× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52b95f756189b9a1757969f5c3d258906fe8f2628423001db5d0033684e0dc71
File name: Swu9G.exe
Detection ratio: 16 / 68
Analysis date: 2018-06-23 08:15:08 UTC ( 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R230382 20180622
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20180622
ClamAV Win.Trojan.Generic-6584512-1 20180623
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180623
Emsisoft Trojan.Emotet (A) 20180623
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GHOI!tr 20180623
GData Win32.Trojan-Spy.Emotet.RS 20180623
Ikarus Trojan-Banker.Emotet 20180622
Qihoo-360 HEUR/QVM20.1.07EF.Malware.Gen 20180623
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgIZp+gbA8+aIQ) 20180623
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180622
VBA32 BScope.TrojanDownloader.Stantinko 20180622
Webroot W32.Trojan.Emotet 20180623
Ad-Aware 20180623
AegisLab 20180622
Alibaba 20180622
ALYac 20180623
Antiy-AVL 20180623
Arcabit 20180623
Avast 20180623
Avast-Mobile 20180622
AVG 20180623
Avira (no cloud) 20180622
AVware 20180623
Babable 20180406
BitDefender 20180623
Bkav 20180623
CAT-QuickHeal 20180622
CMC 20180623
Comodo 20180623
Cybereason 20180225
Cyren 20180623
DrWeb 20180623
eGambit 20180623
ESET-NOD32 20180623
F-Prot 20180623
F-Secure 20180622
Sophos ML 20180601
Jiangmin 20180623
K7AntiVirus 20180622
K7GW 20180623
Kaspersky 20180623
Kingsoft 20180623
Malwarebytes 20180623
MAX 20180623
McAfee 20180623
McAfee-GW-Edition 20180623
Microsoft 20180623
eScan 20180623
NANO-Antivirus 20180623
Palo Alto Networks (Known Signatures) 20180623
Panda 20180623
Sophos AV 20180623
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TACHYON 20180623
Tencent 20180623
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180623
TrendMicro-HouseCall 20180623
Trustlook 20180623
VIPRE 20180623
ViRobot 20180623
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180623
Zoner 20180622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-23 15:11:31
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
NotifyBootConfigStatus
CopyEnhMetaFileW
GetLayout
SetTimeZoneInformation
FindActCtxSectionStringW
NetServerGetInfo
UuidToStringA
SetupDiBuildDriverInfoList
PathAddBackslashA
wsprintfA
GetInputState
GetDialogBaseUnits
PeekMessageW
waveOutGetID
timeBeginPeriod
StringFromCLSID
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
230400

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:23 16:11:31+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
97280

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a536e8f4fe7b0d0bf6dcc10a74b112bc
SHA1 b011fe9aa5799b42c87b83794d495289351fa7fe
SHA256 52b95f756189b9a1757969f5c3d258906fe8f2628423001db5d0033684e0dc71
ssdeep
1536:gk53LqzSGc4y+MMVzgiAsL+Np4gnYNPZ:7B2zAX+lZRL+n4HR

authentihash 398580af32426256a52aa8aeff939e4c6e1cffd2513cf1b171087fea9a83da0c
imphash 0c0fcb6c70e4cb9ccdc36dfbc50756b6
File size 316.5 KB ( 324096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-23 08:15:08 UTC ( 8 months ago )
Last submission 2018-06-25 10:47:46 UTC ( 7 months, 4 weeks ago )
File names 026182817130.exe
9888780008.exe
89637199.exe
Swu9G.exe
634583826.exe
259387659.exe
969467396.exe
774076158.exe
864420917.exe
347625524385.exe
51106263893.exe
49802762.exe
0a7dc31f79b055f0f92197966ced2de14d2c5a7f
255346289566.exe
output.113493341.txt
15221792.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.