× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 705ce6a8d4fa148199a9785a0fb6a06774fdc004657d3aaac2d1384a7b97a225
File name: BSMPCHOST.EXE
Detection ratio: 26 / 71
Analysis date: 2019-01-26 02:45:58 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20190125
AVG Win32:Malware-gen 20190126
Avira (no cloud) TR/AD.MoksSteal.gwmgy 20190126
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOZS 20190126
Fortinet W32/Azorult.GBP!tr.pws 20190126
GData Win32.Packed.Kryptik.5OYZJR 20190126
Ikarus Trojan.Crypt 20190125
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005465301 ) 20190125
K7GW Trojan ( 005465301 ) 20190125
Kaspersky Trojan-PSW.Win32.Azorult.gbp 20190126
MAX malware (ai score=100) 20190126
McAfee RDN/Generic.dx 20190126
McAfee-GW-Edition BehavesLike.Win32.Injector.bc 20190125
Microsoft Trojan:Win32/Azden.A!cl 20190126
Palo Alto Networks (Known Signatures) generic.ml 20190126
Qihoo-360 Win32/Trojan.PSW.c41 20190126
Sophos AV Mal/Generic-S 20190126
Symantec ML.Attribute.HighConfidence 20190125
Tencent Win32.Trojan-qqpass.Qqrob.Sxxv 20190126
Trapmine malicious.high.ml.score 20190123
ViRobot Trojan.Win32.Z.Agent.734720.IE 20190125
Webroot W32.Trojan.Emotet 20190126
ZoneAlarm by Check Point Trojan-PSW.Win32.Azorult.gbp 20190126
Acronis 20190124
Ad-Aware 20190126
AegisLab 20190126
AhnLab-V3 20190125
Alibaba 20180921
ALYac 20190126
Antiy-AVL 20190126
Arcabit 20190126
Avast-Mobile 20190125
Babable 20180918
Baidu 20190125
BitDefender 20190126
Bkav 20190125
CAT-QuickHeal 20190125
ClamAV 20190125
CMC 20190125
Comodo 20190126
Cybereason 20190109
Cylance 20190126
Cyren 20190126
DrWeb 20190126
eGambit 20190126
Emsisoft 20190126
F-Prot 20190126
F-Secure 20190126
Jiangmin 20190126
Kingsoft 20190126
Malwarebytes 20190126
eScan 20190125
NANO-Antivirus 20190125
Panda 20190125
Rising 20190126
SentinelOne (Static ML) 20190124
SUPERAntiSpyware 20190123
TACHYON 20190126
TheHacker 20190125
TotalDefense 20190125
TrendMicro 20190125
TrendMicro-HouseCall 20190125
Trustlook 20190126
VBA32 20190125
VIPRE 20190126
Yandex 20190125
Zillya 20190125
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-Present Miranda IM Project

Product Wheeler
Original name Wheeler
Description Earnings Opens Differentiators Workforce
Comments Earnings Opens Differentiators Workforce
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-24 14:20:17
Entry Point 0x0004F564
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
QueryServiceStatus
ConvertStringSidToSidA
GetLengthSid
ImpersonateLoggedOnUser
AVIStreamWrite
AVIFileCreateStreamA
CreateToolbarEx
ImageList_Create
CertGetNameStringA
CryptUIWizFreeDigitalSignContext
GetWindowRegionData
WinWatchGetClipList
WinWatchDidStatusChange
JetTruncateLogInstance
GetDeviceCaps
CreatePen
BeginPath
SetMapMode
CreateEllipticRgn
SetBkMode
BitBlt
PatBlt
SetViewportOrgEx
CreateFontIndirectA
AddFontResourceExW
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
SelectClipRgn
CreateCompatibleDC
DeleteObject
SelectObject
Rectangle
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
CancelIoEx
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
GetTimeZoneInformation
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SetLastError
GetSystemTime
InitializeCriticalSection
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
SetConsoleOutputCP
SetConsoleScreenBufferSize
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
LockFileEx
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetConsoleCP
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
DeleteFileA
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetCommState
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetProcessHeaps
GetCurrentDirectoryA
GetCPInfoExA
HeapSize
GetConsoleTitleA
GetCommandLineA
InterlockedCompareExchange
EnumResourceTypesA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
ICCompressorChoose
OleCreatePictureIndirect
UuidToStringA
UuidCreate
SHBrowseForFolderA
SHGetMalloc
Shell_NotifyIconA
GetForegroundWindow
GetParent
ReleaseDC
BeginPaint
CreateIconIndirect
KillTimer
ShowWindow
FindWindowA
DrawFrameControl
LoadBitmapA
SetScrollPos
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
ScrollWindowEx
LoadStringA
PeekMessageA
ChildWindowFromPoint
GetDC
CopyImage
SystemParametersInfoA
CheckMenuItem
GetMenu
wsprintfA
IsWindowVisible
SendMessageA
GetClientRect
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
DestroyIcon
TranslateAcceleratorA
AttachThreadInput
GetSystemMenu
GetWindowTextA
PtInRect
DestroyWindow
ExpandEnvironmentStringsForUserA
InternetQueryOptionA
InternetGetLastResponseInfoW
WSAInstallServiceClassW
Ord(17)
Ord(8)
Ord(64)
Number of PE resources by type
RT_DIALOG 9
RT_BITMAP 7
RT_ICON 6
PNG 5
RT_STRING 2
RCDATA 1
RT_MANIFEST 1
TXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
CodeSize
414720

SubsystemVersion
5.0

Comments
Earnings Opens Differentiators Workforce

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.7.6.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Earnings Opens Differentiators Workforce

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
318976

PrivateBuild
3.7.6.5

EntryPoint
0x4f564

OriginalFileName
Wheeler

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-Present Miranda IM Project

TimeStamp
2019:01:24 06:20:17-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.7.6.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Miranda IM Project

LegalTrademarks
Copyright 1995-Present Miranda IM Project

ProductName
Wheeler

ProductVersionNumber
3.7.6.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ca27c3e8022498fb14c8a57b01180c16
SHA1 d4849f1e70dfd63fd45ef7530076fc371d4e2fa2
SHA256 705ce6a8d4fa148199a9785a0fb6a06774fdc004657d3aaac2d1384a7b97a225
ssdeep
12288:5nYdzqT5fnpGzAgAnkJj7G/fk8o2RgLjQnB3/ENpQplKmdBBLl9N:lYcTJpTaGHk8o2RiQn6HmzBLl9N

authentihash 20f32456830a83c9c4d9fed40c4cf7cad1bcb1d8ab88e7f8ae40161ef3599181
imphash f001afc90c6cee14cd28c4e50ecc756e
File size 717.5 KB ( 734720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-24 16:32:27 UTC ( 1 month, 4 weeks ago )
Last submission 2019-01-24 16:32:27 UTC ( 1 month, 4 weeks ago )
File names Wheeler
BSMPCHOST.EXE
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!