× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 780db68462773dbec617e5de0a3a8888acafc6ec812c598fe78fc41ff2b70158
File name: 780db68462773dbec617e5de0a3a8888acafc6ec812c598fe78fc41ff2b70158
Detection ratio: 21 / 68
Analysis date: 2019-03-19 13:29:15 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Gen:Variant.Razy.475332 20190319
AegisLab Hacktool.Win32.Krap.lKMc 20190319
ALYac Gen:Variant.Razy.475332 20190319
Arcabit Trojan.Razy.D740C4 20190319
BitDefender Gen:Variant.Razy.475332 20190319
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Cylance Unsafe 20190319
Emsisoft Gen:Variant.Razy.475332 (B) 20190319
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQEV 20190319
GData Gen:Variant.Razy.475332 20190319
Sophos ML heuristic 20190313
MAX malware (ai score=83) 20190319
Microsoft Trojan:Win32/Emotet.LK!ml 20190319
eScan Gen:Variant.Razy.475332 20190319
Panda Trj/GdSda.A 20190319
Qihoo-360 HEUR/QVM20.1.F2A7.Malware.Gen 20190319
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgMPAP7Qmc8LBQ) 20190319
SentinelOne (Static ML) DFI - Suspicious PE 20190317
VBA32 BScope.Malware-Cryptor.Emotet 20190319
AhnLab-V3 20190319
Alibaba 20190306
Antiy-AVL 20190319
Avast 20190319
Avast-Mobile 20190319
AVG 20190319
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190319
CMC 20190319
Comodo 20190319
Cybereason 20190314
Cyren 20190319
DrWeb 20190319
eGambit 20190319
F-Prot 20190319
F-Secure 20190319
Fortinet 20190319
Ikarus 20190319
Jiangmin 20190319
K7AntiVirus 20190319
K7GW 20190319
Kaspersky 20190319
Kingsoft 20190319
Malwarebytes 20190319
McAfee 20190319
McAfee-GW-Edition 20190319
NANO-Antivirus 20190319
Palo Alto Networks (Known Signatures) 20190319
Sophos AV 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
Tencent 20190319
TheHacker 20190315
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190319
TrendMicro-HouseCall 20190319
Trustlook 20190319
ViRobot 20190319
Yandex 20190318
Zillya 20190318
ZoneAlarm by Check Point 20190319
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name OneClickMaintenance.exe
Internal name OneClickMaintenance.exe
File version 5, 0, 0, 6
Description OneClickMaintenance
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:09 PM 3/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-19 13:27:11
Entry Point 0x000012C0
Number of sections 4
PE sections
Overlays
MD5 999229ca05df96c0af05ad99115ac07f
File type data
Offset 235520
Size 3336
Entropy 7.33
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetStdHandle
lstrlenW
FileTimeToSystemTime
GetFileAttributesA
SetEvent
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetFileAttributesA
GetTempPathA
lstrcmpiA
GetCPInfo
GetOverlappedResult
InterlockedExchange
WriteFile
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
ResumeThread
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
TlsGetValue
GetModuleFileNameW
CopyFileA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
CreateThread
SetEnvironmentVariableW
DisconnectNamedPipe
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
GlobalAlloc
SearchPathA
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
WaitForMultipleObjects
GetCommProperties
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindFirstFileA
GetTimeFormatA
GetTempFileNameA
FindNextFileA
DuplicateHandle
FindFirstFileExW
GetProcAddress
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
HeapReAlloc
FindNextFileW
GetEnvironmentStringsW
GlobalUnlock
GetCommState
RemoveDirectoryA
GetShortPathNameA
SetupComm
FileTimeToLocalFileTime
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
SetStdHandle
CreateProcessA
IsValidCodePage
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
ResetEvent
Shell_NotifyIconW
GetWindowThreadProcessId
SendMessageTimeoutA
LoadStringA
GetTopWindow
MessageBoxA
SetForegroundWindow
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 21
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.6

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
OneClickMaintenance

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
111616

EntryPoint
0x12c0

OriginalFileName
OneClickMaintenance.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

FileVersion
5, 0, 0, 6

TimeStamp
2019:03:19 14:27:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OneClickMaintenance.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
122880

ProductName
Glary Utilities

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 525c13ac04e74d80a404e2345e667487
SHA1 ddafb24f51ba4d594119a1aa5b0114f176e5c7fb
SHA256 780db68462773dbec617e5de0a3a8888acafc6ec812c598fe78fc41ff2b70158
ssdeep
3072:BaSM6/k8X9osHS4/tPeyMK1dw9tDvA5LYAuF6sSoPxdKn/K:DM6NosHS4/tQ7AdYAu0NoPxqC

authentihash c305cf30720bd430724e55f7cf8f11775e70e37ed48b2cb7f3c9d8fdfea498de
imphash 23011cd5bc41f480356409b3537a9256
File size 233.3 KB ( 238856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-19 13:29:15 UTC ( 1 month ago )
Last submission 2019-03-19 23:26:40 UTC ( 1 month ago )
File names OneClickMaintenance.exe
emotet_e1_780db68462773dbec617e5de0a3a8888acafc6ec812c598fe78fc41ff2b70158_2019-03-19__133001.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections