× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c5fa9b58d2e3bfaad7963129fb2958bdd3aef5f110b54bd815bb8bd8ea07215
File name: 14936448.exe
Detection ratio: 17 / 68
Analysis date: 2017-12-14 12:42:26 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171214
AVG FileRepMalware 20171214
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171212
Comodo Heur.Packed.Unknown 20171214
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171214
eGambit Unsafe.AI_Score_100% 20171214
Endgame malicious (high confidence) 20171130
Fortinet W32/Kryptik.FZXX!tr 20171214
Sophos ML heuristic 20170914
Malwarebytes Trojan.Emotet 20171214
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20171214
Palo Alto Networks (Known Signatures) generic.ml 20171214
Qihoo-360 HEUR/QVM20.1.D701.Malware.Gen 20171214
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171214
Webroot W32.Trojan.Emotet 20171214
Ad-Aware 20171214
AegisLab 20171214
AhnLab-V3 20171214
Alibaba 20171214
ALYac 20171214
Antiy-AVL 20171214
Arcabit 20171214
Avast-Mobile 20171214
Avira (no cloud) 20171214
AVware 20171214
BitDefender 20171214
Bkav 20171214
CAT-QuickHeal 20171214
ClamAV 20171214
CMC 20171214
Cybereason 20171103
Cyren 20171214
DrWeb 20171214
Emsisoft 20171214
ESET-NOD32 20171214
F-Prot 20171214
F-Secure 20171214
GData 20171214
Ikarus 20171214
Jiangmin 20171214
K7AntiVirus 20171214
K7GW 20171214
Kaspersky 20171214
Kingsoft 20171214
MAX 20171214
McAfee 20171214
Microsoft 20171214
eScan 20171214
NANO-Antivirus 20171214
nProtect 20171214
Panda 20171213
Rising 20171214
SUPERAntiSpyware 20171214
Symantec 20171214
Symantec Mobile Insight 20171213
Tencent 20171214
TheHacker 20171210
TotalDefense 20171214
TrendMicro 20171214
TrendMicro-HouseCall 20171214
Trustlook 20171214
VBA32 20171214
VIPRE 20171214
ViRobot 20171214
WhiteArmor 20171204
Yandex 20171212
Zillya 20171213
ZoneAlarm by Check Point 20171214
Zoner 20171214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operat
Original name ffaa
Internal name ffaa
File version 6.1.7600.1342(win7_rtm.090713-1255
Description Sami Extende
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-14 21:02:08
Entry Point 0x00001740
Number of sections 4
PE sections
PE imports
EnumServicesStatusW
CryptEncodeObject
SetBoundsRect
DeleteEnhMetaFile
CreateSymbolicLinkA
FreeLibrary
GetLastError
WriteProfileSectionA
EnumSystemLocalesA
RaiseException
LocalAlloc
LocalFree
InterlockedExchange
GetProcAddress
FlsFree
LoadLibraryA
DsGetDcNameW
SetupDiGetClassDevsExW
SHDeleteKeyW
midiStreamRestart
midiInUnprepareHeader
auxGetNumDevs
FreePrinterNotifyInfo
GetPrinterDriverDirectoryA
CryptCATPutMemberInfo
inet_addr
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
1.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sami Extende

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
102400

EntryPoint
0x1740

OriginalFileName
ffaa

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7600.1342(win7_rtm.090713-1255

TimeStamp
2017:12:14 22:02:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ffaa

ProductVersion
6.1.7600.1342

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corporati Microsoft

CodeSize
4294967295

ProductName
Microsoft Windows Operat

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 94725c2932f10e95831e537055afea74
SHA1 b63670cf721736ba105937c41d8e3447892ec828
SHA256 6c5fa9b58d2e3bfaad7963129fb2958bdd3aef5f110b54bd815bb8bd8ea07215
ssdeep
1536:XkKbR2F0e6fBaco9tYUnPgm8K5nXqfMnbB+qEsWmtByrL1mu6f:X5AUfB4nHh6fKhQgu6

authentihash 6dece7661ebb7f2ec1956af1aeebf1b9a663238cf0b7777298523ebbec318346
imphash 91831d9a84158d7bf3ebde995c3e081c
File size 119.0 KB ( 121856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-14 12:42:26 UTC ( 1 year ago )
Last submission 2018-05-11 17:38:55 UTC ( 7 months ago )
File names 92206.exe
comaudio.exe
7770.exe
1002-b63670cf721736ba105937c41d8e3447892ec828
3181.exe
2517.exe
13691264.exe
comaudio.exe
gdiprovider.exe
58826.exe
29944280.exe
ffaa
14936448.exe
26601944.exe
39312.exe
25881048.exe
94725c2932f10e95831e537055afea74.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!