× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e365dcce9de1fe8f6aaa5671cbe2c9f978663bc1f2168d730ee27083d3795e1
File name: T4tXWMiAKy.exe
Detection ratio: 35 / 68
Analysis date: 2018-10-28 23:08:55 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40650845 20181028
Arcabit Trojan.Generic.D26C485D 20181028
Avast Win32:BankerX-gen [Trj] 20181028
AVG Win32:BankerX-gen [Trj] 20181028
BitDefender Trojan.GenericKD.40650845 20181028
CAT-QuickHeal Trojan.Emotet.X4 20181028
CMC Trojan.Win32.Obfuscated.en!O 20181028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.4bb1b5 20180225
Cylance Unsafe 20181029
Cyren W32/Trojan.SAMX-6472 20181028
Emsisoft Trojan.GenericKD.40650845 (B) 20181028
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMAN 20181028
F-Secure Trojan.GenericKD.40650845 20181028
Fortinet W32/Kryptik.GMAN!tr 20181028
GData Trojan.GenericKD.40650845 20181028
Ikarus Trojan.Win32.Crypt 20181028
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bkxe 20181028
Malwarebytes Trojan.Emotet 20181028
MAX malware (ai score=89) 20181029
McAfee RDN/Generic.dx 20181028
McAfee-GW-Edition BehavesLike.Win32.Emotet.bz 20181028
Microsoft Trojan:Win32/Emotet.AC!bit 20181028
eScan Trojan.GenericKD.40650845 20181028
Palo Alto Networks (Known Signatures) generic.ml 20181029
Panda Trj/CI.A 20181028
Qihoo-360 Win32/Trojan.88c 20181029
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181028
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181028
Symantec Trojan.Emotet 20181028
Webroot W32.Trojan.Gen 20181029
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bkxe 20181028
AegisLab 20181028
AhnLab-V3 20181028
Alibaba 20180921
ALYac 20181028
Antiy-AVL 20181028
Avast-Mobile 20181028
Avira (no cloud) 20181028
Babable 20180918
Baidu 20181026
Bkav 20181025
ClamAV 20181028
DrWeb 20181028
eGambit 20181029
F-Prot 20181028
Jiangmin 20181028
K7AntiVirus 20181028
K7GW 20181025
Kingsoft 20181029
NANO-Antivirus 20181028
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181028
Tencent 20181029
TheHacker 20181025
TotalDefense 20181028
TrendMicro 20181028
TrendMicro-HouseCall 20181028
Trustlook 20181029
VBA32 20181026
VIPRE 20181027
ViRobot 20181028
Yandex 20181026
Zillya 20181028
Zoner 20181027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Internal name wmspdmod.dll
File version 6.1.7601.19091
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-01 09:39:18
Entry Point 0x0000830E
Number of sections 5
PE sections
PE imports
ReadEncryptedFileRaw
OffsetRgn
GetTcpStatistics
GetUserDefaultUILanguage
GetModuleHandleA
InitAtomTable
SetConsoleWindowInfo
SetupDiGetClassImageListExW
CM_Get_DevNode_Status
SetWindowsHookW
timeBeginPeriod
realloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:01 01:39:18-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
18.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x830e

InitializedDataSize
774144

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d0c91604bb1b54cfc0564412d9f6e1de
SHA1 d693d7f1445b02a29ee134dd5721535118e72596
SHA256 4e365dcce9de1fe8f6aaa5671cbe2c9f978663bc1f2168d730ee27083d3795e1
ssdeep
3072:/KNfygERXr1AZQ3lcwMe7l+tTGJ2G8tbEhgO:y+r1AZkcwM+wSzGbEh

authentihash 537d0400b4692e014186d668114f0d1397ae556ca80cc7c7fe29942420e5ac4d
imphash 121b0361bc8d469b6088ad104715d059
File size 792.0 KB ( 811008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-27 02:07:45 UTC ( 3 months, 3 weeks ago )
Last submission 2018-10-27 02:07:45 UTC ( 3 months, 3 weeks ago )
File names T4tXWMiAKy.exe
wmspdmod.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs