× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f432221f65bcf9e0685b867a679656a097c2be40f79b051d97018a55f94a2ee
File name: 4f432221f65bcf9e0685b867a679656a097c2be40f79b051d97018a55f94a2ee
Detection ratio: 31 / 65
Analysis date: 2017-10-18 08:59:08 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.72698 20171018
AegisLab Ml.Attribute.Gen!c 20171018
Avast Win32:Malware-gen 20171018
AVG Win32:Malware-gen 20171018
Avira (no cloud) TR/Dropper.Gen 20171018
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171018
BitDefender Gen:Variant.Razy.221080 20171018
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171018
Cyren W32/Trojan.AAOB-2726 20171018
eGambit malicious_confidence_100% 20171018
Emsisoft Gen:Variant.Razy.221080 (B) 20171018
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAIZ 20171018
F-Secure Gen:Variant.Mikey.72698 20171018
Fortinet W32/GenKryptik.AZRU!tr 20171018
GData Win32.Trojan-Spy.Emotet.0ZLEQT 20171018
Ikarus Win32.Outbreak 20171017
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171017
Malwarebytes Spyware.Emotet 20171018
MAX malware (ai score=98) 20171018
McAfee RDN/Generic.grp 20171018
McAfee-GW-Edition BehavesLike.Win32.Virut.nh 20171018
Palo Alto Networks (Known Signatures) generic.ml 20171018
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171018
Symantec ML.Attribute.HighConfidence 20171018
TrendMicro-HouseCall Suspicious_GEN.F47V1017 20171018
Webroot W32.Trojan.Emotet 20171018
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171018
AhnLab-V3 20171018
Alibaba 20170911
ALYac 20171017
Antiy-AVL 20171018
Arcabit 20171017
Avast-Mobile 20171018
AVware 20171018
Bkav 20171017
CAT-QuickHeal 20171018
ClamAV 20171018
CMC 20171017
Comodo 20171017
F-Prot 20171018
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kingsoft 20171018
Microsoft 20171018
eScan 20171018
NANO-Antivirus 20171018
nProtect 20171018
Panda 20171017
Qihoo-360 20171018
Rising 20171014
SUPERAntiSpyware 20171018
Symantec Mobile Insight 20171011
Tencent 20171018
TheHacker 20171017
TotalDefense 20171018
TrendMicro 20171018
Trustlook 20171018
VBA32 20171017
VIPRE 20171018
ViRobot 20171018
Yandex 20171017
Zillya 20171017
Zoner 20171018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Twain Thunker
Original name Twunk_32.exe
Internal name Twunk_32
File version 1,7,1,0
Description Twain.dll Client's 32-Bit Thunking Server
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-18 03:51:07
Entry Point 0x00001860
Number of sections 6
PE sections
PE imports
AccessCheckAndAuditAlarmA
PageSetupDlgA
SetROP2
EndPath
CloseFigure
OpenMutexA
lstrlenA
lstrcatA
lstrcpyA
CopyFileA
Sleep
ReadProcessMemory
GetDefaultCommConfigA
WritePrivateProfileStringW
I_RpcServerUseProtseqEp2W
SetupDiEnumDriverInfoA
SetupDiCreateDeviceInfoList
TranslateNameW
wsprintfA
EnumDisplayMonitors
SetMenuItemBitmaps
FindWindowW
MessageBoxA
GetWindowTextA
GetWindow
CharUpperA
setsockopt
_ctime64
fread
fclose
_time64
_localtime64
fopen
_gmtime64
memset
MonikerCommonPrefixWith
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
77824

ImageVersion
0.0

ProductName
Twain Thunker

FileVersionNumber
1.7.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unknown (04B4)

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Twunk_32.exe

MIMEType
application/octet-stream

FileVersion
1,7,1,0

TimeStamp
2017:10:18 04:51:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Twunk_32

ProductVersion
1,7,1,0

FileDescription
Twain.dll Client's 32-Bit Thunking Server

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.7.1.0

EntryPoint
0x1860

ObjectFileType
Executable application

File identification
MD5 9aa285fa98b7e8677f5a3a8e6935a0c3
SHA1 1b47a4fe1fd71156e0dedea1347fb592909c61cd
SHA256 4f432221f65bcf9e0685b867a679656a097c2be40f79b051d97018a55f94a2ee
ssdeep
1536:5RwtDgnP92v1111111111111111111111111111111111111111111111111111F:wt0nPWXv5XP+kL0IbmEVuCp

authentihash c20299e170b1e2a117274553d1494ac6a8bc26263cbfe59bdb243a130f66c021
imphash 236c2334027f122d93d248a436989764
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-17 18:54:06 UTC ( 1 year ago )
Last submission 2017-11-17 19:39:51 UTC ( 11 months, 1 week ago )
File names Twunk_32.exe
Twunk_32
hf6UVvkxvqg6vuM2B.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Opened mutexes
Searched windows
Runtime DLLs
UDP communications