× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6963ac05b3c095171fed21c9ea29e1dd9c6d44632b1654f5601f6d8bd86a52f2
File name: EncodingAppointment.exe
Detection ratio: 17 / 64
Analysis date: 2018-03-14 12:00:40 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20180314
AVG FileRepMetagen [Malware] 20180314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180314
Bkav HW32.Packed.BBB4 20180314
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cylance Unsafe 20180314
eGambit Unsafe.AI_Score_97% 20180314
Endgame malicious (high confidence) 20180308
Fortinet W32/Kryptik.GDRZ!tr 20180314
Kaspersky UDS:DangerousObject.Multi.Generic 20180314
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Qihoo-360 HEUR/QVM20.1.D0E5.Malware.Gen 20180314
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180314
Webroot W32.Trojan.Emotet 20180314
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180314
Ad-Aware 20180314
AegisLab 20180314
AhnLab-V3 20180314
Alibaba 20180314
ALYac 20180314
Antiy-AVL 20180314
Arcabit 20180314
Avast-Mobile 20180313
Avira (no cloud) 20180314
AVware 20180314
BitDefender 20180314
CAT-QuickHeal 20180314
ClamAV 20180314
CMC 20180314
Comodo 20180314
Cybereason None
Cyren 20180314
DrWeb 20180314
Emsisoft 20180314
ESET-NOD32 20180314
F-Prot 20180314
F-Secure 20180314
GData 20180314
Ikarus 20180314
Sophos ML 20180121
Jiangmin 20180314
K7AntiVirus 20180314
K7GW 20180314
Kingsoft 20180314
Malwarebytes 20180314
MAX 20180314
McAfee 20180314
Microsoft 20180314
eScan 20180314
NANO-Antivirus 20180314
nProtect 20180314
Panda 20180313
Rising 20180314
SUPERAntiSpyware 20180314
Symantec 20180314
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
Trustlook 20180314
VBA32 20180314
VIPRE 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-14 11:20:49
Entry Point 0x00005000
Number of sections 6
PE sections
PE imports
AddAuditAccessAceEx
SetWindowExtEx
AddFontResourceExW
GetNearestColor
OffsetClipRgn
SetThreadLocale
GetCommModemStatus
GetCurrentProcess
CreateEventW
GetConsoleOutputCP
SetCommState
SetEvent
GlobalFlags
GetNLSVersionEx
LocalHandle
CloseHandle
GetThreadUILanguage
GetEnvironmentStringsW
GetCurrentThreadId
WaitForMultipleObjects
GetStringTypeW
GetVersion
ResetEvent
SafeArrayAllocDescriptor
BSTR_UserFree
VarUI4FromUI8
SetupDiGetSelectedDevice
ChrCmpIW
DdeAbandonTransaction
GetDCEx
CreatePopupMenu
SetPropA
GetInputState
IsWindowEnabled
CreateCaret
GetClipboardOwner
GetShellWindow
GetWindowContextHelpId
GetClipboardSequenceNumber
CheckDlgButton
SetScrollInfo
InvalidateRect
waveInStop
SetPrinterDataExW
SCardGetStatusChangeW
ReadFmtUserTypeStg
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_BITMAP 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:14 12:20:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
13.5

EntryPoint
0x5000

InitializedDataSize
121856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 006d470858c609c9e93d90a80af01e89
SHA1 6667fd0c51fe78f5f62225d4d13097c4fa753bf4
SHA256 6963ac05b3c095171fed21c9ea29e1dd9c6d44632b1654f5601f6d8bd86a52f2
ssdeep
3072:F/KOeZkMcvJqD4XwZtKUqq0deBu0SpeiFBh6/:VVeWtItK00d9rh6

authentihash 317151e09dff48587bfe1775fdf5ebdfe66968ed4b1705023b554bee8e3950c4
imphash d76d7e27646968ac972247c1faebf8d8
File size 131.0 KB ( 134144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-14 11:29:34 UTC ( 3 months, 1 week ago )
Last submission 2018-03-15 20:56:22 UTC ( 3 months, 1 week ago )
File names EncodingAppointment.exe
80143.exe
2827.exe
1107.exe
00890.exe
26600552.exe
21686216.exe
0159.exe
59303624.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!