× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 4f3e2ce24bde13a95a14f9e329f7e9d354fbcaef0ce42607e2152d84de06b03c
File name: yXeZKwAn1msx.exe
Detection ratio: 15 / 68
Analysis date: 2018-11-21 03:24:38 UTC ( 3 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181121
AVG FileRepMalware 20181121
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cybereason malicious.e15c31 20180225
Cylance Unsafe 20181121
eGambit Unsafe.AI_Score_94% 20181121
Endgame malicious (high confidence) 20181108
McAfee Emotet-FJR!5049C28E15C3 20181121
Microsoft Trojan:Win32/Fuerboos.A!cl 20181121
NANO-Antivirus Virus.Win32.Gen.ccmw 20181121
Qihoo-360 HEUR/QVM20.1.5890.Malware.Gen 20181121
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazrpuElSF530//qEDHjOZTj6) 20181121
SentinelOne (Static ML) static engine - malicious 20181011
Symantec Trojan.Emotet 20181120
Webroot W32.Trojan.Emotet 20181121
Ad-Aware 20181121
AegisLab 20181121
AhnLab-V3 20181121
Alibaba 20180921
ALYac 20181121
Antiy-AVL 20181121
Arcabit 20181121
Avast-Mobile 20181120
Avira (no cloud) 20181121
Babable 20180918
Baidu 20181120
BitDefender 20181121
Bkav 20181120
CAT-QuickHeal 20181120
ClamAV 20181120
CMC 20181120
Cyren 20181121
DrWeb 20181121
Emsisoft 20181121
ESET-NOD32 20181121
F-Prot 20181121
F-Secure 20181121
Fortinet 20181121
GData 20181121
Ikarus 20181120
Sophos ML 20181108
Jiangmin 20181121
K7AntiVirus 20181120
K7GW 20181120
Kaspersky 20181121
Kingsoft 20181121
Malwarebytes 20181121
MAX 20181121
McAfee-GW-Edition 20181121
eScan 20181121
Palo Alto Networks (Known Signatures) 20181121
Panda 20181120
Sophos AV 20181121
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181108
TACHYON 20181121
Tencent 20181121
TheHacker 20181118
TotalDefense 20181118
TrendMicro 20181121
TrendMicro-HouseCall 20181121
Trustlook 20181121
VBA32 20181120
VIPRE 20181120
ViRobot 20181120
Yandex 20181119
Zillya 20181119
ZoneAlarm by Check Point 20181121
Zoner 20181121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rig

Product Microsoft® Win
Internal name SQLCEOLED
File version 3.00.
Description UBn
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-21 03:23:03
Entry Point 0x0000828B
Number of sections 6
PE sections
PE imports
[+] ADVAPI32.dll
RegSetKeySecurity
[+] GDI32.dll
MoveToEx
LineTo
GdiSetBatchLimit
LineDDA
GetRandomRgn
[+] KERNEL32.dll
GetVolumePathNamesForVolumeNameW
GetStringScripts
GlobalMemoryStatus
GetDriveTypeW
GetTimeZoneInformation
GetBinaryTypeW
Wow64EnableWow64FsRedirection
lstrlenW
GetNamedPipeClientProcessId
GetCommandLineA
GetStringTypeExA
GetCommMask
CreateMailslotA
GetModuleHandleW
FillConsoleOutputAttribute
WinExec
GetProcessHeap
[+] SETUPAPI.dll
SetupDiDestroyDriverInfoList
[+] SHLWAPI.dll
StrChrNW
StrChrA
PathIsUNCServerW
[+] Secur32.dll
GetComputerObjectNameW
QuerySecurityPackageInfoW
[+] USER32.dll
InsertMenuA
GetPriorityClipboardFormat
GetUpdateRect
EnumDisplayMonitors
[+] ole32.dll
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
UBn

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
262144

EntryPoint
0x828b

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rig

FileVersion
3.00.

TimeStamp
2018:11:21 04:23:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SQLCEOLED

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
0

ProductName
Microsoft Win

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5049c28e15c312ebd378cb41bcd65d4b
SHA1 ea169dc1cf10a2ae415676bf43b3ef7c39aa52e0
SHA256 4f3e2ce24bde13a95a14f9e329f7e9d354fbcaef0ce42607e2152d84de06b03c
ssdeep
3072:8bcVmTgJ4mdbshfWIAYCeVNtx49YYP+32n:ecVmTgeSggwx49Y

authentihash 04ac66fe6600ab2e47928eb4328461120cb9af50258a070395e7e1872a4a12af
imphash 5b2b4695f492719ca78401e1e5d400ff
File size 284.0 KB ( 290816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-21 03:24:38 UTC ( 3 months ago )
Last submission 2018-11-28 02:31:21 UTC ( 2 months, 3 weeks ago )
File names yXeZKwAn1msx.exe
SQLCEOLED
5049c28e15c312ebd378cb41bcd65d4b
acswh6khx3r2[1].exe
EIs2kCXu.exe
eyjnnq18[1].exe
G3HMXS9gNTdH.exe
k3FdrKPt.exe
dg1fyo5AJF9.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy