× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3379dbee3050769e1afe67fbb3694acb1da105d9f109bd7c31bcd08101a09fb3
File name: 15.exe
Detection ratio: 26 / 67
Analysis date: 2018-06-20 18:03:25 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DAIP 20180620
AegisLab Ml.Attribute.Gen!c 20180620
AhnLab-V3 Trojan/Win32.Emotet.R230293 20180620
Arcabit Trojan.Generic.D1D8FAE6 20180620
AVG Win32:Malware-gen 20180620
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180620
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180620
Cyren W32/Trojan.JTTO-5853 20180620
Emsisoft Trojan.Emotet (A) 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Emotet.BK 20180620
F-Prot W32/Emotet.CJ.gen!Eldorado 20180620
Fortinet W32/Kryptik.GHOI!tr 20180620
GData Win32.Trojan-Spy.Emotet.RP 20180620
Ikarus Trojan-Banker.Emotet 20180620
Kaspersky UDS:DangerousObject.Multi.Generic 20180620
Malwarebytes Trojan.Emotet 20180620
McAfee Emotet-FGR!01DB05781B1E 20180620
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fm 20180620
Qihoo-360 HEUR/QVM20.1.F877.Malware.Gen 20180620
Sophos AV Mal/EncPk-ANR 20180620
Symantec ML.Attribute.HighConfidence 20180620
TrendMicro-HouseCall Suspicious_GEN.F47V0620 20180620
Webroot W32.Trojan.Emotet 20180620
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Avast 20180620
Avast-Mobile 20180620
Avira (no cloud) 20180620
AVware 20180620
Babable 20180406
Bkav 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
DrWeb 20180620
eGambit 20180620
F-Secure 20180620
Sophos ML 20180601
Jiangmin 20180620
K7AntiVirus 20180620
K7GW 20180620
Kingsoft 20180620
MAX 20180620
Microsoft 20180620
eScan 20180620
NANO-Antivirus 20180620
Palo Alto Networks (Known Signatures) 20180620
Panda 20180620
Rising 20180620
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180620
TrendMicro 20180620
Trustlook 20180620
VBA32 20180620
VIPRE 20180620
ViRobot 20180620
Yandex 20180620
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-20 14:31:05
Entry Point 0x0000100F
Number of sections 6
PE sections
Overlays
MD5 692c8022360661692872fdc730517229
File type ASCII text
Offset 339968
Size 3
Entropy 1.58
PE imports
NotifyBootConfigStatus
CryptReleaseContext
OpenSCManagerW
RegEnumKeyW
LookupPrivilegeDisplayNameA
QueryServiceConfigW
ClusterRegSetValue
ClusterRegCreateKey
ImageList_Create
CertCreateCertificateChainEngine
CertGetEnhancedKeyUsage
CertSaveStore
CertFindSubjectInSortedCTL
JetCommitTransaction
GetKerningPairsW
LineTo
DeleteDC
SetColorAdjustment
EnumFontFamiliesW
SetLayout
SetAbortProc
CreateFontIndirectA
CreateRectRgnIndirect
CreateEnhMetaFileA
CreateDIBSection
GetTextFaceA
CopyEnhMetaFileW
GetLayout
ImmConfigureIMEW
GetSystemDefaultLangID
GetStartupInfoW
SetCalendarInfoW
WaitForDebugEvent
SetTimeZoneInformation
Process32First
SetEndOfFile
WinExec
SetVolumeLabelA
FlushFileBuffers
GetModuleFileNameA
FlsFree
GetBinaryTypeA
FindActCtxSectionStringW
LZSeek
LZOpenFileW
MprAdminInterfaceDisconnect
MprAdminInterfaceSetInfo
NetServerGetInfo
NetShareEnumSticky
BSTR_UserSize
LHashValOfNameSys
VariantTimeToSystemTime
VariantCopyInd
glTexCoord2f
UuidToStringA
NdrOleAllocate
RpcMgmtWaitServerListen
NdrClientInitializeNew
SetupGetTargetPathW
SetupDiSetDeviceRegistryPropertyA
SetupDiGetINFClassW
CM_Get_Resource_Conflict_DetailsW
SetupDiInstallClassW
SetupDiBuildDriverInfoList
SetupOpenMasterInf
SetupDiGetClassInstallParamsA
SHSetLocalizedName
PathAddBackslashA
SHGetInverseCMAP
PathIsRelativeA
UrlIsW
PathRemoveArgsW
PathRenameExtensionA
PathCanonicalizeW
AcquireCredentialsHandleW
wsprintfA
EnumPropsA
CreateMenu
GetMessagePos
PeekMessageW
GetScrollRange
GetInputState
GetMessageExtraInfo
AnyPopup
MoveWindow
BroadcastSystemMessageA
EnumWindowStationsA
GetMonitorInfoA
GetDialogBaseUnits
GetWindowContextHelpId
CloseWindowStation
GetClipCursor
FtpOpenFileA
waveOutGetID
mmioAscend
SendDriverMessage
timeBeginPeriod
GetPrinterDriverW
WTHelperProvDataFromStateData
wcstod
iswpunct
fgetws
fputws
CoUnmarshalInterface
WriteClassStm
CoMarshalHresult
StringFromCLSID
CoDisconnectObject
HBITMAP_UserUnmarshal
PdhEnumObjectItemsHW
IsAsyncMoniker
CoInternetIsFeatureEnabled
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
PORTUGUESE 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
HUNGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
236032

ImageVersion
0.0

FileVersionNumber
1.2.0.6

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2018:06:20 15:31:05+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

FileDescription
Uniscri

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
108032

FileSubtype
0

ProductVersionNumber
1.2.0.6

EntryPoint
0x100f

ObjectFileType
Dynamic link library

File identification
MD5 01db05781b1ee5a4241b808ece6d6c0e
SHA1 6f2fd1f6f38c54da65863b68098918a9f8361f2d
SHA256 3379dbee3050769e1afe67fbb3694acb1da105d9f109bd7c31bcd08101a09fb3
ssdeep
1536:MEMgN3raZWNbpIKbH46iEka5M1sQS6dItqvwIPZUT+iZQk9l0YwO/8r:4kaCbH4Ba+1sQE8vBPyhQk9l0dOk

authentihash 6daf0c1aca1507ca3875810c37ca3505cd3d7c637f2ddadbd4fb73fe40ebd83f
imphash e99ea042c0afe132ccc147f0635db941
File size 332.0 KB ( 339971 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-20 15:05:00 UTC ( 8 months ago )
Last submission 2018-06-20 15:05:00 UTC ( 8 months ago )
File names 15.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!