× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f23fee7a374268a9c4fd3f5e663ca10789f6a96fea800027c51fac83bef7d42
File name: 2f23fee7a374268a9c4fd3f5e663ca10789f6a96fea800027c51fac83bef7d42
Detection ratio: 21 / 68
Analysis date: 2018-09-16 05:43:32 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180916
AVG FileRepMalware 20180916
BitDefender Trojan.Autoruns.GenericKDS.40486862 20180916
CAT-QuickHeal Trojan.Emotet.X4 20180915
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180916
Endgame malicious (high confidence) 20180730
GData Win32.Trojan-Spy.Emotet.RC2XUP 20180916
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180916
McAfee RDN/Generic.tfr 20180916
McAfee-GW-Edition BehavesLike.Win32.Generic.fm 20180916
Microsoft Trojan:Win32/Emotet.AC!bit 20180916
Palo Alto Networks (Known Signatures) generic.ml 20180916
Qihoo-360 HEUR/QVM20.1.E3F5.Malware.Gen 20180916
Rising Trojan.Emotet!8.B95 (TFE:3:l35169ztlxK) 20180916
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180915
TrendMicro-HouseCall Suspicious_GEN.F47V0915 20180916
Webroot W32.Trojan.Emotet 20180916
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180916
Ad-Aware 20180913
AegisLab 20180916
AhnLab-V3 20180915
Alibaba 20180713
ALYac 20180916
Antiy-AVL 20180916
Arcabit 20180916
Avast-Mobile 20180916
Avira (no cloud) 20180915
AVware 20180916
Babable 20180907
Baidu 20180914
Bkav 20180915
ClamAV 20180916
CMC 20180915
Comodo 20180916
Cybereason 20180225
Cyren 20180916
DrWeb 20180916
eGambit 20180916
Emsisoft 20180916
ESET-NOD32 20180915
F-Prot 20180916
F-Secure 20180916
Fortinet 20180916
Ikarus 20180915
Jiangmin 20180915
K7AntiVirus 20180916
K7GW 20180916
Kingsoft 20180916
Malwarebytes 20180916
MAX 20180916
eScan 20180916
NANO-Antivirus 20180916
Panda 20180915
Sophos AV 20180916
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180916
Tencent 20180916
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180916
Trustlook 20180916
VBA32 20180914
VIPRE 20180916
ViRobot 20180915
Yandex 20180915
Zillya 20180914
Zoner 20180915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name uconv
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-16 05:32:20
Entry Point 0x00021C9F
Number of sections 6
PE sections
PE imports
GetSidSubAuthorityCount
InitiateSystemShutdownA
GetSidSubAuthority
GetServiceDisplayNameW
GetUserNameA
GetOldestEventLogRecord
ObjectDeleteAuditAlarmW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorSacl
CreateRestrictedToken
EqualSid
GetFileSecurityA
LookupAccountNameW
GetWindowsAccountDomainSid
DeleteAce
DecryptFileW
GetCurrentHwProfileW
GetClusterResourceNetworkName
GetFileTitleA
GetOpenFileNameW
CryptHashCertificate
GetCharacterPlacementW
GetWindowOrgEx
GetRgnBox
FloodFill
GetTextCharset
PaintRgn
DeleteDC
GetPixelFormat
GetCharWidthW
GetObjectW
GetFontLanguageInfo
GdiComment
FillRgn
ExtTextOutW
GetOutlineTextMetricsA
FillPath
DeleteColorSpace
GetPath
GetOutlineTextMetricsW
GetDIBits
GetRasterizerCaps
ExtEscape
GetClipRgn
ExtCreatePen
Escape
GetFontData
DeleteObject
GetTempFileNameW
DeviceIoControl
GetVolumePathNameW
GetStdHandle
FlushConsoleInputBuffer
GlobalDeleteAtom
FindFirstChangeNotificationA
