× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6185ef8c33787ff218ddeb33dd5529a213de34af17b8e3b8af0f46e88cb59f70
File name: 9807.exe
Detection ratio: 19 / 66
Analysis date: 2018-04-04 10:03:26 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180404
AVG FileRepMalware 20180404
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180404
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.cbfe9b 20180225
Cylance Unsafe 20180404
Cyren W32/Patched.S.gen!Eldorado 20180404
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFEE 20180404
F-Prot W32/Patched.S.gen!Eldorado 20180404
Ikarus Trojan-Banker.Emotet 20180404
Sophos ML heuristic 20180121
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180404
Palo Alto Networks (Known Signatures) generic.ml 20180404
Qihoo-360 HEUR/QVM19.1.46D5.Malware.Gen 20180404
Rising Trojan.Azden!8.F0E3 (TFE:1:t0fdECozrrQ) 20180404
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180404
Symantec ML.Attribute.HighConfidence 20180404
Ad-Aware 20180404
AegisLab 20180404
AhnLab-V3 20180404
Alibaba 20180404
ALYac 20180404
Antiy-AVL 20180404
Arcabit 20180404
Avast-Mobile 20180403
Avira (no cloud) 20180404
AVware 20180404
BitDefender 20180404
Bkav 20180403
CAT-QuickHeal 20180404
ClamAV 20180404
CMC 20180404
Comodo 20180404
DrWeb 20180404
eGambit 20180404
Emsisoft 20180404
F-Secure 20180404
Fortinet 20180404
GData 20180404
Jiangmin 20180404
K7AntiVirus 20180404
K7GW 20180404
Kaspersky 20180404
Kingsoft 20180404
Malwarebytes 20180404
MAX 20180404
McAfee 20180404
Microsoft 20180404
eScan 20180404
NANO-Antivirus 20180404
nProtect 20180404
Panda 20180403
SUPERAntiSpyware 20180404
Symantec Mobile Insight 20180401
Tencent 20180404
TheHacker 20180330
TrendMicro 20180404
TrendMicro-HouseCall 20180404
Trustlook 20180404
VBA32 20180403
VIPRE 20180404
ViRobot 20180404
WhiteArmor 20180403
Yandex 20180403
Zillya 20180403
ZoneAlarm by Check Point 20180404
Zoner 20180403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
Internal name CompiledComposition.Microsoft.PowerShell.GPowerShell
File version 0.0.0.0
Description
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000021D0
Number of sections 5
PE sections
PE imports
CryptSetProviderA
GetSecurityDescriptorLength
CryptDestroyHash
CM_Get_Next_Res_Des_Ex
CertVerifyRevocation
CertSetCTLContextProperty
SelectObject
CreateEnhMetaFileA
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
SetCriticalSectionSpinCount
DosDateTimeToFileTime
GetConsoleOutputCP
LocalSize
GetConsoleCP
SetFileApisToOEM
SetDefaultCommConfigA
GetConsoleWindow
FlsFree
GetCurrentThread
NetShareDelSticky
CreateDispTypeInfo
SysStringByteLen
RasSetSubEntryPropertiesW
I_RpcSessionStrictContextHandle
RpcServerRegisterIfEx
RpcAsyncCancelCall
SetupPromptForDiskA
SHOpenFolderAndSelectItems
SHBrowseForFolderW
ChrCmpIW
FreeContextBuffer
BlockInput
GetInputState
ChangeDisplaySettingsExA
DdeKeepStringHandle
OemToCharW
GetRawInputDeviceList
SetRect
InternetGetConnectedStateExW
ntohl
inet_addr
Ord(30)
_mktime64
OleQueryLinkFromData
PdhAddCounterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
99669494

LinkerVersion
0.2

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x21d0

InitializedDataSize
104960

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1070112495

File identification
MD5 5341614cbfe9ba135d6ac07af1aaf588
SHA1 c599bab433906b5dba6302b09e679b463cfcca00
SHA256 6185ef8c33787ff218ddeb33dd5529a213de34af17b8e3b8af0f46e88cb59f70
ssdeep
1536:soWwDJfnVKwI9j3butgjWxg1ASOUYIQ5JPu4ZF2OBo7MroWTbf+/aL95:sBwdvVKZPuRlSOxIQ5J2+Mwo7MrX7hX

authentihash 0031e7c3dcd3f122ac961826e311bfd76c1c14b6159c31dba9fb28dc909bc0e2
imphash cb2125efe4b6d0f304bba87d99159559
File size 110.5 KB ( 113152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-04 10:02:25 UTC ( 10 months, 3 weeks ago )
Last submission 2018-05-09 00:06:20 UTC ( 9 months, 2 weeks ago )
File names CompiledComposition.Microsoft.PowerShell.GPowerShell
CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
28572328.exe
9807.exe
Av50PdksI0.exe
24574616.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!