× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4936723d9911eb23d830648968c1ec5903d8fa538b20f70e9490e9ae33b97720
File name: 181e0ed8c8f09db4749f83ca87bf3e2d.virus
Detection ratio: 30 / 66
Analysis date: 2018-05-10 15:55:07 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.316342 20180510
ALYac Gen:Variant.Razy.316342 20180510
Antiy-AVL Trojan/MSIL.Disfa.hfpj 20180510
Arcabit Trojan.Razy.D4D3B6 20180510
Avira (no cloud) TR/Dropper.Gen 20180510
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20180510
BitDefender Gen:Variant.Razy.316342 20180510
Cylance Unsafe 20180510
Cyren W32/Ursu.F.gen!Eldorado 20180510
Emsisoft Gen:Variant.Razy.316342 (B) 20180510
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of MSIL/Injector.SHI 20180510
F-Secure Gen:Variant.Razy.316342 20180510
Fortinet MSIL/Kryptik.NEC!tr 20180510
GData Gen:Variant.Razy.316342 20180510
Ikarus Trojan-Spy.Agent 20180509
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005265a71 ) 20180510
K7GW Trojan ( 005265a71 ) 20180510
Kaspersky Trojan.MSIL.Disfa.hfpj 20180510
MAX malware (ai score=83) 20180510
McAfee Packed-XI!181E0ED8C8F0 20180510
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20180510
eScan Gen:Variant.Razy.316342 20180510
Palo Alto Networks (Known Signatures) generic.ml 20180510
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180510
TrendMicro BKDR_ASDROP.SMZVP 20180510
TrendMicro-HouseCall BKDR_ASDROP.SMZVP 20180510
ZoneAlarm by Check Point Trojan.MSIL.Disfa.hfpj 20180510
AegisLab 20180510
AhnLab-V3 20180510
Alibaba 20180510
Avast 20180510
Avast-Mobile 20180509
AVG 20180510
AVware 20180428
Babable 20180406
Bkav 20180510
CAT-QuickHeal 20180510
ClamAV 20180510
CMC 20180510
Comodo 20180510
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180510
eGambit 20180510
F-Prot 20180510
Jiangmin 20180510
Kingsoft 20180510
Malwarebytes 20180510
Microsoft 20180510
NANO-Antivirus 20180510
nProtect 20180510
Panda 20180509
Qihoo-360 20180510
Rising 20180510
Sophos AV 20180510
SUPERAntiSpyware 20180510
Symantec Mobile Insight 20180509
Tencent 20180510
TheHacker 20180509
TotalDefense 20180510
Trustlook 20180510
VBA32 20180510
VIPRE 20180510
ViRobot 20180510
Webroot 20180510
Yandex 20180508
Zillya 20180508
Zoner 20180509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004-2018 by Sandboxie Holdings, LLC

Product Sandboxie
Original name SandboxieWUAU.exe
Internal name WUAU
File version 5.24
Description Sandboxie COM Services (wuauserv)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-10 16:18:30
Entry Point 0x000A776E
Number of sections 4
.NET details
Module Version ID acc2de14-8d82-4ab0-a350-a13e4fb1ec3a
PE sections
Overlays
MD5 061a83088ac96e11b4f95d5cd3f8092f
File type ASCII text
Offset 683520
Size 3144
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.24.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sandboxie COM Services (wuauserv)

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0xa776e

OriginalFileName
SandboxieWUAU.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2018 by Sandboxie Holdings, LLC

FileVersion
5.24

TimeStamp
2018:05:10 09:18:30-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
WUAU

ProductVersion
5.24

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sandboxie Holdings, LLC

CodeSize
677888

ProductName
Sandboxie

ProductVersionNumber
5.24.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 181e0ed8c8f09db4749f83ca87bf3e2d
SHA1 0c29a28d18b975c3ead2a72205ddf5b2d8d10700
SHA256 4936723d9911eb23d830648968c1ec5903d8fa538b20f70e9490e9ae33b97720
ssdeep
12288:zvSPUgbUaQOqH3e6ycW271da+lDf982hWFwLzbzOv30GaEBAXPEk:EUgbUJX3ycT71da+lD182h/fzikGaEK8

authentihash 9ab2bdc0f850ec8c9705c44e86d1ed8ac4973128ee81dd394c5d7611bb22d024
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 670.6 KB ( 686664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.8%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-10 15:55:07 UTC ( 11 months, 2 weeks ago )
Last submission 2018-05-17 08:00:33 UTC ( 11 months, 1 week ago )
File names WUAU
NEWPO.exe
SandboxieWUAU.exe
181e0ed8c8f09db4749f83ca87bf3e2d.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!