× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57e0b8959ac3d3bb971e87570b7657abf95bea319f5c795926c3171cf44db10b
File name: 57e0b8959ac3d3bb971e87570b7657abf95bea319f5c795926c3171cf44db10b
Detection ratio: 17 / 70
Analysis date: 2018-12-03 15:37:53 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181203
AVG FileRepMalware 20181203
CAT-QuickHeal Trojan.Emotet.X4 20181203
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181203
eGambit Unsafe.AI_Score_82% 20181203
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNKB 20181203
Ikarus Trojan-Banker.Emotet 20181203
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Emotet.AC!bit 20181203
Palo Alto Networks (Known Signatures) generic.ml 20181203
Qihoo-360 HEUR/QVM20.1.9EE1.Malware.Gen 20181203
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazoY+DfJ5C8mFZr/Ehcub7nh) 20181203
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.moderate.ml.score 20181128
Webroot W32.Trojan.Emotet 20181203
Ad-Aware 20181203
AegisLab 20181203
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181203
Antiy-AVL 20181202
Arcabit 20181203
Avast-Mobile 20181203
Avira (no cloud) 20181203
Babable 20180918
Baidu 20181203
BitDefender 20181203
Bkav 20181203
ClamAV 20181203
CMC 20181203
Comodo 20181203
Cybereason 20180225
Cyren 20181203
DrWeb 20181203
Emsisoft 20181203
F-Prot 20181203
F-Secure 20181203
Fortinet 20181203
GData 20181203
Jiangmin 20181203
K7AntiVirus 20181203
K7GW 20181203
Kaspersky 20181203
Kingsoft 20181203
Malwarebytes 20181203
MAX 20181203
McAfee 20181203
McAfee-GW-Edition 20181203
eScan 20181203
NANO-Antivirus 20181203
Panda 20181203
Sophos AV 20181203
SUPERAntiSpyware 20181128
Symantec 20181203
Symantec Mobile Insight 20181121
TACHYON 20181203
Tencent 20181203
TheHacker 20181202
TotalDefense 20181203
TrendMicro 20181203
TrendMicro-HouseCall 20181203
Trustlook 20181203
VBA32 20181203
VIPRE 20181203
ViRobot 20181203
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181203
Zoner 20181203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating S
Original name WerMgr
Internal name WerMgr
File version 6.1.7601.23452 (win7sp1_ldr.160512-0
Description Twe Problem Reporting
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-20 19:20:17
Entry Point 0x000075E8
Number of sections 7
PE sections
PE imports
PrivilegeCheck
GetStringScripts
LocalFileTimeToFileTime
GetModuleHandleW
FreeConsole
GetNamedPipeClientProcessId
LZSeek
DdeFreeStringHandle
GetMenuDefaultItem
GetDlgItemInt
LoadAcceleratorsW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twe Problem Reporting

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
334848

EntryPoint
0x75e8

OriginalFileName
WerMgr

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.23452 (win7sp1_ldr.160512-0

TimeStamp
2004:06:20 20:20:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WerMgr

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twe Corporation

CodeSize
31232

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 4828be595493e8e6824932b719d945b7
SHA1 2c76e0c93d0d3ca7421f57bbecc7b0b080de8d65
SHA256 57e0b8959ac3d3bb971e87570b7657abf95bea319f5c795926c3171cf44db10b
ssdeep
3072:EBLyRYjbx60GE7OEvOwo/CMV+XT2X25QjZ:kuuJIEK1hV+XqG

authentihash bdceb3ac31f456b8c2e4af4961a9713fda1565481d3afead01abc24bffe5eebe
imphash ad9fb3c428e25a57229648a5d1563b95
File size 352.0 KB ( 360448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 15:23:55 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-03 16:38:21 UTC ( 2 months, 2 weeks ago )
File names WerMgr
sbsselect.exe
257.exe
dttcodexgigas.2c76e0c93d0d3ca7421f57bbecc7b0b080de8d65
G5N2lfGRZL.exe
seCCqLg4.exe
m1MYFTvcV.exe
B439303B.exe.vir.msg
20374984.exe
jtmqq5Hjyko.exe
23847912.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!