× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4056fc151ccb74c8c0393633aab6b87193a4aaeb3469edcc4f7034768b59a035
File name: 0ca5b172421dbe8030ec6662bbca89a6.virus
Detection ratio: 44 / 68
Analysis date: 2018-06-19 01:41:12 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.44749 20180618
AhnLab-V3 Trojan/Win32.Ursnif.C2570716 20180618
ALYac Trojan.GenericKDZ.44749 20180618
Antiy-AVL Trojan/Win32.Yakes 20180619
Arcabit Trojan.Generic.DAECD 20180619
Avast Win32:GenX [Trj] 20180618
AVG Win32:GenX [Trj] 20180619
Avira (no cloud) TR/AD.Bunitu.wzwbq 20180619
AVware Trojan.Win32.Generic!BT 20180618
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180615
BitDefender Trojan.GenericKDZ.44749 20180618
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cybereason malicious.2f8962 20180225
Cylance Unsafe 20180619
Cyren W32/Trojan.UERB-6067 20180619
DrWeb Trojan.Siggen7.55001 20180618
Emsisoft Trojan.GenericKDZ.44749 (B) 20180618
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHOY 20180619
F-Secure Trojan.GenericKDZ.44749 20180619
Fortinet W32/Kryptik.GHFB!tr 20180618
GData Trojan.GenericKDZ.44749 20180618
Ikarus Trojan-Dropper.Win32.Bunitu 20180618
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005340df1 ) 20180618
K7GW Trojan ( 005340df1 ) 20180619
Kaspersky Trojan.Win32.Yakes.wodo 20180618
Malwarebytes Spyware.Ursnif 20180618
MAX malware (ai score=82) 20180619
McAfee GenericRXFT-HY!0CA5B172421D 20180618
McAfee-GW-Edition GenericRXFT-HY!0CA5B172421D 20180618
Microsoft TrojanProxy:Win32/Bunitu!rfn 20180619
eScan Trojan.GenericKDZ.44749 20180618
NANO-Antivirus Trojan.Win32.Yakes.fefati 20180618
Panda Trj/GdSda.A 20180618
Qihoo-360 HEUR/QVM10.1.EF53.Malware.Gen 20180619
Sophos AV Mal/Generic-S 20180618
Symantec ML.Attribute.HighConfidence 20180618
Tencent Win32.Trojan.Yakes.Iiv 20180619
TrendMicro TROJ_GEN.R004C0PFH18 20180618
TrendMicro-HouseCall TROJ_GEN.R004C0PFH18 20180618
VBA32 BScope.Trojan.Yakes 20180618
Webroot W32.Trojan.Gen 20180619
ZoneAlarm by Check Point Trojan.Win32.Yakes.wodo 20180618
AegisLab 20180619
Alibaba 20180615
Avast-Mobile 20180619
Babable 20180406
Bkav 20180618
CAT-QuickHeal 20180618
ClamAV 20180619
CMC 20180618
Comodo 20180619
eGambit 20180619
F-Prot 20180618
Jiangmin 20180619
Kingsoft 20180619
Palo Alto Networks (Known Signatures) 20180619
Rising 20180618
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180618
Symantec Mobile Insight 20180614
TACHYON 20180618
TheHacker 20180613
TotalDefense 20180618
Trustlook 20180619
VIPRE 20180619
ViRobot 20180618
Yandex 20180618
Zillya 20180618
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wmpenc.exe
Internal name wmpenc.exe
File version 11.0.5721.5262 (WMP_11.090130-1421)
Description Windows Media Player Encoder Helper
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:58 AM 6/19/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-15 12:08:09
Entry Point 0x00003B91
Number of sections 4
PE sections
Overlays
MD5 94095c45d18c8d8b8ee1f3232c2b1c17
File type data
Offset 314880
Size 3328
Entropy 7.33
PE imports
FreeSid
RegOpenKeyW
InitCommonControlsEx
GetEnhMetaFileA
SetMetaRgn
AddFontResourceA
GetTextCharset
CreateMetaFileA
GetBkMode
SaveDC
AddFontResourceW
PathToRegion
GetROP2
UpdateColors
GetLayout
DeleteDC
GetMapMode
GetPixelFormat
GetTextColor
EndDoc
CreateHalftonePalette
GetFontLanguageInfo
CreateMetaFileW
RealizePalette
CreatePatternBrush
GetPolyFillMode
StrokePath
GetDCPenColor
GetGraphicsMode
GdiFlush
SwapBuffers
EndPage
AbortDoc
CloseMetaFile
GetSystemPaletteUse
UnrealizeObject
BeginPath
GetBkColor
EndPath
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
SetEndOfFile
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
OpenFileMappingA
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
GetEnvironmentStrings
GetThreadContext
GetLocaleInfoW
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetFileAttributesA
SetEvent
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
GetProfileIntA
SetFileAttributesW
CloseHandle
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
CopyFileW
OutputDebugStringW
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FlushViewOfFile
RaiseException
SetProcessWorkingSetSize
GetPriorityClass
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetEnvironmentVariableW
GetPrivateProfileStringW
FormatMessageA
CreateMutexA
SetFilePointer
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
GlobalMemoryStatus
SearchPathW
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
ReadConsoleW
GetVersion
InterlockedIncrement
WriteConsoleW
MoveFileW
FindFirstFileW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GlobalGetAtomNameW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CreateRemoteThread
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GlobalReAlloc
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
GetDiskFreeSpaceA
GetProfileStringA
ResetEvent
GetComputerNameA
FindNextFileA
TerminateProcess
lstrcmpW
WaitForMultipleObjects
GlobalLock
LocalSize
OpenJobObjectW
CreateFileW
FindResourceA
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
RemoveDirectoryA
CreateProcessW
CancelWaitableTimer
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
HeapSize
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
WideCharToMultiByte
lstrlenW
GetCommandLineA
FindFirstFileExW
InterlockedCompareExchange
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
GetModuleHandleW
FreeResource
SetThreadUILanguage
FindResourceExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
Sleep
IsBadReadPtr
ReadConsoleOutputA
VirtualAlloc
GetOEMCP
ShellAboutA
SHGetIconOverlayIndexA
SHLoadInProc
FindExecutableA
SHGetFolderPathW
SHChangeNotify
DoEnvironmentSubstA
ShellExecuteW
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetFileInfo
SHBrowseForFolderA
ShellExecuteExW
SHEmptyRecycleBinA
ExtractIconW
WOWShellExecute
SHCreateProcessAsUserW
DragQueryFileAorW
SHLoadNonloadedIconOverlayIdentifiers
StrCmpNIW
StrRChrW
StrRStrIA
StrRChrIA
StrStrIW
StrCmpNIA
StrRStrIW
StrChrW
GetInputState
DestroyMenu
SetWindowPos
IsWindow
SetDeskWallpaper
DispatchMessageA
EndPaint
OpenIcon
VkKeyScanA
GetInputDesktop
GetMessageTime
VkKeyScanW
GetWindowWord
GetDC
GetAsyncKeyState
DdeUnaccessData
SendMessageW
EndMenu
IsClipboardFormatAvailable
SendMessageA
DlgDirSelectExW
PackDDElParam
GetThreadDesktop
InSendMessage
GetWindowTextLengthA
GetTopWindow
RegisterHotKey
GetWindowTextW
EnumClipboardFormats
GetMenuContextHelpId
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
GetListBoxInfo
IsCharAlphaW
EnableWindow
CharUpperW
PeekMessageA
TranslateMessage
CharUpperA
InsertMenuItemA
LoadStringA
RegisterClassW
IsCharLowerA
GetWindowPlacement
LoadStringW
DrawMenuBar
IsCharLowerW
RegisterClassA
SetTimer
GetKeyboardLayout
EnumThreadWindows
CharNextA
WaitForInputIdle
GetSysColorBrush
GetDialogBaseUnits
CreateWindowExW
CharNextW
GetOpenClipboardWindow
BeginPaint
CopyIcon
keybd_event
KillTimer
GetClipboardOwner
DefWindowProcA
IsWindowUnicode
GetSystemMetrics
GetWindowRect
PostMessageA
ReleaseCapture
IsGUIThread
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
GetLastActivePopup
SetWindowTextW
CreateWindowExA
GetDlgItem
CloseWindowStation
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
GetMenuItemCount
IsDlgButtonChecked
TileChildWindows
CreateIconFromResourceEx
LoadIconW
WindowFromDC
GetCaretBlinkTime
EndDialog
GetCapture
FindWindowA
SetWindowTextA
GetWindowThreadProcessId
FreeDDElParam
MessageBoxW
GetMenu
GetKBCodePage
MoveWindow
DialogBoxParamW
MessageBoxA
GetCursor
GetWindowDC
DialogBoxParamA
SetDlgItemTextW
SetScrollInfo
IsCharAlphaNumericA
GetDoubleClickTime
DestroyIcon
OemKeyScan
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
IsCharUpperW
CloseDesktop
IsMenu
GetFocus
CloseClipboard
GetKeyboardType
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_RCDATA 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
281088

