dlls
YFP6GrjrS7.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections