× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65fc7f0a79d3052e4919f29f22e9eb977d6a5be74db4f9db54baaf112859977d
File name: AWjI.exe
Detection ratio: 21 / 68
Analysis date: 2018-08-15 23:25:32 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180815
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180815
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180815
Endgame malicious (high confidence) 20180730
Fortinet W32/Kryptik.GJSS!tr 20180815
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 004e08351 ) 20180815
K7GW Trojan ( 004e08351 ) 20180815
Kaspersky UDS:DangerousObject.Multi.Generic 20180815
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180815
Microsoft Trojan:Win32/Emotet.AC!bit 20180815
Palo Alto Networks (Known Signatures) generic.ml 20180815
Qihoo-360 HEUR/QVM20.1.3465.Malware.Gen 20180815
Rising Trojan.Cloxer!8.F54F (CLOUD) 20180815
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-MK 20180816
Symantec ML.Attribute.HighConfidence 20180816
VBA32 BScope.TrojanBanker.Emotet 20180815
Webroot W32.Trojan.Emotet 20180815
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180815
Ad-Aware 20180815
AegisLab 20180815
AhnLab-V3 20180815
Alibaba 20180713
ALYac 20180815
Antiy-AVL 20180815
Arcabit 20180815
Avast 20180815
Avast-Mobile 20180815
Avira (no cloud) 20180815
AVware 20180815
Babable 20180725
BitDefender 20180815
Bkav 20180815
CAT-QuickHeal 20180814
ClamAV 20180815
CMC 20180812
Comodo 20180815
Cybereason 20180225
Cyren 20180815
DrWeb 20180815
eGambit 20180815
Emsisoft 20180815
ESET-NOD32 20180815
F-Prot 20180815
F-Secure 20180815
GData 20180815
Ikarus 20180815
Jiangmin 20180815
Kingsoft 20180815
Malwarebytes 20180815
MAX 20180815
McAfee 20180815
eScan 20180815
NANO-Antivirus 20180815
Panda 20180815
SUPERAntiSpyware 20180815
Symantec Mobile Insight 20180814
TACHYON 20180815
Tencent 20180815
TheHacker 20180815
TotalDefense 20180815
TrendMicro 20180815
TrendMicro-HouseCall 20180815
Trustlook 20180815
VIPRE 20180816
ViRobot 20180815
Yandex 20180815
Zillya 20180815
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hrelklewlkhr.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-15 19:01:49
Entry Point 0x00022D37
Number of sections 5
PE sections
PE imports
IsValidSid
RegDeleteValueW
GetSecurityDescriptorControl
IsWellKnownSid
CreateWellKnownSid
CM_Get_DevNode_Custom_PropertyW
CM_Open_DevNode_Key
ImageList_Create
PrintDlgExW
CertDuplicateCRLContext
CryptSIPRemoveSignedDataMsg
CryptInstallOIDFunctionAddress
CryptSignAndEncodeCertificate
CertSetEnhancedKeyUsage
GetMetaFileBitsEx
GetArcDirection
CopyMetaFileW
ScaleWindowExtEx
UnrealizeObject
GetDIBits
Ellipse
ImmDestroyContext
SetFileAttributesA
GetModuleHandleA
FindAtomW
GetTimeZoneInformation
EraseTape
GetNamedPipeInfo
DeleteFiber
GetCurrentDirectoryA
GetTempPathW
FlsGetValue
GetStringTypeExA
FlsFree
SleepEx
DsGetDomainControllerInfoW
VarUI1FromStr
RasSetAutodialParamA
RasGetSubEntryPropertiesA
NdrCorrelationInitialize
I_RpcMapWin32Status
SetupDiCancelDriverInfoSearch
SetupDiGetDeviceRegistryPropertyW
DuplicateIcon
SHGetFolderPathA
SHAppBarMessage
DragFinish
PathFindSuffixArrayW
SHDeleteValueA
GetWindowThreadProcessId
wsprintfA
GetClassNameW
SendMessageW
DeferWindowPos
DlgDirSelectComboBoxExW
ScrollWindow
MonitorFromWindow
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersW
CryptCATAdminReleaseContext
SCardIntroduceCardTypeA
strncmp
CoWaitForMultipleHandles
RevokeBindStatusCallback
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
28160

EntryPoint
0x22d37

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:08:15 20:01:49+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Win32

LegalCopyright
hrelklewlkhr.

MachineType
Intel 386 or later, and compatibles

CodeSize
148992

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dfac83c179bbcefa8f526babb8d257c6
SHA1 14ead4b2c0886f2593cd0b5636c700e7043a9ad4
SHA256 65fc7f0a79d3052e4919f29f22e9eb977d6a5be74db4f9db54baaf112859977d
ssdeep
1536:/A8wN9lbA6UCBajs5TDFh6W7UU8WHZmDfZqLZ8iZGaALjSKyvwoRaodG/FUvbdlB:Lg7dbMj6DlUMHQhEsVp6G9Gd/ZQE1b9

authentihash 236a66e193536daf46d04d5a5638902c2b7c5e76c11e2718f33f4764083e6576
imphash 5f242fa8db9d2d99901fa55823ebf5b3
File size 174.0 KB ( 178176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-15 19:22:57 UTC ( 6 months, 1 week ago )
Last submission 2018-09-06 21:49:00 UTC ( 5 months, 2 weeks ago )
File names 35710296.exe
31898.exe
31898.exe
AWjI.exe
29288224.exe
463.exe
23128280.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!