× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d02389ea22b2d8c31a7d09658cc7c8fffa577bfe3316dc8f3ca98390d40bcac
File name: UNITYCHUNK.EXE
Detection ratio: 36 / 66
Analysis date: 2018-09-07 06:09:03 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31193920 20180907
AhnLab-V3 Trojan/Win32.Emotet.R236372 20180906
Avast Win32:Trojan-gen 20180907
AVG Win32:Trojan-gen 20180907
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180906
BitDefender Trojan.GenericKD.31193920 20180907
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180907
Cyren W32/Trojan.FHCW-7106 20180907
Emsisoft Trojan.Emotet (A) 20180907
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKFT 20180907
F-Secure Trojan.GenericKD.31193920 20180907
Fortinet Malicious_Behavior.SB 20180907
GData Trojan.GenericKD.31193920 20180907
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053bb451 ) 20180906
K7GW Trojan ( 0053bb451 ) 20180907
Kaspersky Trojan-Banker.Win32.Emotet.bcnc 20180907
Malwarebytes Backdoor.Bot 20180907
McAfee RDN/Generic.grp 20180907
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hm 20180907
Microsoft Trojan:Win32/Emotet!rfn 20180907
eScan Trojan.GenericKD.31193920 20180907
Palo Alto Networks (Known Signatures) generic.ml 20180907
Panda Trj/Emotet.C 20180906
Qihoo-360 HEUR/QVM20.1.A633.Malware.Gen 20180907
Rising Trojan.Emotet!8.B95 (CLOUD) 20180907
Sophos AV Mal/EncPk-ANY 20180907
Symantec Trojan.Emotet 20180906
Tencent Win32.Trojan-banker.Emotet.Akpn 20180907
TrendMicro TROJ_GEN.USI518 20180907
TrendMicro-HouseCall TROJ_GEN.USI518 20180907
ViRobot Trojan.Win32.Z.Agent.534016.HR 20180906
Webroot W32.Malware.Gen 20180907
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bcnc 20180907
AegisLab 20180907
Alibaba 20180713
Antiy-AVL 20180906
Arcabit 20180907
Avast-Mobile 20180907
Avira (no cloud) 20180906
AVware 20180907
Babable 20180902
Bkav 20180906
CAT-QuickHeal 20180906
ClamAV 20180907
CMC 20180906
Comodo 20180905
Cybereason 20180225
DrWeb 20180907
eGambit 20180907
F-Prot 20180907
Jiangmin 20180907
Kingsoft 20180907
MAX 20180907
NANO-Antivirus 20180907
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180907
TheHacker 20180907
TotalDefense 20180907
Trustlook 20180907
VBA32 20180906
VIPRE 20180907
Yandex 20180906
Zillya 20180906
Zoner 20180906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Windows Installer - Unicode
Original name mcbuilder.exe
Internal name msisip
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Resource cache builder tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-05 01:00:17
Entry Point 0x00023C0B
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
LookupPrivilegeDisplayNameW
GetSecurityDescriptorDacl
EqualDomainSid
LookupPrivilegeDisplayNameA
LookupAccountSidA
GetCurrentHwProfileW
DeleteAce
GetClusterFromResource
GetDeviceCaps
ExtTextOutW
GetCharWidthFloatA
GetTextExtentPointA
GetSystemPaletteUse
GetPath
GetPaletteEntries
GetTextCharset
GetStdHandle
GetOverlappedResult
GetConsoleCursorInfo
GetProcessTimes
FlushFileBuffers
GetModuleFileNameA
GetConsoleWindow
GetTapeParameters
FindFirstFileExW
EnumSystemLocalesA
GetStartupInfoW
SetSystemFileCacheSize
GetFileSize
LockResource
GetWindowsDirectoryA
GetVolumeInformationW
GetAtomNameW
FoldStringW
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
WriteProfileStringW
GetCurrentThread
FindResourceExA
LoadLibraryW
GetModuleHandleA
FindFirstFileExA
GlobalAddAtomA
GetTimeFormatA
GetThreadTimes
GetDiskFreeSpaceA
GetTapePosition
GetBinaryTypeA
LoadLibraryExA
GetLogicalDriveStringsA
EnumTimeFormatsA
GetCurrencyFormatA
LoadResource
GetThreadContext
GlobalLock
DeleteTimerQueue
GetCurrentThreadId
GetProcessHeap
LoadRegTypeLib
GetRecordInfoFromTypeInfo
FindExecutableA
FreeContextBuffer
FreeCredentialsHandle
GetClassInfoExW
GetKeyboardLayoutNameA
GetInputState
DefMDIChildProcW
GetScrollPos
DestroyMenu
GetRawInputDeviceList
FlashWindowEx
FreeDDElParam
IsMenu
DialogBoxParamA
GetMenuDefaultItem
GetTabbedTextExtentW
InsertMenuItemA
DestroyIcon
GetRawInputData
PackDDElParam
GetClassLongA
GetSubMenu
EnumThreadWindows
GetDesktopWindow
IsWindowUnicode
GetClassNameA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExA
FindFirstUrlCacheEntryExA
GetPrintProcessorDirectoryW
GetStandardColorSpaceProfileW
malloc
setvbuf
strtol
GetRunningObjectTable
FaultInIEFeature
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Resource cache builder tool

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
383488

EntryPoint
0x23c0b

OriginalFileName
mcbuilder.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:09:05 03:00:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
msisip

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
155648

ProductName
Windows Installer - Unicode

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7e7be19f50105ca6d21cdef7bf8d2e24
SHA1 ba4051cfc131117d8d556f5925b74df31b0c4510
SHA256 6d02389ea22b2d8c31a7d09658cc7c8fffa577bfe3316dc8f3ca98390d40bcac
ssdeep
6144:u4Bg0BTei+Jw1FQV0l71mvwtGZVORSI64PR4NoTeLzeaC/YvD/:TBx6i+21F6A7xx6mioiPeaCE/

authentihash e9088059260d54ad7bbcf037c7a0eb4de895ac8780388332deebac9da41017d4
imphash aba3187ff59d8b7577d054e8267f2b0a
File size 521.5 KB ( 534016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-05 01:06:15 UTC ( 5 months, 2 weeks ago )
Last submission 2018-09-05 01:24:42 UTC ( 5 months, 2 weeks ago )
File names 56.exe
8732.exe
884.exe
9288732.exe
226265.exe
ba4051cfc131117d8d556f5925b74df31b0c4510.exe
50052400.exe
msisip
55.exe
mcbuilder.exe
0575.exe
7279026.exe
UNITYCHUNK.EXE
288.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!