× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d17d4ca3c3edae7a0c160ed850c5cac82341c9aae71a1cf4be4fc8fc359ef39
File name: 75e4bb97ead02f405c9b18f389c6754f13fa03b5
Detection ratio: 49 / 67
Analysis date: 2018-05-03 17:45:17 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.30664957 20180503
AegisLab Filerepmalware.Gen!c 20180503
AhnLab-V3 Trojan/Win32.Emotet.R226505 20180503
ALYac Trojan.Autoruns.GenericKDS.30664957 20180503
Arcabit Trojan.Autoruns.GenericS.D1D3E8FD 20180503
Avast Win32:GenX [Trj] 20180503
AVG Win32:GenX [Trj] 20180503
Avira (no cloud) TR/AD.HeodoDlder.rkuym 20180503
AVware Trojan.Win32.Generic!BT 20180428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
BitDefender Trojan.Autoruns.GenericKDS.30664957 20180503
Bkav HW32.Packed.CF86 20180503
CAT-QuickHeal Trojan.IGENERIC 20180503
ClamAV Win.Trojan.Emotet-6520681-0 20180503
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180503
Cyren W32/Trojan.TZUM-6748 20180503
Emsisoft Trojan.Autoruns.GenericKDS.30664957 (B) 20180503
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of Win32/Kryptik.GGEJ 20180503
F-Secure Trojan.Autoruns.GenericKDS.30664957 20180503
Fortinet W32/Emotet.AKEQ!tr 20180503
GData Trojan.Autoruns.GenericKDS.30664957 20180503
Ikarus Trojan.Autoruns.GenericKDS 20180503
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 0052f3df1 ) 20180503
K7GW Trojan ( 0052f3df1 ) 20180503
Kaspersky Trojan-Banker.Win32.Emotet.akeq 20180503
Malwarebytes Trojan.Emotet 20180503
MAX malware (ai score=95) 20180503
McAfee RDN/Generic.grp 20180503
McAfee-GW-Edition BehavesLike.Win32.Cutwail.ch 20180503
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180503
eScan Trojan.Autoruns.GenericKDS.30664957 20180503
NANO-Antivirus Trojan.Win32.Emotet.faxapy 20180503
nProtect Banker/W32.Emotet.143872.N 20180503
Palo Alto Networks (Known Signatures) generic.ml 20180503
Panda Trj/Genetic.gen 20180503
Qihoo-360 HEUR/QVM20.1.C989.Malware.Gen 20180503
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Emotet-MT 20180503
Symantec Trojan.Emotet 20180503
Tencent Win32.Trojan-banker.Emotet.Lfpt 20180503
TrendMicro TROJ_GEN.R04CC0ODT18 20180503
TrendMicro-HouseCall TROJ_GEN.R04CC0ODT18 20180503
VBA32 TrojanBanker.Emotet 20180503
VIPRE Trojan.Win32.Generic!BT 20180503
Webroot W32.Trojan.Emotet 20180503
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.akeq 20180503
Alibaba 20180503
Antiy-AVL 20180503
Avast-Mobile 20180503
Babable 20180406
CMC 20180503
Comodo 20180503
Cybereason None
DrWeb 20180503
eGambit 20180503
F-Prot 20180503
Jiangmin 20180503
Kingsoft 20180503
Rising 20180503
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
TheHacker 20180430
TotalDefense 20180503
Trustlook 20180503
ViRobot 20180503
Yandex 20180503
Zillya 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product MediaShow
Original name MediaShow.exe
Internal name Media Shower
Description Helper On
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-27 16:05:49
Entry Point 0x00005496
Number of sections 7
PE sections
PE imports
RegOpenUserClassesRoot
CryptQueryObject
JetInit2
ScaleWindowExtEx
MaskBlt
OffsetClipRgn
LocaleNameToLCID
SetConsoleCP
GetProductInfo
HeapCompact
GetExitCodeProcess
GetCurrentProcess
GetConsoleDisplayMode
CloseHandle
GetVersion
SetMailslotInfo
FlsGetValue
SetupDiGetDeviceInstallParamsA
GetClipboardViewer
IsWinEventHookInstalled
GetWindowRect
GetClientRect
CloseWindow
DestroyMenu
GetWindowInfo
ScreenToClient
MonitorFromRect
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
132608

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.10.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Helper On

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

EntryPoint
0x5496

OriginalFileName
MediaShow.exe

MIMEType
application/octet-stream

TimeStamp
2018:04:27 18:05:49+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Media Shower

ProductVersion
1.1.00.5-RELEASE-3261ab70162a15491f105139acb02100067d661b

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Helper On

CodeSize
14336

ProductName
MediaShow

ProductVersionNumber
1.2.10.6

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.1.00.5

File identification
MD5 3115f2c24df10bd45313615d8a3aa882
SHA1 1689a26063a56451e1702722862a1ee71fd4a019
SHA256 6d17d4ca3c3edae7a0c160ed850c5cac82341c9aae71a1cf4be4fc8fc359ef39
ssdeep
3072:6hNtfsy/zZVJm4p5HrJvfEl3uhZsgfV18PlN83:6Ht00Z/p5L+1uhT2Pl

authentihash d826c53c9c34bd73a4f7e00806f292cff1fc9a4093c77cb9a40cd8f1be9d09ac
imphash e581a76154ce09dd6b904610d24b90c4
File size 140.5 KB ( 143872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-27 16:36:56 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-24 17:42:23 UTC ( 8 months, 4 weeks ago )
File names 75e4bb97ead02f405c9b18f389c6754f13fa03b5
MediaShow.exe
Media Shower
connectvsgd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!