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
11.0.5721.5262

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Media Player Encoder Helper

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
wmpenc.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.5721.5262 (WMP_11.090130-1421)

TimeStamp
2018:06:15 13:08:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmpenc.exe

ProductVersion
11.0.5721.5262

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
35840

FileSubtype
0

ProductVersionNumber
11.0.5721.5262

EntryPoint
0x3b91

ObjectFileType
Dynamic link library

File identification
MD5 0ca5b172421dbe8030ec6662bbca89a6
SHA1 87e04d72f89628a0f41fd389f89062bb63ed4880
SHA256 4056fc151ccb74c8c0393633aab6b87193a4aaeb3469edcc4f7034768b59a035
ssdeep
6144:XckN/4avVDd8t9ihhXB/FkqrToLGrHomjRiHz1:XckToXwXBtoarI7R

authentihash d04e6dd92962cbd2172d0ee23b72e1d438fcccd300e91db708ac72d7837454c1
imphash 723d69badf95adcca6319cb1357f44ec
File size 310.8 KB ( 318208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-19 01:41:12 UTC ( 3 months, 1 week ago )
Last submission 2018-06-19 01:41:12 UTC ( 3 months, 1 week ago )
File names wmpenc.exe
0ca5b172421dbe8030ec6662bbca89a6.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs