× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 558fa999592ddab44ae7ee9f524c7d09761192d18977ce1fc9f683d6b015a31c
File name: withoutlime.exe
Detection ratio: 16 / 70
Analysis date: 2019-01-31 19:52:50 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
AVG FileRepMalware 20190131
CAT-QuickHeal Trojan.Emotet.X4 20190131
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190131
Microsoft Trojan:Win32/Emotet.AC!bit 20190131
Palo Alto Networks (Known Signatures) generic.ml 20190131
Qihoo-360 HEUR/QVM19.1.EBB9.Malware.Gen 20190131
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgIJQotzArd04w) 20190131
SentinelOne (Static ML) static engine - malicious 20190124
Symantec ML.Attribute.HighConfidence 20190131
Trapmine suspicious.low.ml.score 20190123
Webroot W32.Trojan.Emotet 20190131
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190131
Ad-Aware 20190131
AegisLab 20190131
AhnLab-V3 20190131
Alibaba 20180921
ALYac 20190131
Antiy-AVL 20190131
Arcabit 20190131
Avast 20190131
Avast-Mobile 20190130
Avira (no cloud) 20190131
Babable 20180917
Baidu 20190130
BitDefender 20190131
Bkav 20190130
ClamAV 20190130
CMC 20190131
Comodo 20190131
Cybereason 20190109
Cyren 20190131
DrWeb 20190131
eGambit 20190131
Emsisoft 20190131
ESET-NOD32 20190131
F-Prot 20190131
F-Secure 20190131
Fortinet 20190131
GData 20190131
Ikarus 20190131
Jiangmin 20190131
K7AntiVirus 20190131
K7GW 20190131
Kingsoft 20190131
Malwarebytes 20190131
MAX 20190131
McAfee 20190131
McAfee-GW-Edition 20190131
eScan 20190131
NANO-Antivirus 20190131
Panda 20190131
Sophos AV 20190131
SUPERAntiSpyware 20190130
TACHYON 20190131
Tencent 20190131
TheHacker 20190131
TotalDefense 20190131
TrendMicro 20190131
TrendMicro-HouseCall 20190131
Trustlook 20190131
VBA32 20190131
VIPRE 20190130
ViRobot 20190131
Yandex 20190128
Zillya 20190131
Zoner 20190131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows Media Services
Original name mpg4dmod.dll
Internal name mpg4dmod.dll
File version 9.00.00.3250
Description Corona Windows Media MPEG-4 Video Decoder
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-01 03:00:45
Entry Point 0x0001BDE3
Number of sections 5
PE sections
PE imports
SetThreadToken
RegFlushKey
QueryUsersOnEncryptedFile
CryptVerifyDetachedMessageSignature
ExtSelectClipRgn
CopyMetaFileW
FormatMessageW
GetFileSizeEx
GetCPInfo
lstrcatA
GetProcessIdOfThread
GetConsoleMode
UnhandledExceptionFilter
GetLogicalDrives
GetModuleHandleW
FindFirstFileNameW
LZSeek
LZInit
DrawDibChangePalette
NetServerTransportAddEx
RasFreeEapUserIdentityW
SetupInitDefaultQueueCallback
CM_Set_DevNode_Registry_PropertyW
SetFocus
RegisterWindowMessageW
GetForegroundWindow
GetParent
UpdateWindow
DrawTextExW
EndDialog
PostQuitMessage
GetKeyboardLayout
DefWindowProcW
FindWindowW
GetMessageW
SetWinEventHook
ShowWindow
MessageBeep
CharUpperW
GetSystemMetrics
EnableMenuItem
MessageBoxW
PeekMessageW
CreateIconFromResource
RegisterClassExW
SetWindowPlacement
MoveWindow
DialogBoxParamW
LoadIconW
ChildWindowFromPoint
GetUpdatedClipboardFormats
SendDlgItemMessageW
GetWindowTextLengthW
PostMessageW
SetActiveWindow
GetDC
CreateWindowExW
GetCursorPos
ReleaseDC
SetScrollPos
GetDlgCtrlID
CheckMenuItem
SendMessageW
SetCursor
LoadCursorW
TranslateMessage
WinHelpW
GetWindowPlacement
ShutdownBlockReasonCreate
CloseClipboard
SetWindowTextW
SetWindowLongW
GetDlgItem
GetDlgItemTextW
UnhookWinEvent
IsIconic
ScreenToClient
CharNextW
InvalidateRect
CreateDialogParamW
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
LoadStringW
ShowOwnedPopups
EnableWindow
GetClientRect
GetWindowTextW
SetDlgItemTextW
GetMenuState
IsDialogMessageW
CallWindowProcA
GetSystemMenu
GetFocus
DispatchMessageW
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
DestroyWindow
GetAncestor
TranslateAcceleratorW
InternetSetStatusCallbackW
SCardListReadersW
RtlInitializeSListHead
HWND_UserSize
CoTaskMemAlloc
HGLOBAL_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.3250

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Corona Windows Media MPEG-4 Video Decoder

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
327680

EntryPoint
0x1bde3

OriginalFileName
mpg4dmod.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
9.00.00.3250

TimeStamp
2019:01:31 19:00:45-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
mpg4dmod.dll

ProductVersion
9.00.00.3250

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
123904

ProductName
Microsoft Windows Media Services

ProductVersionNumber
9.0.0.3250

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 18c6ecb1ae1ebbffe021a40795b9dab5
SHA1 8e5ed6d96d72b267805cd4a22ddb036db9d9cea9
SHA256 558fa999592ddab44ae7ee9f524c7d09761192d18977ce1fc9f683d6b015a31c
ssdeep
3072:CkmcDSdYUN0YMJ6AmsKOx985FKyb8k/hdqn0+FSBWPqQQ0P6xqlR+CifVClbuq51:KhPhUn7FEcqQQ0yyLiNClqT6

authentihash ba09be3f9a42f1111cbc711ffe85a5f4b379f5274e83bac79aa1b726ef248eeb
imphash 9a3871ff12bdb1d5ab904ffa8d88f5da
File size 434.0 KB ( 444416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-31 19:03:15 UTC ( 3 months, 3 weeks ago )
Last submission 2019-02-01 13:49:29 UTC ( 3 months, 3 weeks ago )
File names 9iI8pOV_8Y0nV1b.exe
jKGCt.exe
46mUhQ_Bz.exe
440.exe
Oi4Cr3PxUvr_vYuUP.exe
57wCwvEGisz.exe
bPF3kY12n6KzkG.exe
mpg4dmod.dll
5iTpSfCtvbF3vso_nttK.exe
f5MZJmbZIR.exe
qGdhvBy7_Wusx2Llo.exe
968.exe
indexervsc.exe
zzQTdcCyaBrwOQw6.exe
withoutlime.exe
kl3b114sIZam77ZE.exe
HoVRxlpLr.exe
emotet_e2_558fa999592ddab44ae7ee9f524c7d09761192d18977ce1fc9f683d6b015a31c_2019-01-31__191002.exe_
HtvT7G_bGKRx.exe
uR82LA_maS.exe
indexervsc.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!