× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d32333d54d4027283f0b36ddcfe07c743f65cd895d89f8c81be3f69b55d7fc8
File name: 4vcp4aO3GRU.exe
Detection ratio: 25 / 66
Analysis date: 2018-11-12 07:56:43 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.4!c 20181112
Avast FileRepMalware 20181112
AVG FileRepMalware 20181112
Bkav HW32.Packed. 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.708fb9 20180225
Cylance Unsafe 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQSW 20181112
Fortinet W32/Kryptik.GMOJ!tr 20181112
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b6a31 ) 20181112
K7GW Trojan ( 0053b6a31 ) 20181109
Kaspersky UDS:DangerousObject.Multi.Generic 20181112
McAfee GenericRXGO-VQ!5D9357A708FB 20181112
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181112
Microsoft Trojan:Win32/Emotet.AC!bit 20181112
Palo Alto Networks (Known Signatures) generic.ml 20181112
Qihoo-360 HEUR/QVM20.1.2612.Malware.Gen 20181112
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181112
Sophos AV Mal/Generic-S 20181112
Symantec ML.Attribute.HighConfidence 20181112
VIPRE LooksLike.Win32.Dridex.e (v) None
Webroot W32.Trojan.Emotet 20181112
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181112
Ad-Aware 20181112
AhnLab-V3 20181111
Alibaba 20180921
ALYac 20181112
Antiy-AVL 20181112
Arcabit 20181112
Avast-Mobile 20181112
Avira (no cloud) 20181112
Babable 20180918
Baidu 20181112
BitDefender 20181112
CAT-QuickHeal 20181111
ClamAV 20181112
CMC 20181112
Cyren 20181112
DrWeb 20181112
Emsisoft 20181112
F-Prot 20181112
F-Secure 20181112
GData 20181112
Ikarus 20181111
Jiangmin 20181112
Kingsoft 20181112
Malwarebytes 20181112
MAX 20181112
eScan 20181112
NANO-Antivirus 20181112
Panda 20181111
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181112
TheHacker 20181108
TrendMicro 20181112
TrendMicro-HouseCall 20181112
Trustlook 20181112
VBA32 20181109
ViRobot 20181112
Yandex 20181109
Zillya 20181109
Zoner 20181112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Sola Plug-in
Original name msiltcfg.dl
Internal name Aban Plug-in
File version 1, 4, 2, 50
Description Window I Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-06-10 08:02:18
Entry Point 0x00001589
Number of sections 6
PE sections
PE imports
CloseServiceHandle
QueryUsersOnEncryptedFile
ImageList_Draw
CertAddStoreToCollection
SetBitmapBits
SwapBuffers
CloseEnhMetaFile
SetViewportOrgEx
GetSystemTime
SetupComm
UnlockFile
GetThreadPriority
ReleaseMutex
GetNumberOfConsoleMouseButtons
GlobalAlloc
AllocConsole
GlobalMemoryStatusEx
GetCommMask
GetCommandLineA
FindFirstFileNameTransactedW
VARIANT_UserMarshal
VarI2FromDate
NdrConformantArrayBufferSize
StrToIntW
IsClipboardFormatAvailable
SetMenuItemBitmaps
IsDlgButtonChecked
DrawIcon
IsZoomed
GetWindowDC
DestroyAcceleratorTable
SetProcessWindowStation
wsprintfW
CheckDlgButton
GetMenuCheckMarkDimensions
CryptCATAdminEnumCatalogFromHash
Number of PE resources by type
RT_DIALOG 20
RT_STRING 10
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ITALIAN NEUTRAL 3
SWEDISH NEUTRAL 3
CHINESE TRADITIONAL 3
SPANISH NEUTRAL 3
GERMAN NEUTRAL 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
FRENCH NEUTRAL 3
KOREAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
143360

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.2.50

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Window I Stub

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
12.0

EntryPoint
0x1589

OriginalFileName
msiltcfg.dl

MIMEType
application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.4|application/x-java-bean;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-bean;version=1.4.1

LegalCopyright
Microsoft

FileExtents
|||||

FileOpenName
Aban Applet|JavaBeans|Sola Applet|SolaBeans|Sola Applet|SolaBeans

FileVersion
1, 4, 2, 50

TimeStamp
1995:06:10 09:02:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Aban Plug-in

ProductVersion
1, 4, 2, 50

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AbanSoft / Sun Microsystems, Inc.

CodeSize
12288

ProductName
Sola Plug-in

ProductVersionNumber
1.4.2.50

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5d9357a708fb9050b1fee4eb3bc95803
SHA1 3447b449cd177f7db6e910b9ec8a64cc389cd823
SHA256 6d32333d54d4027283f0b36ddcfe07c743f65cd895d89f8c81be3f69b55d7fc8
ssdeep
3072:jITgOkUpGI5fG544JJcpyp2OLMXQGun56f+q90QF:jITgt2GGIJcjzsU9

authentihash 75f355b35c2c4173297446c0fc0d8d4e96ea2ffa0f3ead68f3395bc4c2fa6664
imphash a7d4e5e19aef31cf8fe801a6ca4a777e
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-12 04:37:27 UTC ( 3 months, 1 week ago )
Last submission 2018-11-12 13:41:05 UTC ( 3 months, 1 week ago )
File names 16378328.exe
VAtQe2PLEV6.exe
msiltcfg.dl
23259608.exe
21cYqz7gAbbn.exe
Aban Plug-in
usbccidchunk.exe
lpiocolorer.exe
pwdsame.exe
4vcp4aO3GRU.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!