× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d85d4026abb94b7dbe216c1d03cfa11edc1d9f63ba72639cdcb25565c80ff38
File name: fa55b5a98736016654c224e8fc5ca863
Detection ratio: 31 / 56
Analysis date: 2016-10-05 14:53:37 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.99014 20161005
AhnLab-V3 Trojan/Win32.Yakes.N2119417596 20161005
Antiy-AVL Trojan/Win32.Yakes 20161005
Arcabit Trojan.Razy.D182C6 20161005
Avast Win32:Malware-gen 20161005
AVG Generic_s.KDH 20161005
Avira (no cloud) TR/Crypt.ZPACK.wqfzx 20161005
AVware Trojan.Win32.Reveton.a (v) 20161005
Baidu Win32.Trojan.Kryptik.alb 20161001
BitDefender Gen:Variant.Razy.99014 20161005
Comodo Application.Win32.Loadmoney.ERJ 20161005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Gen:Variant.Razy.99014 (B) 20161005
ESET-NOD32 a variant of Win32/Kryptik.FHBM 20161005
F-Secure Gen:Variant.Razy.99014 20161005
Fortinet W32/Yakes.QYJV!tr 20161005
GData Gen:Variant.Razy.99014 20161005
Sophos ML generic.a 20160928
Kaspersky Trojan.Win32.Yakes.qyjv 20161005
McAfee Artemis!FA55B5A98736 20161005
McAfee-GW-Edition Artemis 20161005
Microsoft TrojanDownloader:Win32/Aningik.A 20161005
eScan Gen:Variant.Razy.99014 20161005
Panda Trj/GdSda.A 20161004
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161005
Sophos AV Mal/Generic-S 20161005
Symantec Trojan.Gen 20161005
Tencent Win32.Trojan.Yakes.Edxd 20161005
TrendMicro TROJ_GEN.R021C0DJ216 20161005
TrendMicro-HouseCall TROJ_GEN.R021C0DJ216 20161005
VIPRE Trojan.Win32.Reveton.a (v) 20161005
AegisLab 20161005
Alibaba 20161003
ALYac 20160930
Bkav 20161005
CAT-QuickHeal 20161005
ClamAV 20161005
CMC 20161003
Cyren 20161005
DrWeb 20161005
F-Prot 20161005
Ikarus 20161005
Jiangmin 20161005
K7AntiVirus 20161005
K7GW 20161005
Kingsoft 20161005
Malwarebytes 20161005
NANO-Antivirus 20161005
nProtect 20161005
Rising 20161005
SUPERAntiSpyware 20161004
TheHacker 20161005
VBA32 20161005
ViRobot 20161005
Yandex 20161004
Zillya 20161003
Zoner 20161005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Internal name dwtrig20.exe
File version 12.0.6606.1000
Description Watson Subscriber for SENS Network Notifications
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-29 10:06:45
Entry Point 0x00001900
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
PolyPolyline
EnumFontsW
SaveDC
SetDCBrushColor
SetICMMode
AddFontResourceW
GetCharABCWidthsI
GetLayout
PaintRgn
GetMetaFileW
DeleteDC
RectInRegion
QueryFontAssocStatus
XFORMOBJ_iGetXform
CreateMetaFileW
StretchDIBits
SetTextColor
SetColorSpace
GdiEntry10
EngPlgBlt
GetTextFaceA
FlattenPath
GdiEntry7
GetEnhMetaFilePixelFormat
Pie
SetDIBColorTable
FontIsLinked
SetSystemPaletteUse
CreateToolhelp32Snapshot
GetSystemTime
InitializeCriticalSection
EnterCriticalSection
UpdateResourceW
TerminateThread
LoadLibraryW
WaitForSingleObject
SetEvent
GetFileAttributesW
DeleteFileA
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetVolumeInformationA
_lwrite
GetDriveTypeA
BuildCommDCBAndTimeoutsA
GetFileSize
GetCommandLineW
VirtualAllocEx
GetModuleFileNameA
GetProcAddress
VirtualProtectEx
SetStdHandle
lstrcmpA
GetModuleHandleA
HeapUnlock
GetExitCodeThread
lstrcpyA
CloseHandle
Thread32Next
GetFileAttributesExW
GetDiskFreeSpaceExA
ResumeThread
RemoveDirectoryA
SetCommConfig
ReadConsoleOutputW
FreeLibraryAndExitThread
SetCurrentDirectoryW
WriteFile
GlobalAlloc
CreateEventA
ReadFileEx
CreateFileA
SleepEx
WriteConsoleW
LeaveCriticalSection
DragQueryFileW
CheckEscapesW
ShellAboutW
SHGetSpecialFolderPathA
SHGetDiskFreeSpaceA
FindExecutableW
SHQueryRecycleBinA
SHGetFolderPathA
SHGetDiskFreeSpaceExW
DragQueryFileAorW
CommandLineToArgvW
StrCmpNIW
StrChrA
StrRChrW
StrChrIW
SetFocus
SendNotifyMessageA
GetMessagePos
GetParent
UpdateWindow
GetInputState
LoadBitmapW
SetClassLongW
GetFocus
GetCapture
keybd_event
KillTimer
GetMonitorInfoA
EnumChildWindows
LoadBitmapA
SetClipboardViewer
DlgDirListW
GetClipboardViewer
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
PeekMessageA
GetWindowLongA
PostMessageA
ShowWindowAsync
GetSystemMenu
CharLowerW
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
GetDC
GetKeyState
InsertMenuA
GetWindowModuleFileNameA
UnregisterClassA
EndMenu
EnumDisplayDevicesA
DdeQueryNextServer
AnyPopup
GetSystemMetrics
TileWindows
GetWindowModuleFileNameW
DrawMenuBar
DrawTextW
TabbedTextOutA
SendMessageA
SetTimer
GetClientRect
LoadIconA
SwitchToThisWindow
CharNextA
DdeConnectList
SetDlgItemInt
CreateIconFromResource
LoadIconW
RedrawWindow
MsgWaitForMultipleObjects
DragObject
SetForegroundWindow
PtInRect
GetKeyboardType
DestroyWindow
__p__fmode
_acmdln
_ftol
__dllonexit
_except_handler3
_mbsrchr
_chdir
_mbscmp
_onexit
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
sprintf
__CxxFrameHandler
__p__commode
ceil
__getmainargs
_controlfp
_setmbcp
memmove
_initterm
_exit
vsprintf
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
33280

ImageVersion
0.0

FileVersionNumber
12.0.6606.1000

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0.6606.1000

TimeStamp
2016:09:29 11:06:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dwtrig20.exe

FileDescription
Watson Subscriber for SENS Network Notifications

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
5120

FileSubtype
0

ProductVersionNumber
12.0.6606.0

EntryPoint
0x1900

ObjectFileType
Executable application

File identification
MD5 fa55b5a98736016654c224e8fc5ca863
SHA1 d4952c1b25e5ac29a5655a58f8f099388e44f5a3
SHA256 5d85d4026abb94b7dbe216c1d03cfa11edc1d9f63ba72639cdcb25565c80ff38
ssdeep
768:HhnUjU3A/LcyB6MpZ9jSkodQGtuxSRM24coKa:BUow/vMxYP2xa

authentihash acf3eecc6c1e8b6e1d286158b6802bf40e09a9bfed92cd39ae0b24e6f67bcb29
imphash 0edaf83a74234f49127dce368dbe43c4
File size 38.5 KB ( 39424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-05 14:53:37 UTC ( 2 years, 5 months ago )
Last submission 2016-10-05 14:53:37 UTC ( 2 years, 5 months ago )
File names dwtrig20.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications