× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f95cba9b1674c04e9995b67d355dd4a45d98f74a31d01e0df06bdff12815e2a
File name: 2f95cba9b1674c04e9995b67d355dd4a45d98f74a31d01e0df06bdff12815e2a
Detection ratio: 13 / 67
Analysis date: 2018-04-24 16:48:09 UTC ( 10 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180424
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180424
eGambit Unsafe.AI_Score_100% 20180424
Endgame malicious (high confidence) 20180402
Sophos ML heuristic 20180120
K7GW Hacktool ( 700007861 ) 20180424
Malwarebytes Trojan.Emotet 20180424
McAfee Emotet-FDM!056E870FE021 20180424
Palo Alto Networks (Known Signatures) generic.ml 20180424
Qihoo-360 HEUR/QVM20.1.B8C1.Malware.Gen 20180424
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180424
Ad-Aware 20180424
AegisLab 20180424
AhnLab-V3 20180424
Alibaba 20180424
ALYac 20180424
Antiy-AVL 20180418
Arcabit 20180424
Avast 20180424
Avast-Mobile 20180424
AVG 20180424
Avira (no cloud) 20180424
AVware 20180424
Babable 20180406
BitDefender 20180424
Bkav 20180424
CAT-QuickHeal 20180424
ClamAV 20180424
CMC 20180424
Comodo 20180424
Cybereason None
Cyren 20180424
DrWeb 20180424
Emsisoft 20180424
ESET-NOD32 20180424
F-Prot 20180424
F-Secure 20180424
Fortinet 20180424
GData 20180424
Ikarus 20180424
Jiangmin 20180424
K7AntiVirus 20180424
Kaspersky 20180424
Kingsoft 20180424
MAX 20180424
McAfee-GW-Edition 20180423
Microsoft 20180424
eScan 20180424
NANO-Antivirus 20180424
nProtect 20180424
Panda 20180424
Rising 20180424
Sophos AV 20180424
SUPERAntiSpyware 20180424
Symantec Mobile Insight 20180418
Tencent 20180424
TheHacker 20180422
TotalDefense 20180424
TrendMicro 20180424
TrendMicro-HouseCall 20180424
Trustlook 20180424
VBA32 20180424
VIPRE 20180424
ViRobot 20180424
Webroot 20180424
Yandex 20180424
Zillya 20180424
ZoneAlarm by Check Point 20180424
Zoner 20180424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name write
Internal name write
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Write
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-24 16:27:31
Entry Point 0x0004F657
Number of sections 5
PE sections
PE imports
IsValidAcl
GetSidSubAuthorityCount
CryptVerifySignatureW
GetServiceDisplayNameW
SetPrivateObjectSecurity
RegEnumKeyExW
ClearEventLogW
AllocateLocallyUniqueId
CM_Open_DevNode_Key
ClusterEnum
CertSetEnhancedKeyUsage
CertOpenSystemStoreW
GetMetaFileBitsEx
CreateEllipticRgn
PatBlt
EqualRgn
SetTextJustification
GetClipRgn
DeleteObject
SetRectRgn
ImmSetCompositionFontW
FreeLibrary
LocalFree
GetLastError
RaiseException
LoadLibraryW
GetConsoleMode
VirtualUnlock
LocalAlloc
GetModuleFileNameW
CreateIoCompletionPort
WriteFileEx
InterlockedExchange
GetBinaryTypeW
GetTickCount
VirtualProtect
LoadLibraryA
FlsFree
GetProcAddress
SetLastError
NetGroupSetUsers
NetUserModalsGet
SafeArrayGetLBound
RasDialW
I_RpcAllocate
RpcServerUseProtseqW
RpcBindingSetObject
RpcMgmtEpEltInqBegin
RpcGetAuthorizationContextForClient
RpcServerListen
SetupLogErrorW
SetupGetFieldCount
SetupCloseLog
SetupDiEnumDeviceInfo
StrTrimW
StrChrNW
SHRegGetUSValueW
ApplyControlToken
HttpSendRequestExA
CreateUrlCacheEntryA
mmioAscend
SCardGetStatusChangeW
OleSave
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Write

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
27648

EntryPoint
0x4f657

OriginalFileName
write

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:04:24 17:27:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
write

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1659788813

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 056e870fe02143cea675e24085cc4d45
SHA1 a137e0db4bbacee7fcd09ec2bf12cea3150a26b8
SHA256 2f95cba9b1674c04e9995b67d355dd4a45d98f74a31d01e0df06bdff12815e2a
ssdeep
3072:uYYCpzgBx+HE5wQ3QFFiwCEA6k1JuvFur5nmOjJS9p5eI1QObcMk8FF:Qyg/+HE5woQFFvNk/MFER9uYOQO

authentihash f295a56f7404140a7ce58f415feffaddd4baec669794f4184aec0b95baed8c3a
imphash 210793c8510542f17b3f81559f399a82
File size 351.5 KB ( 359936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-24 16:47:07 UTC ( 10 months ago )
Last submission 2018-05-28 11:12:34 UTC ( 8 months, 4 weeks ago )
File names write
069d3ef8a226196e838a18bdff247a6daf48c252
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!