× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42c5054f5a0ca737424b237c77dc9de653a86fe0e9dd24e941718a943cf2d921
File name: 42c5054f5a0ca737424b237c77dc9de653a86fe0e9dd24e941718a943cf2d921
Detection ratio: 18 / 67
Analysis date: 2018-06-28 23:09:09 UTC ( 7 months, 4 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180628
AVG FileRepMalware 20180628
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180628
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.55dce9 20180225
Cylance Unsafe 20180629
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIHA 20180628
Fortinet W32/Emotet.BK!tr 20180628
Sophos ML heuristic 20180601
Malwarebytes Spyware.PasswordStealer 20180628
McAfee-GW-Edition BehavesLike.Win32.Swrort.ch 20180628
Microsoft Trojan:Win32/Emotet.AC!bit 20180628
SentinelOne (Static ML) static engine - malicious 20180618
SUPERAntiSpyware Trojan.Agent/Gen-FalDesc 20180628
Symantec ML.Attribute.HighConfidence 20180629
VBA32 Malware-Cryptor.Limpopo 20180628
Webroot W32.Trojan.Emotet 20180629
Ad-Aware 20180628
AegisLab 20180628
AhnLab-V3 20180628
Alibaba 20180628
ALYac 20180628
Antiy-AVL 20180628
Arcabit 20180628
Avast-Mobile 20180628
Avira (no cloud) 20180628
AVware 20180628
BitDefender 20180628
Bkav 20180628
CAT-QuickHeal 20180628
ClamAV 20180628
CMC 20180628
Comodo 20180628
Cyren 20180628
DrWeb 20180628
eGambit 20180629
Emsisoft 20180628
F-Prot 20180628
F-Secure 20180628
GData 20180628
Ikarus 20180628
Jiangmin 20180628
K7AntiVirus 20180628
K7GW 20180628
Kaspersky 20180628
Kingsoft 20180629
MAX 20180629
McAfee 20180628
eScan 20180628
NANO-Antivirus 20180628
Palo Alto Networks (Known Signatures) 20180629
Panda 20180628
Qihoo-360 20180629
Rising 20180628
Sophos AV 20180628
Symantec Mobile Insight 20180626
TACHYON 20180628
Tencent 20180629
TheHacker 20180628
TotalDefense 20180628
TrendMicro 20180628
TrendMicro-HouseCall 20180628
Trustlook 20180629
VIPRE 20180628
ViRobot 20180628
Yandex 20180628
Zillya 20180627
ZoneAlarm by Check Point 20180628
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copy

Product CPUID Hardware Monitor
Original name HWMonitor.exe
File version 1, 3, 5, 0
Description Microsof
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-28 22:21:02
Entry Point 0x000016C2
Number of sections 4
PE sections
PE imports
RegEnableReflectionKey
WriteEncryptedFileRaw
InitializeSecurityDescriptor
SelectClipPath
CreateDiscardableBitmap
SetRectRgn
ConvertFiberToThread
SetThreadPreferredUILanguages
SetCurrentConsoleFontEx
SetTimeZoneInformation
LoadLibraryW
DisconnectNamedPipe
SetFileApisToOEM
LocalFileTimeToFileTime
FindAtomA
CloseHandle
FindVolumeMountPointClose
GetCommandLineA
CreateConsoleScreenBuffer
FindFirstFileNameW
UnRegisterTypeLib
RasHangUpA
UrlCompareW
GetMenuPosFromID
DlgDirListW
CharNextW
GetLastInputInfo
LockWorkStation
GetMenuInfo
GetWindowRect
MessageBoxIndirectA
RegisterHotKey
DrawIconEx
LoadCursorFromFileA
GetScrollPos
TileWindows
WindowFromPoint
GetWindowModuleFileNameW
SetForegroundWindow
GetDlgItemTextW
GetKeyState
SetCursor
fwrite
fprintf
putc
toupper
Number of PE resources by type
RT_STRING 25
RT_DIALOG 3
RT_BITMAP 2
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:28 23:21:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x16c2

InitializedDataSize
65536

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 419052a9d5c19f9cd0f667e77f8ad6fa
SHA1 c6d9f2d55dce9597bd40972b824d80f0ba9a1a2c
SHA256 42c5054f5a0ca737424b237c77dc9de653a86fe0e9dd24e941718a943cf2d921
ssdeep
3072:Rd4Rh77+z79wh7wzVw0Bluifx7cHXSRUMzT:R477+zykzduifx7

authentihash 6a9f2703bffdf8bb33fe3e3171f096c0a5ee60e44abdbe755b89d7de76b1a4f5
imphash ef1fbb23765bef616c6112eae9308f6e
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-28 23:09:09 UTC ( 7 months, 4 weeks ago )
Last submission 2018-06-30 00:19:46 UTC ( 7 months, 3 weeks ago )
File names 21154037593.exe
66189762.exe
HWMonitor.exe
76497151.exe
348413002.exe
8300130186.exe
42184927385.exe
987352017.exe
277474400.exe
1703462766.exe
32609412.exe
62364250542.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!