× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50876a628b3ab0bc23c40e3903e2524d0ae91ce24eed54fc6c54ebd6465828e6
File name: oe8VKTz0.exe
Detection ratio: 34 / 70
Analysis date: 2019-01-11 14:09:02 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Multi.Generic.4!c 20190111
AhnLab-V3 Trojan/Win32.Emotet.R251407 20190111
Avast Win32:BankerX-gen [Trj] 20190112
AVG Win32:BankerX-gen [Trj] 20190112
Comodo Packed.Win32.TDSS.~AA@1rhbt5 20190111
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.45e066 20190109
Cylance Unsafe 20190112
Cyren W32/Trojan.LJNH-7875 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOND 20190111
Fortinet W32/GenKryptik.CWEK!tr 20190111
GData Win32.Trojan.Agent.DZUW10 20190111
Ikarus Trojan.Win32.Krypt 20190111
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190111
K7GW Riskware ( 0040eff71 ) 20190111
Kaspersky Trojan-Banker.Win32.Emotet.byuq 20190111
Malwarebytes Trojan.Emotet 20190111
McAfee Emotet-FLN!2043A1180B53 20190111
McAfee-GW-Edition Emotet-FLN!2043A1180B53 20190111
Microsoft Trojan:Win32/Emotet.AC!bit 20190111
Palo Alto Networks (Known Signatures) generic.ml 20190112
Panda Trj/GdSda.A 20190111
Qihoo-360 HEUR/QVM19.1.7689.Malware.Gen 20190112
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190111
Sophos AV Mal/Generic-S 20190111
Symantec Packed.Generic.517 20190111
Tencent Win32.Trojan-banker.Emotet.Hnkt 20190112
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAAAI 20190111
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAAAI 20190111
Webroot W32.Trojan.Emotet 20190112
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byuq 20190111
Acronis 20190111
Ad-Aware 20190112
Alibaba 20180921
ALYac 20190112
Antiy-AVL 20190111
Arcabit 20190112
Avast-Mobile 20190111
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
BitDefender 20190112
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190111
CMC 20190111
DrWeb 20190111
eGambit 20190112
Emsisoft 20190111
F-Prot 20190111
F-Secure 20190111
Jiangmin 20190111
Kingsoft 20190112
MAX 20190112
eScan 20190111
NANO-Antivirus 20190111
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
TACHYON 20190111
TheHacker 20190106
TotalDefense 20190111
Trustlook 20190112
VBA32 20190111
ViRobot 20190111
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright c 2000

Product Ulead VerCheck
Original name VerCheck.exe
Internal name VerCheck
File version 4, 0, 0, 0
Description VerCheck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-11 07:01:00
Entry Point 0x0000279D
Number of sections 5
PE sections
PE imports
IsValidAcl
LogonUserA
GetSecurityDescriptorGroup
GetSidLengthRequired
RegOpenKeyExW
LookupAccountSidA
GetFileSecurityA
GetOpenFileNameW
GetOutlineTextMetricsW
GetSystemPaletteEntries
GetCharacterPlacementA
FillPath
GetTextFaceA
GetUserDefaultUILanguage
HeapFree
GetConsoleOutputCP
VirtualAllocEx
LoadLibraryW
GetConsoleCP
DebugBreak
FindNLSString
GlobalUnlock
GetFileAttributesW
GlobalAlloc
FindNextVolumeW
GetLocalTime
GetTapeParameters
GetCurrentProcess
EnumSystemLocalesA
Wow64DisableWow64FsRedirection
GetConsoleMode
CreateThread
GetDateFormatW
MultiByteToWideChar
GetLogicalDrives
GetFileInformationByHandle
GlobalLock
VerifyScripts
GetProcessHeap
CreateFileMappingW
GetModuleFileNameW
GetTimeFormatW
GlobalReAlloc
MapViewOfFile
InterlockedExchange
GetStartupInfoA
Wow64RevertWow64FsRedirection
FreeConsole
GetModuleHandleW
FormatMessageW
IsWow64Process
FreeLibraryAndExitThread
UnmapViewOfFile
GetConsoleWindow
QueryDosDeviceW
GetUserGeoID
HeapAlloc
NetGroupDelUser
CM_Get_DevNode_Registry_PropertyA
QueryCredentialsAttributesW
GetWindowLongA
LoadImageW
DrawFocusRect
DrawTextExW
InsertMenuItemW
LookupIconIdFromDirectory
DeferWindowPos
CreateIconFromResource
GetWindowLongW
LoadKeyboardLayoutA
DestroyWindow
GetKeyState
GetColorProfileHeader
strftime
FaultInIEFeature
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VerCheck

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x279d

OriginalFileName
VerCheck.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright c 2000

FileVersion
4, 0, 0, 0

TimeStamp
2019:01:11 08:01:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VerCheck

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ulead

CodeSize
20480

ProductName
Ulead VerCheck

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2043a1180b5357ec8067684edf5fbbde
SHA1 fd6f00945e066bccfe15d457821ea81d15a9feb7
SHA256 50876a628b3ab0bc23c40e3903e2524d0ae91ce24eed54fc6c54ebd6465828e6
ssdeep
3072:CAEgVo44mX8DV0XJvWSbA4gO2qdcZGqpVrJFyjQZi3AZn:1V6mOev+pacPpU

authentihash c5e5e1c36d7ab7a17fa88432e9eca41fbc52b394aadf2233687827116a39b797
imphash 38dc14af387c215d93b29412b53fa76d
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-10 23:04:29 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 00:04:06 UTC ( 1 month, 1 week ago )
File names oe8VKTz0.exe
VerCheck
XChw.exe
VerCheck.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!