× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ae250f40610a71f578a2c55ed42636844bb571f498226ee8cc328cb0551b136
File name: wouegbspv.exe
Detection ratio: 42 / 67
Analysis date: 2018-10-27 06:37:38 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.23134690 20181027
AhnLab-V3 Trojan/Win32.Vigorf.R239811 20181027
ALYac Trojan.Generic.23134690 20181027
Antiy-AVL Trojan/Win32.Zenpak 20181026
Arcabit Trojan.Generic.D16101E2 20181027
Avast Win32:MalwareX-gen [Trj] 20181027
AVG Win32:MalwareX-gen [Trj] 20181027
BitDefender Trojan.Generic.23134690 20181027
Bkav W32.eHeur.Malware10 20181025
CAT-QuickHeal Trojan.IGENERIC 20181026
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181027
Cyren W32/Trojan.DXPC-1854 20181027
DrWeb Trojan.PWS.Stealer.24943 20181027
Emsisoft Trojan.Generic.23134690 (B) 20181027
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLXJ 20181026
F-Secure Trojan.Generic.23134690 20181027
Fortinet W32/GenKryptik.COMS!tr 20181027
GData Trojan.Generic.23134690 20181027
Ikarus Trojan.Win32.Krypt 20181026
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20181025
Kaspersky Trojan.Win32.Zenpak.md 20181027
Malwarebytes Trojan.MalPack 20181027
MAX malware (ai score=88) 20181027
McAfee RDN/Generic.grp 20181027
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20181027
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181027
eScan Trojan.Generic.23134690 20181027
NANO-Antivirus Trojan.Win32.Zenpak.fjmifu 20181027
Palo Alto Networks (Known Signatures) generic.ml 20181027
Panda Trj/GdSda.A 20181026
Qihoo-360 HEUR/QVM10.2.A3A9.Malware.Gen 20181027
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181027
Sophos AV Mal/Generic-S 20181027
Symantec Trojan.Gen.2 20181026
Tencent Win32.Trojan.Zenpak.Tclt 20181027
TrendMicro TROJ_GEN.R011C0PJM18 20181027
TrendMicro-HouseCall TROJ_GEN.R011C0PJM18 20181027
VBA32 BScope.Trojan.Vigorf 20181026
ZoneAlarm by Check Point Trojan.Win32.Zenpak.md 20181027
AegisLab 20181101
Alibaba 20180921
Avast-Mobile 20181027
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
ClamAV 20181026
CMC 20181026
Cybereason 20180225
eGambit 20181027
F-Prot 20181027
Jiangmin 20181027
K7AntiVirus 20181026
Kingsoft 20181027
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181027
TheHacker 20181025
TotalDefense 20181027
Trustlook 20181027
ViRobot 20181026
Webroot 20181027
Yandex 20181026
Zillya 20181026
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name wouegbspv.exe
File version 1.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-21 16:27:57
Entry Point 0x00006D83
Number of sections 4
PE sections
PE imports
GetLastError
TlsGetValue
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
SetFileApisToANSI
GetEnvironmentStringsW
LoadLibraryA
SetConsoleOutputCP
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetLocaleInfoW
CompareStringW
RaiseException
GetFirmwareEnvironmentVariableW
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetConsoleSelectionInfo
WriteProfileSectionA
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
FindAtomA
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 8
RT_STRING 8
RT_BITMAP 4
RT_GROUP_CURSOR 1
PUMOJUHOGORUNUFIGU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_GROUP_ICON 1
RT_VERSION 1
NOBEMITOKUWACITIXAHALUXULUGE 1
Number of PE resources by language
THAI DEFAULT 27
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
75776

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.1

TimeStamp
2018:02:21 17:27:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wouegbspv.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
142336

FileSubtype
0

ProductVersionNumber
7.32.568.0

EntryPoint
0x6d83

ObjectFileType
Executable application

File identification
MD5 ccc196bdced459a53f549f9ce0e2071e
SHA1 3895a2e4707ca81d64c582962ba01b457944ecc0
SHA256 6ae250f40610a71f578a2c55ed42636844bb571f498226ee8cc328cb0551b136
ssdeep
3072:ZkVCaT6vJhBr/fW2EzitJrLEYcXsuV8HRe5qYLWW9wSgp/oaDsQaeT:eVCaWJhBbW2EerLEYcXs/H75dUeT

authentihash ebc8fbfef5d67894b5877a4630d20eeb6dfde7d7cae30222e29748af4f6da7f0
imphash b9498a1b40d1aa7bad0640ab47d00e2d
File size 210.0 KB ( 215040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-20 02:06:32 UTC ( 1 month, 3 weeks ago )
Last submission 2018-10-20 02:06:32 UTC ( 1 month, 3 weeks ago )
File names wouegbspv.exe
dttcodexgigas.3895a2e4707ca81d64c582962ba01b457944ecc0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections