× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ac6c7076098e7eaf2b43f9f700999a5377cc706685a7538aa7ad603d0304332
File name: XZB3ZEZW.EXE
Detection ratio: 9 / 67
Analysis date: 2018-12-05 20:06:47 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CTEQ 20181205
Sophos ML heuristic 20181128
Rising Malware.Heuristic!ET#79% (RDM+:cmRtazqlaqoXUzwONvWP6Elc0XcI) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181205
Trapmine malicious.moderate.ml.score 20181205
Webroot W32.Trojan.Emotet 20181205
Ad-Aware 20181205
AegisLab 20181205
AhnLab-V3 20181205
Alibaba 20180921
ALYac 20181205
Antiy-AVL 20181205
Arcabit 20181205
Avast 20181205
Avast-Mobile 20181205
AVG 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
BitDefender 20181205
Bkav 20181203
CAT-QuickHeal 20181205
ClamAV 20181205
CMC 20181204
Comodo 20181205
Cybereason 20180225
Cyren 20181205
DrWeb 20181205
Emsisoft 20181205
F-Prot 20181205
F-Secure 20181205
Fortinet 20181205
GData 20181205
Ikarus 20181205
Jiangmin 20181205
K7AntiVirus 20181205
K7GW 20181205
Kaspersky 20181205
Kingsoft 20181205
Malwarebytes 20181205
MAX 20181205
McAfee 20181205
McAfee-GW-Edition 20181205
Microsoft 20181205
eScan 20181205
NANO-Antivirus 20181205
Palo Alto Networks (Known Signatures) 20181205
Panda 20181205
Qihoo-360 20181205
Sophos AV 20181205
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
Tencent 20181205
TheHacker 20181202
TotalDefense 20181205
TrendMicro 20181205
TrendMicro-HouseCall 20181205
Trustlook 20181205
VBA32 20181205
ViRobot 20181205
Yandex 20181204
Zillya 20181204
ZoneAlarm by Check Point 20181205
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name htmlparser
File version 1.4: 2003062408
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-06-25 07:14:21
Entry Point 0x00006791
Number of sections 5
PE sections
PE imports
LogonUserW
GetUserNameW
EnumServicesStatusW
InitializeSecurityDescriptor
LookupAccountSidA
EqualSid
GetSecurityDescriptorLength
IsValidSecurityDescriptor
GetOpenFileNameW
GetObjectA
GetBitmapBits
DeleteEnhMetaFile
LineDDA
GetPaletteEntries
DeleteObject
GetViewportExtEx
GetPixel
GetCharacterPlacementA
GetTextExtentPointW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetProcessWorkingSetSize
HeapDestroy
GetPrivateProfileStructW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetTapePosition
GetLocaleInfoW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
TlsGetValue
DeleteTimerQueue
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
QueryProcessCycleTime
GetUserDefaultLangID
ExitProcess
GetUserDefaultLCID
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
SetConsoleCtrlHandler
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
SetFilePointer
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
GetCurrentThreadId
LeaveCriticalSection
GetLastError
HeapFree
EnterCriticalSection
SetHandleCount
DefineDosDeviceW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetCommMask
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
FindVolumeMountPointClose
GetProcAddress
CompareStringW
GetFileInformationByHandle
lstrcpyA
CompareStringA
GetTempFileNameA
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
ExpandEnvironmentStringsA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GlobalGetAtomNameW
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
VirtualUnlock
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
WriteConsoleW
VirtualAlloc
GetTimeFormatA
LHashValOfNameSysA
SafeArrayLock
SetupAddToSourceListW
ExtractIconExW
FindExecutableA
GetFileVersionInfoW
DeleteUrlCacheEntry
GetColorProfileHeader
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
148992

UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
54272

EntryPoint
0x6791

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
1.4: 2003062408

TimeStamp
2003:06:25 00:14:21-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
htmlparser

ProductVersion
1.4: 2003062408

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 164ffe1ffeaa0a954104d79c754c3b45
SHA1 db67a01990dd94bdad07cf77e69e49e66c8c6c27
SHA256 5ac6c7076098e7eaf2b43f9f700999a5377cc706685a7538aa7ad603d0304332
ssdeep
3072:+65tKlxcGTdZ6ga0CgUsfU/sD6wrNHXYcGaR3HjUTZ2CKIKqIcQinXRnr5+ZheXe:+TzHTbva0CgwkDHXBQTZ2YKqI7iBxXe

authentihash 038c14ba564b1fc749250148c9b9bba3ef3ea1626708302b19627690b505d1ef
imphash f24756bb6224c8b326e1b67264c7fc90
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-05 20:06:47 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-05 20:06:47 UTC ( 4 months, 2 weeks ago )
File names XZB3ZEZW.EXE
htmlparser
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!