FindVolumeClose
GetTickCount
LoadLibraryA
GetFileSize
ExitThread
GetPrivateProfileStructW
GetProcessId
DeleteCriticalSection
LockFile
FileTimeToDosDateTime
GetConsoleMode
GetCurrentProcessId
GetCalendarInfoW
GetWindowsDirectoryA
GetVolumeInformationW
GetStartupInfoW
GetLogicalDrives
GetProcAddress
GetConsoleScreenBufferInfo
WriteProfileStringW
WritePrivateProfileStringW
EnumSystemCodePagesW
lstrcpyW
RaiseException
GetModuleHandleA
DeleteVolumeMountPointW
GetExitCodeThread
GlobalFlags
FindResourceExW
_lopen
Module32NextW
IsValidLocale
GetSystemDirectoryA
GetLongPathNameW
GetStringTypeW
FindCloseChangeNotification
GetFileAttributesExW
WriteProfileSectionA
GetProfileIntW
GetThreadPriority
SetCommConfig
GetCurrencyFormatA
GetTempPathW
GetCommState
GetLogicalDriveStringsW
FindNextVolumeMountPointW
GetProfileIntA
DeleteTimerQueueEx
GetVersion
LocalAlloc
MprAdminMIBEntryGetFirst
SafeArrayDestroyDescriptor
GetErrorInfo
LoadRegTypeLib
GetCurrentPowerPolicies
RasEnumConnectionsW
I_RpcAsyncAbortCall
SetupCloseLog
GetUserNameExA
GetCursorInfo
DrawTextExW
GetPropW
DrawStateA
EnumWindows
FindWindowW
GetClassInfoExA
DestroyMenu
GetClipboardData
LockWorkStation
FreeDDElParam
MessageBoxW
GetTabbedTextExtentA
InsertMenuItemW
LookupIconIdFromDirectory
MessageBoxIndirectA
DrawIcon
LoadCursorFromFileA
GetDlgItemTextA
GetScrollRange
GetClipboardFormatNameW
GetProcessWindowStation
GetMenuItemID
InsertMenuItemA
ReleaseDC
GetRawInputDeviceInfoW
DestroyIcon
LoadStringA
GetWindowPlacement
GetClientRect
GetKeyboardLayoutList
DrawMenuBar
MessageBoxIndirectW
DeleteMenu
GetUpdateRgn
LoadCursorW
GetSystemMenu
GetFocus
GetUpdateRect
GetKeyboardType
GetFileVersionInfoSizeA
VerFindFileW
FindNextUrlCacheEntryW
FindCloseUrlCache
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
GetPrinterW
GetPrinterDriverDirectoryA
FindFirstPrinterChangeNotification
GetPrinterDataW
FindClosePrinterChangeNotification
DeletePrinterDriverW
DeletePortW
XcvDataW
WintrustGetRegPolicyFlags
fputc
vprintf
strcspn
fwrite
localeconv
fseek
free
ftell
fwprintf
ungetwc
fgetws
PdhBrowseCountersW
IsValidURL
FindMimeFromData
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
0

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
263680

EntryPoint
0x21c9f

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2018:09:15 22:32:20-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
uconv

ProductVersion
Personal

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e9d0d5fab862e6ed856422752a86e6eb
SHA1 74f6ea8d2ee0e32f642c533d8ba567dae0212c9e
SHA256 2f23fee7a374268a9c4fd3f5e663ca10789f6a96fea800027c51fac83bef7d42
ssdeep
3072:AcYiDS6I7lDEcgBRA/oYHJSblYreydsajy4VyhOZHWTCkUF0kt2DDDrJH2LHlnzu:4in7vu/d8ludJ5lHmfR

authentihash b3c174108501cfd826e0348114c6209a03da29fa5f567bed38043d762293e997
imphash e70b071a8ded64ac3aca841435a079b6
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-15 22:34:42 UTC ( 5 months, 1 week ago )
Last submission 2018-09-15 22:34:42 UTC ( 5 months, 1 week ago )
File names iwamregrouted.exe
17689032.exe
22276568.exe
uconv
28699096.exe
19965522.exe
26470872.exe
93166.exe
29092312.exe
16.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs