× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 311cb4cfb3a2161f224e93ab5a301ac511002f8b1dca7fef88da8cd6f469f9b2
File name: DCenKcW.exe
Detection ratio: 46 / 68
Analysis date: 2018-11-14 07:50:59 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741289 20181112
AhnLab-V3 Trojan/Win32.Emotet.R243338 20181114
ALYac Trojan.GenericKD.40741289 20181114
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181114
Arcabit Trojan.Generic.D26DA9A9 20181114
Avast Win32:BankerX-gen [Trj] 20181114
AVG Win32:BankerX-gen [Trj] 20181114
BitDefender Trojan.GenericKD.40741289 20181114
Bkav HW32.Packed. 20181113
CAT-QuickHeal Trojan.Drixed.100454 20181113
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.ee4d3f 20180225
Cylance Unsafe 20181114
Cyren W32/Trojan.IWYJ-4217 20181114
Emsisoft Trojan.GenericKD.40741289 (B) 20181114
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMNP 20181114
F-Secure Trojan.GenericKD.40741289 20181114
Fortinet W32/Kryptik.GMNP!tr 20181114
GData Trojan.GenericKD.40741289 20181114
Ikarus Trojan-Banker.Emotet 20181114
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00540c7e1 ) 20181113
K7GW Trojan ( 00540c7e1 ) 20181114
Kaspersky Trojan-Banker.Win32.Emotet.bpjf 20181114
Malwarebytes Trojan.Emotet 20181114
MAX malware (ai score=100) 20181114
McAfee RDN/PWS-Banker 20181114
McAfee-GW-Edition BehavesLike.Win32.Suspiciousatg.cc 20181114
Microsoft Trojan:Win32/Emotet.AC!bit 20181114
eScan Trojan.GenericKD.40741289 20181114
NANO-Antivirus Virus.Win32.Gen.ccmw 20181114
Palo Alto Networks (Known Signatures) generic.ml 20181114
Panda Trj/GdSda.A 20181113
Qihoo-360 Win32/Trojan.5ae 20181114
Rising Trojan.Kryptik!1.B4D6 (CLOUD) 20181114
Sophos AV Mal/Generic-S 20181114
Symantec Trojan.Gen.2 20181114
TACHYON Banker/W32.Emotet.135168.Z 20181114
TrendMicro TROJ_GEN.R002C0DKC18 20181114
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMDS.hp 20181114
VBA32 BScope.Malware-Cryptor.Emotet 20181113
VIPRE Trojan.Win32.Generic!BT 20181114
ViRobot Trojan.Win32.Z.Kryptik.135168.OR 20181114
Webroot W32.Trojan.Emotet 20181114
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpjf 20181114
AegisLab 20181114
Alibaba 20180921
Avast-Mobile 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181114
ClamAV 20181114
CMC 20181114
DrWeb 20181114
eGambit 20181114
F-Prot 20181114
Jiangmin 20181114
Kingsoft 20181114
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
Tencent 20181114
TheHacker 20181113
TotalDefense 20181114
Trustlook 20181114
Yandex 20181113
Zillya 20181113
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name extr
Description Wimfltr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 21:58:56
Entry Point 0x00003660
Number of sections 6
PE sections
PE imports
OpenBackupEventLogA
ChangeServiceConfig2W
QueryUsersOnEncryptedFile
CryptMsgClose
ScaleViewportExtEx
GetFontLanguageInfo
SetBitmapDimensionEx
CreateBrushIndirect
GetCommModemStatus
LocalLock
FileTimeToDosDateTime
GetTimeZoneInformation
WritePrivateProfileStringA
OpenFile
CreateDirectoryA
GetProcessIdOfThread
SetEvent
FlsGetValue
DeleteTimerQueueTimer
GetSystemTimes
GetCurrentThreadId
GetCommandLineW
SetHandleInformation
SleepEx
MprAdminConnectionEnum
VarI4FromStr
VarI4FromCy
RasGetEapUserIdentityA
SetupCopyOEMInfA
DuplicateIcon
SHSetLocalizedName
Ord(437)
GetCursorPos
SendDlgItemMessageA
GetMessagePos
GetScrollRange
LookupIconIdFromDirectory
DestroyAcceleratorTable
CloseWindow
BroadcastSystemMessageW
SCardStatusA
SCardBeginTransaction
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Wimfltr

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x3660

MIMEType
application/octet-stream

TimeStamp
1996:06:16 23:58:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
extr

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e5a953eb86c2ab72f926a49da810068c
SHA1 a453fb0ee4d3f1001bbbd95275543a4f086f67ea
SHA256 311cb4cfb3a2161f224e93ab5a301ac511002f8b1dca7fef88da8cd6f469f9b2
ssdeep
3072:RsdD74CV756aKgHIuW7Y6DtKKy73R88HB7qWM:Rsd/l6aKcIzY6o3RPB7

authentihash bace6c3291bec6d15aa4f5275372fa00ae23ddbf23c342eb40f8d8f005942995
imphash 5025bc4a709be1b40055f77d39efd776
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 11:51:01 UTC ( 3 months, 1 week ago )
Last submission 2018-11-09 11:51:01 UTC ( 3 months, 1 week ago )
File names DCenKcW.exe
extr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!