× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6920d270522de5c636544b37389858ea6419ffbca929506bbc9c269bbfabd260
File name: b27ec1473d428530d53bb4d2bb91d176.virus
Detection ratio: 26 / 57
Analysis date: 2016-05-19 09:15:30 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.56396 20160519
ALYac Gen:Variant.Razy.56396 20160519
Arcabit Trojan.Razy.DDC4C 20160519
Avast Win32:Malware-gen 20160519
AVG Generic37.BRKF 20160519
Avira (no cloud) TR/Crypt.Xpack.wkkw 20160519
AVware Trojan.Win32.Generic!BT 20160519
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160519
BitDefender Gen:Variant.Razy.56396 20160519
Emsisoft Gen:Variant.Razy.56396 (B) 20160519
ESET-NOD32 a variant of Win32/Kryptik.EXNO 20160519
F-Secure Gen:Variant.Razy.56396 20160519
GData Gen:Variant.Razy.56396 20160519
K7AntiVirus Trojan ( 004ef90b1 ) 20160519
K7GW Trojan ( 004ef90b1 ) 20160519
Kaspersky Trojan.Win32.Yakes.prva 20160519
Malwarebytes Trojan.Dridex 20160519
McAfee Artemis!B27EC1473D42 20160519
McAfee-GW-Edition BehavesLike.Win32.Pate.dm 20160519
eScan Gen:Variant.Razy.56396 20160519
Panda Trj/Genetic.gen 20160518
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160519
Rising Malware.Generic!L7q74j6Q6zN@2 (Thunder) 20160519
Sophos AV Mal/Generic-S 20160519
Tencent Win32.Trojan.Yakes.Pdvy 20160519
VIPRE Trojan.Win32.Generic!BT 20160519
AegisLab 20160519
AhnLab-V3 20160519
Alibaba 20160516
Antiy-AVL 20160519
Baidu-International 20160519
Bkav 20160518
CAT-QuickHeal 20160518
ClamAV 20160519
CMC 20160516
Comodo 20160519
Cyren 20160519
DrWeb 20160519
F-Prot 20160519
Fortinet 20160519
Ikarus 20160519
Jiangmin 20160519
Kingsoft 20160519
Microsoft 20160518
NANO-Antivirus 20160519
nProtect 20160518
SUPERAntiSpyware 20160519
Symantec 20160519
TheHacker 20160519
TotalDefense 20160519
TrendMicro 20160519
TrendMicro-HouseCall 20160519
VBA32 20160518
ViRobot 20160519
Yandex 20160518
Zillya 20160518
Zoner 20160519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009 KONICA MINOLTA, INC.

Product KMWOW64 ????????
Original name KMWOW64.exe
Internal name KMWOW64
File version 1, 2, 0, 0
Description KMWOW64 ????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-06-11 22:04:04
Entry Point 0x0000105A
Number of sections 17
PE sections
PE imports
ImmEnumRegisterWordA
CallNamedPipeW
GetTapeParameters
GetLastError
FormatMessageW
FreeConsole
GetCPInfoExW
LocalAlloc
LocalFree
SetConsoleWindowInfo
InterlockedExchange
GetTickCount
GetFileType
OpenMutexW
GetProcessVersion
LoadLibraryA
GetProcAddress
AddAtomW
FreeLibrary
RaiseException
ChooseColorW
GetClassURL
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
JAPANESE DEFAULT 20
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
KMWOW64

FileVersionNumber
1.1.0.0

LanguageCode
Japanese

FileFlagsMask
0x0017

FileDescription
KMWOW64

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
KMWOW64.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1, 2, 0, 0

TimeStamp
1990:06:11 23:04:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KMWOW64

ProductVersion
1, 1, 0, 0

SubsystemVersion
4.0

OSVersion
2.1

FileOS
Win32

LegalCopyright
Copyright (C) 2009 KONICA MINOLTA, INC.

MachineType
Intel 386 or later, and compatibles

CompanyName
KONICA MINOLTA, INC.

CodeSize
52736

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x105a

ObjectFileType
Executable application

File identification
MD5 b27ec1473d428530d53bb4d2bb91d176
SHA1 0be5ed2096c6c56729ec7fa0ce371d666a5fcd11
SHA256 6920d270522de5c636544b37389858ea6419ffbca929506bbc9c269bbfabd260
ssdeep
3072:TKMGm4PNQgYxgv3viVOd9u5St6AXq6YwCq03lyOh:mmbgYxuKVCIe5qUY8O

authentihash 282e5a48742f0b3136e9ca6142a40d30ad6e24f6674d5c79e9098d5af5beff86
imphash 3e41a67f8ccbf6926c3db7cba65278e3
File size 259.0 KB ( 265216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-19 09:15:30 UTC ( 2 years, 9 months ago )
Last submission 2016-05-19 09:15:30 UTC ( 2 years, 9 months ago )
File names KMWOW64
KMWOW64.exe
b27ec1473d428530d53bb4d2bb91d176.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications