× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42cc1c4a32529e0641f065eee34d183459a2d8554f8f4cc1949a6fc151e610cd
File name: iAS3QUlKxKCmr.exe
Detection ratio: 17 / 69
Analysis date: 2018-11-24 11:43:14 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.50f786 20180225
Cylance Unsafe 20181124
Cyren W32/Emotet.IV.gen!Eldorado 20181124
Endgame malicious (high confidence) 20181108
F-Prot W32/Emotet.IV.gen!Eldorado 20181124
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b6a31 ) 20181124
K7GW Trojan ( 0053b6a31 ) 20181124
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181124
Microsoft Trojan:Win32/Cloxer.D!cl 20181124
Qihoo-360 HEUR/QVM20.1.6B5A.Malware.Gen 20181124
Rising Trojan.GenKryptik!8.AA55 (TFE:2:7uazmMYLFVE) 20181124
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181123
Trapmine malicious.high.ml.score 20180918
Webroot W32.Trojan.Emotet 20181124
Ad-Aware 20181124
AegisLab 20181124
AhnLab-V3 20181124
Alibaba 20180921
ALYac 20181124
Antiy-AVL 20181124
Arcabit 20181124
Avast 20181124
Avast-Mobile 20181124
AVG 20181124
Avira (no cloud) 20181124
Babable 20180918
Baidu 20181123
BitDefender 20181124
Bkav 20181123
CAT-QuickHeal 20181123
ClamAV 20181124
CMC 20181124
Comodo 20181124
DrWeb 20181124
eGambit 20181124
Emsisoft 20181124
ESET-NOD32 20181124
F-Secure 20181124
Fortinet 20181124
GData 20181124
Ikarus 20181124
Jiangmin 20181124
Kaspersky 20181124
Kingsoft 20181124
Malwarebytes 20181124
MAX 20181124
McAfee 20181124
eScan 20181124
NANO-Antivirus 20181124
Palo Alto Networks (Known Signatures) 20181124
Panda 20181124
Sophos AV 20181124
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181124
Tencent 20181124
TheHacker 20181118
TotalDefense 20181124
TrendMicro 20181124
TrendMicro-HouseCall 20181124
Trustlook 20181124
VBA32 20181123
ViRobot 20181124
Yandex 20181123
Zillya 20181123
ZoneAlarm by Check Point 20181124
Zoner 20181124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Sola Plug-in
Original name c_gb18030.
Internal name Loft Plug-in
File version 1, 5, 2, 50
Description Lynx 64 OPPD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-12-08 17:15:52
Entry Point 0x0000176D
Number of sections 8
PE sections
PE imports
AllocateLocallyUniqueId
CM_Enable_DevNode
PathToRegion
OffsetRgn
WidenPath
GetObjectW
GetViewportExtEx
ColorCorrectPalette
OpenMutexA
DosDateTimeToFileTime
GetCommandLineW
GetConsoleDisplayMode
GetFileType
GetProcessVersion
GetUserDefaultLCID
WinExec
GetCurrentThread
acmDriverOpen
VarUI2FromBool
RpcStringBindingParseW
SHRegEnumUSKeyW
IsClipboardFormatAvailable
NotifyWinEvent
CountClipboardFormats
GetMenuInfo
DdeAddData
CloseDesktop
DdeGetData
DestroyCursor
wvsprintfA
AddClipboardFormatListener
GetDlgItemTextW
LockSetForegroundWindow
GetClipboardSequenceNumber
FindFirstPrinterChangeNotification
CopyStgMedium
Number of PE resources by type
RT_DIALOG 19
RT_STRING 10
RT_VERSION 1
Number of PE resources by language
ITALIAN NEUTRAL 3
SWEDISH NEUTRAL 3
CHINESE TRADITIONAL 3
SPANISH NEUTRAL 3
GERMAN NEUTRAL 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
FRENCH NEUTRAL 3
ENGLISH US 3
KOREAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.2.50

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Lynx 64 OPPD

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
13.0

EntryPoint
0x176d

OriginalFileName
c_gb18030.

MIMEType
application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.4|application/x-java-bean;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-bean;version=1.4.1

LegalCopyright
Microsoft

FileExtents
|||||

FileOpenName
Lync Applet|JavaBeans|Lynx Applet|LunxMings|Ming Applet|SolaBeans

FileVersion
1, 5, 2, 50

TimeStamp
1994:12:08 18:15:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Loft Plug-in

ProductVersion
3, 4, 2, 50

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LyncSoft / Sun Microsystems, Inc.

CodeSize
12288

ProductName
Sola Plug-in

ProductVersionNumber
1.4.2.50

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 31a4e9d13d3973a68f26aa82bfe03c49
SHA1 2bc42ec50f786559be4612ae80c4047a3c94dc6c
SHA256 42cc1c4a32529e0641f065eee34d183459a2d8554f8f4cc1949a6fc151e610cd
ssdeep
3072:u/qyERp1NU6R0GAGxKPdjwpM3xosU/d+levR7QZ6Y:aqtNUy6GY33xJAua7Q

authentihash 8f0701ccec00b3cb69ce5bee34ba8da044a13b265981ad925234edca73e35f0d
imphash 1bd33062d1e0383ca77c1c9cab14bc2c
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-24 11:43:14 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-28 10:19:56 UTC ( 2 months, 3 weeks ago )
File names 31a4e9d13d3973a68f26aa82bfe03c49
Loft Plug-in
iAS3QUlKxKCmr.exe
c_gb18030.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!