× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4abe7e3010cc7576ff99fdeb400c8df1a33b1bf95de324cf37b78c1f5dc545a6
File name: 578.exe
Detection ratio: 48 / 70
Analysis date: 2018-12-07 12:42:59 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31393940 20181207
AegisLab Trojan.Win32.Emotet.4!c 20181207
AhnLab-V3 Trojan/Win32.Emotet.R247548 20181207
ALYac Trojan.Agent.Emotet 20181207
Arcabit Trojan.Generic.D1DF0894 20181207
Avast Win32:BankerX-gen [Trj] 20181207
AVG Win32:BankerX-gen [Trj] 20181207
BitDefender Trojan.GenericKD.31393940 20181207
CAT-QuickHeal Trojan.Emotet.X4 20181206
Comodo Malware@#1dlmuf2guvvu2 20181207
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181207
Cyren W32/Emotet.KI.gen!Eldorado 20181207
eGambit Unsafe.AI_Score_83% 20181207
Emsisoft Trojan.GenericKD.31393940 (B) 20181207
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181207
F-Prot W32/Emotet.KI.gen!Eldorado 20181207
F-Secure Trojan.GenericKD.31393940 20181207
Fortinet Malicious_Behavior.SB 20181207
GData Trojan.GenericKD.31393940 20181207
Ikarus Trojan-Banker.Emotet 20181207
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c4bc1 ) 20181207
K7GW Trojan ( 0053c4bc1 ) 20181207
Kaspersky Trojan-Banker.Win32.Emotet.btgx 20181207
Malwarebytes Trojan.Emotet 20181207
MAX malware (ai score=100) 20181207
McAfee RDN/Generic.grp 20181207
McAfee-GW-Edition RDN/Generic.grp 20181207
Microsoft Trojan:Win32/Emotet.BZ 20181207
eScan Trojan.GenericKD.31393940 20181207
NANO-Antivirus Trojan.Win32.Emotet.fkweed 20181207
Palo Alto Networks (Known Signatures) generic.ml 20181207
Panda Trj/RnkBend.A 20181206
Qihoo-360 Win32/Trojan.c84 20181207
Rising Trojan.Kryptik!8.8 (CLOUD) 20181207
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-ANZ 20181207
Symantec Trojan.Emotet 20181207
Tencent Win32.Trojan-banker.Emotet.Tbik 20181207
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_FRS.VSN03L18 20181207
TrendMicro-HouseCall TROJ_FRS.VSN03L18 20181207
VBA32 BScope.TrojanBanker.Emotet 20181206
VIPRE Trojan.Win32.Generic!BT 20181207
Webroot W32.Trojan.Emotet 20181207
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btgx 20181207
Alibaba 20180921
Antiy-AVL 20181207
Avast-Mobile 20181207
Avira (no cloud) 20181207
Babable 20180918
Baidu 20181207
Bkav 20181206
ClamAV 20181207
CMC 20181206
Cybereason 20180225
DrWeb 20181207
Jiangmin 20181206
Kingsoft 20181207
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181207
TheHacker 20181202
TotalDefense 20181207
Trustlook 20181207
ViRobot 20181207
Yandex 20181204
Zillya 20181206
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating S
Original name WerMgr
Internal name WerMgr
File version 6.1.7601.23452 (win7sp1_ldr.160512-0
Description Twe Problem Reporting
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-20 19:20:17
Entry Point 0x00006FD7
Number of sections 7
PE sections
PE imports
PrivilegeCheck
GetStringScripts
GetNamedPipeClientProcessId
GetModuleHandleW
FreeConsole
LocalFileTimeToFileTime
LZSeek
DdeFreeStringHandle
GetMenuDefaultItem
GetDlgItemInt
LoadAcceleratorsW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twe Problem Reporting

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
334848

EntryPoint
0x6fd7

OriginalFileName
WerMgr

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.23452 (win7sp1_ldr.160512-0

TimeStamp
2004:06:20 12:20:17-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
WerMgr

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twe Corporation

CodeSize
30720

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c7e65807b18b1726444ac90643ef9ff2
SHA1 067ec92a4ac04a76f5106fdbf2380a26b814019c
SHA256 4abe7e3010cc7576ff99fdeb400c8df1a33b1bf95de324cf37b78c1f5dc545a6
ssdeep
3072:Vk9FRhsAzdU6lLBogf6MVOkIu0VhWbu6RC:WThsYdU6Tf6YO0qhWbu6

authentihash 31572b02e0b2c1535f59074ebef6d6862988cb14621c917353246410977d3e17
imphash 07ba7424a52ae706b665fdae80e7e28b
File size 351.0 KB ( 359424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 12:23:51 UTC ( 2 months, 2 weeks ago )
Last submission 2019-01-22 07:29:54 UTC ( 4 weeks, 1 day ago )
File names 5312565.exe
88241.exe
iproppdh.exe
899.exe
71046.exe
20115907
4675871.exe
40.exe
graphmnu.exe
578.exe
239.exe
5593589.exe
1.exe
0.exe
609.exe
899.exe
16696165.exe
c7e65807b18b1726444ac90643ef9ff2
6675295.exe
WerMgr
578.exe
513642.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!