× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60565c2c5e2d0c45e9c94181dc24d6460afff9087702a0e9286474c265757308
File name: mswvc.exe
Detection ratio: 30 / 70
Analysis date: 2018-12-25 05:36:13 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.GenericKD.31448230 20181225
Arcabit Trojan.Generic.D1DFDCA6 20181225
Avast Win32:Trojan-gen 20181225
AVG Win32:Trojan-gen 20181225
BitDefender Trojan.GenericKD.31448230 20181225
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.133b01 20180225
Cylance Unsafe 20181225
Emsisoft Trojan.GenericKD.31448230 (B) 20181225
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECNQ 20181225
F-Secure Trojan.GenericKD.31448230 20181225
GData Trojan.GenericKD.31448230 20181225
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181225
K7GW Riskware ( 0040eff71 ) 20181225
Kaspersky Trojan.Win32.Mansabo.bte 20181224
MAX malware (ai score=80) 20181225
McAfee Artemis!D6D09EE133B0 20181225
McAfee-GW-Edition BehavesLike.Win32.RAHack.fc 20181225
Microsoft Trojan:Win32/Cloxer.D!cl 20181225
eScan Trojan.GenericKD.31448230 20181225
Palo Alto Networks (Known Signatures) generic.ml 20181225
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181225
Tencent Win32.Trojan.Mansabo.Wtnc 20181225
Trapmine malicious.moderate.ml.score 20181205
Webroot W32.Trojan.Trickbot 20181225
ZoneAlarm by Check Point Trojan.Win32.Mansabo.bte 20181225
AegisLab 20181225
AhnLab-V3 20181224
Alibaba 20180921
ALYac 20181225
Antiy-AVL 20181225
Avast-Mobile 20181224
Avira (no cloud) 20181224
Babable 20180918
Baidu 20181207
Bkav 20181224
CAT-QuickHeal 20181224
ClamAV 20181225
CMC 20181224
Comodo 20181225
Cyren 20181225
DrWeb 20181225
eGambit 20181225
F-Prot 20181225
Fortinet 20181225
Ikarus 20181224
Jiangmin 20181225
Kingsoft 20181225
Malwarebytes 20181224
NANO-Antivirus 20181225
Panda 20181224
Qihoo-360 20181225
Rising 20181225
SUPERAntiSpyware 20181220
Symantec 20181224
Symantec Mobile Insight 20181215
TACHYON 20181224
TheHacker 20181220
TotalDefense 20181223
TrendMicro 20181225
TrendMicro-HouseCall 20181225
Trustlook 20181225
VBA32 20181222
ViRobot 20181225
Yandex 20181223
Zillya 20181222
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Count the letters of words
Original name letter counter.exe
Internal name letter counter
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-24 09:53:09
Entry Point 0x0000136C
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualAlloc
GetStartupInfoW
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
Ord(518)
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
__vbaStrMove
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
__vbaAryMove
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
__vbaFpCDblR8
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaSetSystemError
__vbaStrCmp
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaStrToAnsi
__vbaUI1I2
__vbaFreeVar
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
__vbaR8Str
_CIlog
__vbaAryLock
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
Ord(685)
_CItan
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
Ord(644)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaVar2Vec
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
LoadStringW
Number of PE resources by type
RT_ICON 15
RT_STRING 5
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
ENGLISH US 6
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
294912

EntryPoint
0x136c

OriginalFileName
letter counter.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:12:24 01:53:09-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
letter counter

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sparktron Inc.

CodeSize
57344

ProductName
Count the letters of words

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 d6d09ee133b0118561d6983fa4b089c2
SHA1 1d6415cd419cdc28a949081845b5f476fca934d4
SHA256 60565c2c5e2d0c45e9c94181dc24d6460afff9087702a0e9286474c265757308
ssdeep
6144:7MhkuDoZEBbrLzLwF94j8t77C+o5fZ9Z9m:7EDoZ4rPLw3tF7zd

authentihash 7f45451a72214b90b4a94125dfbea297df451d61cdc69762acea67e95d96ebf2
imphash 05a1d02826243415fd1e047a9fc21aaf
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-24 11:51:32 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-24 11:51:32 UTC ( 1 month, 3 weeks ago )
File names letter counter
<SAMPLE.EXE>
letter counter.exe
mswvc.exe
sloh.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections