× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69593e53a7bf372e13e8bd2064ea2a79f0092de4c5080e01f16123f936220304
File name: 976732eb38e7a764fd8345e91b81f67b
Detection ratio: 51 / 66
Analysis date: 2018-07-29 17:49:51 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31083557 20180729
AegisLab Packer.Generic!c 20180729
AhnLab-V3 Trojan/Win32.Emotet.R231768 20180729
ALYac Trojan.GenericKD.31083557 20180729
Arcabit Trojan.Generic.D1DA4C25 20180729
Avast Win32:GenX 20180729
AVG Win32:GenX 20180729
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180726
BitDefender Trojan.GenericKD.31083557 20180729
Bkav HW32.Packed.2A1F 20180728
CAT-QuickHeal Trojan.Emotet.X4 20180728
ClamAV Win.Trojan.Agent-6608838-0 20180729
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180729
Cyren W32/S-0ee42fcb!Eldorado 20180729
DrWeb Trojan.EmotetENT.256 20180729
Emsisoft Trojan.Agent (A) 20180729
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GISY 20180729
F-Prot W32/S-0ee42fcb!Eldorado 20180729
F-Secure Trojan.GenericKD.31083557 20180729
Fortinet W32/Kryptik.GISY!tr 20180729
GData Win32.Trojan-Spy.Emotet.SD 20180729
Ikarus Trojan.Win32.Crypt 20180729
Sophos ML heuristic 20180717
Jiangmin Trojan.Dovs.fic 20180729
K7AntiVirus Trojan ( 005377e41 ) 20180727
K7GW Trojan ( 005377e41 ) 20180729
Kaspersky Trojan.Win32.Dovs.pfz 20180729
Malwarebytes Trojan.MalPack.VB 20180729
MAX malware (ai score=95) 20180729
McAfee Emotet-FHR!976732EB38E7 20180729
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180729
Microsoft Trojan:Win32/Emotet.AC!bit 20180729
eScan Trojan.GenericKD.31083557 20180729
NANO-Antivirus Trojan.Win32.Dovs.ffjxvq 20180729
Palo Alto Networks (Known Signatures) generic.ml 20180729
Panda Trj/GdSda.A 20180729
Qihoo-360 HEUR/QVM20.1.9654.Malware.Gen 20180729
Rising Trojan.Kryptik!8.8 (CLOUD) 20180729
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANY 20180729
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180729
Symantec Packed.Generic.517 20180729
TrendMicro TROJ_GEN.R03FC0DGD18 20180729
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMG.hp 20180729
VBA32 BScope.TrojanBanker.Emotet 20180727
VIPRE Trojan.Win32.Generic!BT 20180729
Webroot W32.Trojan.Emotet 20180729
ZoneAlarm by Check Point Trojan.Win32.Dovs.pfz 20180729
Alibaba 20180713
Antiy-AVL 20180729
Avast-Mobile 20180729
Avira (no cloud) 20180729
CMC 20180729
Comodo 20180729
eGambit 20180729
Kingsoft 20180729
TACHYON 20180729
Tencent 20180729
TheHacker 20180727
TotalDefense 20180729
Trustlook 20180729
ViRobot 20180729
Yandex 20180725
Zillya 20180727
Zoner 20180728
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© wfw fwfw. f wfw f

Product fwfw f
Original name wfw.fwf
Internal name sfwfw
File version 10.00.9600.16428 (winblue_gdr.131013
Description dfew fw plugin image d
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-11 21:02:46
Entry Point 0x000118A2
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
CryptDecrypt
CryptHashSessionKey
CryptDecodeObjectEx
JetRetrieveKey
JetMakeKey
GetThreadId
GetBinaryTypeA
VarCyCmp
RasRenameEntryA
DdeDisconnectList
ShowCursor
GetClipboardOwner
IsCharAlphaNumericW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
API Tracing Manifest Read Library

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x118a2

OriginalFileName
amxread.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:07:11 22:02:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
amxread.dll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
72192

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 976732eb38e7a764fd8345e91b81f67b
SHA1 9808647610b1abf308f223a9bffa4a8059cfb96d
SHA256 69593e53a7bf372e13e8bd2064ea2a79f0092de4c5080e01f16123f936220304
ssdeep
1536:Tdqz4tuCELf6S9IQcOku7NmT/PsgfgdCfUz8IyNxz:Zqz4trUhDcOiAgXfzIyNxz

authentihash c6328a0458768f49b10f2d6128c15088ff5ff33e75673c6082bae36af3e3b850
imphash cb25f3609bb92d1527c24940b18b877f
File size 87.5 KB ( 89600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 21:05:46 UTC ( 7 months, 1 week ago )
Last submission 2018-07-19 09:41:06 UTC ( 7 months ago )
File names sfwfw
1.exe
wfw.fwf
OZpteeqVHn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!