× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 61ae8b50fb3242829edc81dd82534ad8b4027a9c6ab368c285b7562e38d2b7f2
File name: eFbrSbYXE52PLRjU.exe
Detection ratio: 44 / 70
Analysis date: 2019-01-06 01:48:00 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20181227
Ad-Aware Trojan.GenericKD.40907711 20190106
AhnLab-V3 Trojan/Win32.Emotet.R250815 20190105
ALYac Trojan.GenericKD.40907711 20190106
Arcabit Trojan.Generic.D27033BF 20190106
Avast Win32:BankerX-gen [Trj] 20190106
AVG Win32:BankerX-gen [Trj] 20190106
BitDefender Trojan.GenericKD.40907711 20190106
ClamAV Win.Malware.Emotet-6803404-0 20190106
Comodo Malware@#1mtpxuuwpz79d 20190105
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.52f756 20180225
Cylance Unsafe 20190106
Cyren W32/Trojan.AVPM-2065 20190105
Emsisoft Trojan.GenericKD.40907711 (B) 20190105
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOHR 20190105
F-Secure Trojan.GenericKD.40907711 20190105
Fortinet W32/GenKryptik.CVQN!tr 20190105
GData Trojan.GenericKD.40907711 20190105
Ikarus Trojan-Spy.Win32.Emotet 20190105
Sophos ML heuristic 20181128
K7GW Trojan ( 00544efa1 ) 20190105
Kaspersky Trojan-Banker.Win32.Emotet.bybv 20190105
Malwarebytes Trojan.Emotet 20190105
MAX malware (ai score=100) 20190106
McAfee Emotet-FLM!4417EB052F75 20190105
McAfee-GW-Edition Artemis!Trojan 20190105
Microsoft Trojan:Win32/Emotet 20190105
eScan Trojan.GenericKD.40907711 20190105
Palo Alto Networks (Known Signatures) generic.ml 20190106
Panda Trj/GdSda.A 20190105
Qihoo-360 HEUR/QVM20.1.4F65.Malware.Gen 20190106
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190105
Symantec Trojan.Emotet 20190105
Tencent Win32.Trojan-banker.Emotet.Ozrz 20190106
Trapmine malicious.high.ml.score 20190103
TrendMicro TROJ_FRS.VSN04A19 20190105
TrendMicro-HouseCall TROJ_FRS.VSN04A19 20190105
ViRobot Trojan.Win32.Emotet.192512.A 20190106
Webroot W32.Trojan.Emotet 20190106
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bybv 20190106
AegisLab 20190105
Alibaba 20180921
Antiy-AVL 20190105
Avast-Mobile 20190105
Avira (no cloud) 20190106
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190105
CMC 20190105
DrWeb 20190105
eGambit 20190106
F-Prot 20190105
Jiangmin 20190105
K7AntiVirus 20190105
Kingsoft 20190106
NANO-Antivirus 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
TheHacker 20190104
TotalDefense 20190105
Trustlook 20190106
VBA32 20190104
Yandex 20181229
Zillya 20190105
Zoner 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved

