× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d633171c0d4f41f3692fd61d2b36ce66be0be1c735df3472b2c77eacb481509
File name: Wextract
Detection ratio: 0 / 68
Analysis date: 2018-11-01 00:23:07 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20181031
AegisLab 20181031
AhnLab-V3 20181031
Alibaba 20180921
ALYac 20181031
Antiy-AVL 20181031
Arcabit 20181031
Avast 20181031
Avast-Mobile 20181031
AVG 20181031
Avira (no cloud) 20181031
Babable 20180918
Baidu 20181031
BitDefender 20181101
Bkav 20181031
CAT-QuickHeal 20181031
ClamAV 20181031
CMC 20181031
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181101
Cyren 20181031
DrWeb 20181031
eGambit 20181101
Emsisoft 20181031
Endgame 20180730
ESET-NOD32 20181031
F-Prot 20181031
F-Secure 20181031
Fortinet 20181031
GData 20181031
Ikarus 20181031
Sophos ML 20180717
Jiangmin 20181031
K7AntiVirus 20181031
K7GW 20181031
Kaspersky 20181101
Kingsoft 20181101
Malwarebytes 20181101
MAX 20181101
McAfee 20181031
McAfee-GW-Edition 20181031
Microsoft 20181031
eScan 20181031
NANO-Antivirus 20181031
Palo Alto Networks (Known Signatures) 20181101
Panda 20181031
Qihoo-360 20181101
Rising 20181031
SentinelOne (Static ML) 20181011
Sophos AV 20181101
SUPERAntiSpyware 20181031
Symantec 20181031
Symantec Mobile Insight 20181030
TACHYON 20181031
Tencent 20181101
TheHacker 20181031
TotalDefense 20181031
TrendMicro 20181031
TrendMicro-HouseCall 20181031
Trustlook 20181101
VBA32 20181031
VIPRE 20181031
ViRobot 20181031
Webroot 20181101
Yandex 20181030
Zillya 20181030
ZoneAlarm by Check Point 20181031
Zoner 20181101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WEXTRACT.EXE
Internal name Wextract
File version 6.00.2900.5512 (xpsp.080413-2105)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT INNO, appended, Unicode, SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-13 18:32:45
Entry Point 0x0000645C
Number of sections 3
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetLastError
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LoadLibraryA
GetExitCodeProcess
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
GetModuleFileNameA
IsDBCSLeadByte
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
_llseek
GetCommandLineA
GlobalLock
EnumResourceLanguagesA
TerminateThread
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
CreateEventA
lstrcpyA
_lopen
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
TerminateProcess
CreateProcessA
RemoveDirectoryA
SetUnhandledExceptionFilter
LockResource
LoadResource
WriteFile
GlobalAlloc
LocalFileTimeToFileTime
FindClose
FormatMessageA
GetTickCount
CreateFileA
GetDriveTypeA
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
LoadStringA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 14
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
30597120

ImageVersion
5.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.0.2900.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
exe

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.2900.5512 (xpsp.080413-2105)

TimeStamp
2008:04:13 19:32:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
6.00.2900.5512

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
39424

FileSubtype
0

ProductVersionNumber
6.0.2900.5512

EntryPoint
0x645c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 353e22baa6bc6de330ffc08dcb2d5ccd
SHA1 ce7a63b23043ae9533e2901e4acf45ed554314c8
SHA256 5d633171c0d4f41f3692fd61d2b36ce66be0be1c735df3472b2c77eacb481509
ssdeep
786432:kg70AlXx4xSliCm5lmtboiPfpqkUSCLahqt6KuX9:kgMSOk+inQSCLaE29

authentihash ec9973b587c32961a03c8e95cc3e58dd7c38c2eb0bafeb976d227a92230b018c
imphash 0ebb3c09b06b1666d307952e824c8697
File size 29.2 MB ( 30637568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (87.1%)
Win64 Executable (generic) (7.9%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.2%)
OS/2 Executable (generic) (0.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-07 15:06:36 UTC ( 2 years, 3 months ago )
Last submission 2018-09-27 00:30:41 UTC ( 4 months, 3 weeks ago )
File names PMPlayer.exe
PMPlayer.exe
pmplayer.exe
5D633171C0D4F41F3692FD61D2B36CE66BE0BE1C735DF3472B2C77EACB481509.exe
WEXTRACT.EXE
Wextract
PMPlayer_7.8.0.exe
928264
PMPlayer.exe
5D633171C0D4F41F3692FD61D2B36CE66BE0BE1C735DF3472B2C77EACB481509
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!