× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36a2357cc61715c16a079e103daa7b45f29f5306903769cfe3528a7b999c2a68
File name: TCPFONDUE.EXE
Detection ratio: 50 / 68
Analysis date: 2018-05-30 11:57:44 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30854461 20180530
AegisLab Ml.Attribute.Gen!c 20180530
AhnLab-V3 Trojan/Win32.Emotet.R228774 20180530
ALYac Trojan.GenericKD.30854461 20180530
Antiy-AVL Trojan/Win32.TSGeneric 20180529
Arcabit Trojan.Generic.D1D6CD3D 20180530
Avast Win32:Malware-gen 20180530
AVG Win32:Malware-gen 20180530
AVware Trojan.Win32.Generic!BT 20180530
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180529
BitDefender Trojan.GenericKD.30854461 20180530
CAT-QuickHeal Trojan.IGENERIC 20180529
Comodo TrojWare.Win32.Dovs.MO 20180530
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.5f1b74 20180225
Cylance Unsafe 20180530
Cyren W32/Trojan.FFLT-1826 20180530
Emsisoft Trojan.GenericKD.30854461 (B) 20180530
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGZH 20180530
F-Secure Trojan.GenericKD.30854461 20180530
Fortinet W32/GenKryptik.CALT!tr 20180530
GData Win32.Trojan-Spy.Emotet.QM 20180530
Ikarus Trojan.Win32.Crypt 20180529
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0053231b1 ) 20180529
K7GW Trojan ( 0053231b1 ) 20180529
Kaspersky Trojan.Win32.Agent.qwgojb 20180530
Malwarebytes Trojan.Emotet 20180530
MAX malware (ai score=95) 20180530
McAfee Emotet-FDM!296D274AEC93 20180529
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180530
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180530
eScan Trojan.GenericKD.30854461 20180530
NANO-Antivirus Trojan.Win32.Kryptik.fcoddz 20180530
Palo Alto Networks (Known Signatures) generic.ml 20180530
Panda Trj/GdSda.A 20180529
Qihoo-360 Trojan.Generic 20180530
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180530
Symantec Trojan.Gen.2 20180530
Tencent Win32.Trojan.Agent.Hrpl 20180530
TrendMicro TROJ_GEN.R011C0OEO18 20180530
TrendMicro-HouseCall TROJ_GEN.R011C0OEO18 20180530
VBA32 BScope.Trojan.Cloxer 20180529
VIPRE Trojan.Win32.Generic!BT 20180530
ViRobot Trojan.Win32.Z.Highconfidence.184320.A 20180530
Webroot W32.Trojan.Emotet 20180530
Zillya Trojan.Agent.Win32.893339 20180530
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgojb 20180530
Alibaba 20180530
Avast-Mobile 20180529
Avira (no cloud) 20180530
Babable 20180406
Bkav 20180530
ClamAV 20180529
CMC 20180529
DrWeb 20180530
eGambit 20180530
F-Prot 20180530
Jiangmin 20180530
Kingsoft 20180530
nProtect 20180530
Rising 20180530
SUPERAntiSpyware 20180529
Symantec Mobile Insight 20180524
TheHacker 20180523
TotalDefense 20180529
Trustlook 20180530
Yandex 20180529
Zoner 20180529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Wwapi.dll
Internal name Wwapi.dll
File version 08.01.02.00 (win7_rtm.090713-1255)
Description WWAN API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-23 00:56:53
Entry Point 0x000021BF
Number of sections 7
PE sections
PE imports
CryptEncrypt
PropertySheetW
ImageList_AddMasked
CryptAcquireCertificatePrivateKey
JetIndexRecordCount
GetArcDirection
OffsetViewportOrgEx
GetCurrentProcess
DnsHostnameToComputerNameW
lstrlenA
GetSystemDefaultUILanguage
GetProfileSectionW
GetConsoleCursorInfo
GetExitCodeProcess
ExitProcess
GetHandleInformation
HeapReAlloc
FlsFree
LZSeek
SafeArrayDestroyData
I_RpcNsBindingSetEntryNameW
RpcBindingSetAuthInfoExA
SetupDiGetINFClassW
PathCreateFromUrlW
StrCmpIW
DlgDirListW
IsIconic
GetWindowRect
GetInputState
IsDlgButtonChecked
GetSysColorBrush
GetDesktopWindow
ChangeDisplaySettingsExW
GetFocus
SetMenuItemInfoW
DragDetect
SetCursor
midiOutGetVolume
DocumentPropertiesA
CryptCATStoreFromHandle
SCardListReaderGroupsW
Ord(29)
CoQueryProxyBlanket
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
163840

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
8.1.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WWAN API

CharacterSet
Unicode

LinkerVersion
12.59

FileTypeExtension
exe

OriginalFileName
Wwapi.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
08.01.02.00 (win7_rtm.090713-1255)

TimeStamp
2018:05:22 17:56:53-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wwapi.dll

ProductVersion
08.01.02.00

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
0

ProductVersionNumber
8.1.2.0

EntryPoint
0x21bf

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 296d274aec934528c2559ada38acbcd5
SHA1 10e68365f1b747a51cc03a6985e12c8f77e17e52
SHA256 36a2357cc61715c16a079e103daa7b45f29f5306903769cfe3528a7b999c2a68
ssdeep
3072:NeE2IAb5w/aHZLeHW3kYOGQGNBKa8e+YJO:dE/Le23kx6Hp

authentihash a838e41cfd7f9112622af9244411d3185c08f4988fe3afb85a9ec909159f5dac
imphash bf78df91e1ddc8a7199417616675e4d1
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-22 18:08:06 UTC ( 9 months ago )
Last submission 2018-05-24 09:12:01 UTC ( 8 months, 4 weeks ago )
File names Wwapi.dll
TCPFONDUE.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!