Product WinZip
Original name WZ32.DLL
Internal name WZ32.DLL
File version 18.0 (32-bit)
Description WinZip DLL
Comments StringFileInfo: U.S. English
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-04 09:01:25
Entry Point 0x00005F70
Number of sections 5
PE sections
PE imports
[+] ADVAPI32.dll
IsValidAcl
SetUserFileEncryptionKey
LookupPrivilegeValueA
RegConnectRegistryA
[+] CLUSAPI.dll
GetNodeClusterState
[+] GDI32.dll
ExcludeClipRect
GetCurrentObject
PolylineTo
SetDCPenColor
EqualRgn
GetBoundsRect
GetStretchBltMode
IntersectClipRect
EnumFontsA
[+] IMM32.dll
ImmSimulateHotKey
[+] IPHLPAPI.DLL
GetIpErrorString
[+] KERNEL32.dll
GetUserDefaultUILanguage
AreFileApisANSI
IsBadStringPtrW
GetSystemTime
SetProcessShutdownParameters
WritePrivateProfileStringA
TlsFree
GetSystemDefaultLocaleName
GetOverlappedResult
ReadFile
GetCommandLineW
GetCPInfo
FlsGetValue
IsProcessorFeaturePresent
CancelSynchronousIo
FindActCtxSectionStringW
SetHandleInformation
CopyFileExW
Process32FirstW
GetCurrentThread
[+] MPRAPI.dll
MprConfigServerConnect
[+] NETAPI32.dll
NetGroupAdd
NetApiBufferSize
NetLocalGroupAddMember
NetGetDCName
[+] OLEAUT32.dll
VarBoolFromDate
VarCyFromI4
LHashValOfNameSys
VarR8FromI4
VarDateFromCy
[+] RPCRT4.dll
RpcStringBindingComposeA
RpcEpUnregister
RpcMgmtEnableIdleCleanup
RpcMgmtIsServerListening
NdrPointerMarshall
[+] SETUPAPI.dll
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsA
SetupDiClassNameFromGuidExA
SetupDiGetClassImageIndex
CM_Disable_DevNode
SetupDiChangeState
[+] SHELL32.dll
SHParseDisplayName
[+] SHLWAPI.dll
StrNCatW
StrDupA
[+] Secur32.dll
AcceptSecurityContext
[+] USER32.dll
SetDlgItemInt
IsCharAlphaW
SendInput
GetClassInfoExW
GrayStringW
GetMenuItemCount
GetInputState
GetDlgItemTextA
InSendMessage
GetMouseMovePointsEx
DlgDirSelectExW
GetDialogBaseUnits
GetClipboardOwner
GetKeyNameTextA
ToAsciiEx
MonitorFromWindow
DefDlgProcW
EnumDisplayDevicesA
IsDialogMessageA
[+] WINMM.dll
waveInGetPosition
waveOutUnprepareHeader
mmioAscend
[+] WINTRUST.dll
WTHelperGetProvCertFromChain
[+] WinSCard.dll
SCardStatusW
[+] mscms.dll
DisassociateColorProfileFromDeviceW
[+] msvcrt.dll
ungetc
calloc
strcspn
[+] ole32.dll
HPALETTE_UserSize
STGMEDIUM_UserSize
OleNoteObjectVisible
[+] urlmon.dll
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_STRING 46
RT_VERSION 1
Number of PE resources by language
ENGLISH US 47
PE resources
ExifTool file metadata
WZZIPEXE
18,999

LegalTrademarks
WinZip is a registered trademark of WinZip Computing, Inc

ProductVersion
9.0 (6028)

WZUNZIPEXE
18,999

Comments
StringFileInfo: U.S. English

InitializedDataSize
167936

ImageVersion
0.0

ProductName
WinZip

FileVersionNumber
18.0.6028.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

WZSEPE32EXE
5,999

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
WZ32.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

WZOUFOCOEXE
18,999

FileVersion
18.0 (32-bit)

TimeStamp
2019:01:04 10:01:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WZ32.DLL

SubsystemVersion
6.0

WZCLINEDLL
18,999

FileDescription
WinZip DLL

OSVersion
6.0

WZOUTLOKDLL
18,999

FileOS
Win32

LegalCopyright
Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
WinZip Computing, Inc.

CodeSize
24576

FileSubtype
0

ProductVersionNumber
9.0.0.0

WZIPSE32EXE
5,999

WINZIP32EXE
18,999

EntryPoint
0x5f70

ObjectFileType
Dynamic link library

WZEUDORADLL
18,999

WZZPMAILDLL
18,999

File identification
MD5 4417eb052f756f28aaf81e685a391f6f
SHA1 054246fcc39edfc860fe8e03ebafe32a79e6c864
SHA256 61ae8b50fb3242829edc81dd82534ad8b4027a9c6ab368c285b7562e38d2b7f2
ssdeep
3072:dSZFsSLksWWF/Ll+/adoT517fvx7jMvCTVR0GsR7BJUaEfWP2YOwDx6USZvCaV80:OFFLksWuTl+jXd7JsE9

authentihash b63074e8d2cb9e6e6cee65f7fcbeae8c3be034177ab4183435cbc187109c9397
imphash 9cd6576e20db268a5bcd1c878709178d
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-04 01:04:31 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-04 01:04:31 UTC ( 1 month, 2 weeks ago )
File names eFbrSbYXE52PLRjU.exe
WZ32.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy