× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50956356fbf64726e5871aa89c0bdb47034cfbf5f9c44c7171fbe66896c616d4
File name: 5178.exe
Detection ratio: 54 / 68
Analysis date: 2018-07-23 18:24:47 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30658767 20180723
AegisLab Ml.Attribute.Gen!c 20180723
AhnLab-V3 Trojan/Win32.Emotet.R226463 20180723
ALYac Trojan.GenericKD.30658767 20180723
Antiy-AVL Trojan/Win32.TSGeneric 20180723
Arcabit Trojan.Generic.D1D3D0CF 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) HEUR/AGEN.1025962 20180723
AVware Trojan.Win32.Generic!BT 20180723
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180723
BitDefender Trojan.GenericKD.30658767 20180723
Bkav HW32.Packed.BAE5 20180723
CAT-QuickHeal Trojan.IGENERIC 20180723
ClamAV Win.Trojan.Emotet-6522119-0 20180723
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.da4b93 20180225
Cylance Unsafe 20180723
Cyren W32/Trojan.DIEK-5464 20180723
Emsisoft Trojan.GenericKD.30658767 (B) 20180723
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GGDQ 20180723
F-Prot W32/S-6e8a7988!Eldorado 20180723
F-Secure Trojan.GenericKD.30658767 20180723
Fortinet W32/Emotet.AKAF!tr 20180723
GData Trojan.GenericKD.30658767 20180723
Ikarus Trojan-Banker.Emotet 20180723
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.agk 20180723
K7AntiVirus Trojan ( 0052f1ec1 ) 20180723
K7GW Trojan ( 0052f1ec1 ) 20180723
Kaspersky HEUR:Trojan.Win32.Generic 20180723
Malwarebytes Trojan.Downloader 20180723
MAX malware (ai score=91) 20180723
McAfee Emotet-FGX!62E8DBD56C68 20180723
McAfee-GW-Edition BehavesLike.Win32.Virut.dc 20180723
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180723
eScan Trojan.GenericKD.30658767 20180723
NANO-Antivirus Trojan.Win32.Emotet.fawhba 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Generic Suspicious 20180723
Qihoo-360 Win32/Trojan.18d 20180723
Rising Trojan.Kryptik!8.8 (CLOUD) 20180723
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180723
Symantec Trojan.Emotet 20180723
Tencent Win32.Trojan.Generic.Wpto 20180723
TrendMicro TROJ_GEN.R060C0ODS18 20180723
TrendMicro-HouseCall TSPY_HPEMOTET.SMAL8 20180723
VBA32 TrojanBanker.Emotet 20180723
VIPRE Trojan.Win32.Generic!BT 20180723
Webroot W32.Trojan.Emotet 20180723
Yandex Trojan.PWS.Emotet! 20180720
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
CMC 20180723
Comodo 20180723
DrWeb 20180723
eGambit 20180723
Kingsoft 20180723
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
ViRobot 20180723
Zillya 20180723
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product MediaShow
Original name MediaShow.exe
Internal name Media Shower
Description Helper On
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-01-24 09:38:41
Entry Point 0x00005464
Number of sections 10
PE sections
PE imports
SetSecurityDescriptorRMControl
JetEscrowUpdate
GetTextColor
UpdateColors
GetConsoleSelectionInfo
GetFileTime
GetProductInfo
GetPriorityClass
GetLargePageMinimum
Heap32First
HeapCreate
SetConsoleCP
GetCurrentProcess
GetTickCount
GetProcessTimes
LocalUnlock
GetVersion
StrCatBuffW
DeferWindowPos
GetMenuState
LockSetForegroundWindow
ShowCursor
TranslateMDISysAccel
CoRegisterMessageFilter
Number of PE resources by type
RT_ICON 6
RT_STRING 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
226816

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.10.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Helper On

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.9

EntryPoint
0x5464

OriginalFileName
MediaShow.exe

MIMEType
application/octet-stream

TimeStamp
1995:01:24 10:38:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Media Shower

ProductVersion
1.1.00.5-RELEASE-3261ab70162a15491f105139acb02100067d661b

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Helper On

CodeSize
15360

ProductName
MediaShow

ProductVersionNumber
1.2.10.6

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.1.00.5

File identification
MD5 62e8dbd56c687be4e960a2f4b019cdab
SHA1 e9be24cda4b9376c5f6e2ea3e512a3213e512bc9
SHA256 50956356fbf64726e5871aa89c0bdb47034cfbf5f9c44c7171fbe66896c616d4
ssdeep
3072:iUxwnpMStT1HTE/ABRpqdRZIg43qhMPryBAW6aqb3IJV5dQ4YjuXxm6oY0:iUqaS/Hg/ABRpqdRmbqMrybJpTYqk/

authentihash be2eb7163111a548a87cf267186794677b390c10460ea5df07880527fac3d495
imphash d1b64e5c6a00a314eac279b46bf86cb4
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-26 15:58:35 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-24 17:56:28 UTC ( 8 months, 4 weeks ago )
File names 5178.exe
MediaShow.exe
05557.exe
Media Shower
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!