× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c77271a34317ba0668896d91045553be2235a894b2ab191cf8f9e4310a0df6a
File name: nDk8KE6IqEzRrdjEE.exe
Detection ratio: 45 / 67
Analysis date: 2018-08-09 06:13:50 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40369878 20180809
AhnLab-V3 Trojan/Win32.Emotet.R233552 20180809
ALYac Trojan.Agent.Emotet 20180809
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180809
Arcabit Trojan.Generic.D267FED6 20180809
Avast Win32:GenX-Banker 20180809
AVG Win32:GenX-Banker 20180809
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20180809
BitDefender Trojan.GenericKD.40369878 20180809
Bkav HW32.Packed.389D 20180807
Comodo UnclassifiedMalware 20180809
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.0174fa 20180225
Cylance Unsafe 20180809
Cyren W32/Trojan.CSPA-5953 20180809
DrWeb Trojan.EmotetENT.260 20180809
Emsisoft Trojan.GenericKD.40369878 (B) 20180809
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJQT 20180809
F-Secure Trojan.GenericKD.40369878 20180809
Fortinet W32/GenKryptik.CHFZ!tr 20180809
GData Trojan.GenericKD.40369878 20180809
Ikarus Trojan.Win32.Krypt 20180808
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20180809
K7GW Riskware ( 0040eff71 ) 20180809
Kaspersky Trojan-Banker.Win32.Emotet.bafn 20180809
Malwarebytes Spyware.Emotet.Generic 20180809
MAX malware (ai score=100) 20180809
McAfee Generic.dwx 20180809
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180809
Microsoft Trojan:Win32/Emotet.AC!bit 20180809
eScan Trojan.GenericKD.40369878 20180809
Palo Alto Networks (Known Signatures) generic.ml 20180809
Panda Trj/Genetic.gen 20180808
Qihoo-360 HEUR/QVM20.1.F9DB.Malware.Gen 20180809
Rising Trojan.Emotet!8.B95 (CLOUD) 20180809
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANY 20180809
Symantec Packed.Generic.517 20180809
TrendMicro TSPY_EMOTET.THHOFAH 20180809
TrendMicro-HouseCall TSPY_EMOTET.THHOFAH 20180809
VIPRE Trojan.Win32.Generic!BT 20180809
Webroot W32.Trojan.Emotet 20180809
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bafn 20180809
AegisLab 20180809
Alibaba 20180713
Avast-Mobile 20180809
Avira (no cloud) 20180809
AVware 20180727
CAT-QuickHeal 20180807
ClamAV 20180809
CMC 20180809
eGambit 20180809
F-Prot 20180809
Jiangmin 20180809
Kingsoft 20180809
NANO-Antivirus 20180809
SUPERAntiSpyware 20180809
Symantec Mobile Insight 20180809
TACHYON 20180809
Tencent 20180809
TheHacker 20180807
TotalDefense 20180809
Trustlook 20180809
VBA32 20180808
ViRobot 20180809
Yandex 20180808
Zillya 20180808
Zoner 20180808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name UXINIT.DLL
Internal name UXINIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows User Experience Session Initialization Dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001C417
Number of sections 6
PE sections
PE imports
CreateTimerQueue
lstrlenA
FlsFree
FlsGetValue
GetModuleHandleA
RasSetAutodialParamA
RpcBindingFromStringBindingA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows User Experience Session Initialization Dll

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
8704

EntryPoint
0x1c417

OriginalFileName
UXINIT.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UXINIT

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
115712

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 12dbb3dcf7c935c7659e6e13ce750129
SHA1 23c2a1c0174fa4f608cb6bcd2cfa2f853f5c9808
SHA256 6c77271a34317ba0668896d91045553be2235a894b2ab191cf8f9e4310a0df6a
ssdeep
1536:Q7SFHk4kcM3D1jF4a1V8BW4no70wAnZMfy4SVBk/84SFqxSRKyWlPWk19:+mA991aBvsCUoBI8SUR+f19

authentihash 20e976ea198038d3042dd921e75ad3476b4c6bdab53a0d170891f4b03ded0739
imphash 78b3fceb84c2c1f622db8a25bab906c2
File size 118.0 KB ( 120832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-05 11:35:53 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-12 18:01:25 UTC ( 6 months, 1 week ago )
File names UXINIT.DLL
nDk8KE6IqEzRrdjEE.exe
UXINIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!