× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 799a6e3bc8fcb2f928c0618fe672aa4edae7a6560414bbfefbb51b2823041c36
File name: UWBDsulPK3RVgx.exe
Detection ratio: 46 / 68
Analysis date: 2018-12-08 01:07:17 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40811215 20181207
AegisLab Trojan.Win32.Emotet.4!c 20181207
Alibaba TrojanBanker:Win32/Emotet.f6c0b55b 20180921
ALYac Trojan.Agent.Emotet 20181207
Arcabit Trojan.Generic.D26EBACF 20181207
Avast Win32:BankerX-gen [Trj] 20181208
AVG Win32:BankerX-gen [Trj] 20181208
Avira (no cloud) TR/AD.Emotet.fadtj 20181208
BitDefender Trojan.GenericKD.40811215 20181208
Comodo TrojWare.Win32.Trojan.XPack.~gen1@1rwlif 20181207
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.cea52a 20180225
Cylance Unsafe 20181208
Cyren W32/Emotet.KG.gen!Eldorado 20181208
Emsisoft Trojan.GenericKD.40811215 (B) 20181207
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNNF 20181207
F-Prot W32/Emotet.KG.gen!Eldorado 20181207
F-Secure Trojan.GenericKD.40811215 20181207
Fortinet Malicious_Behavior.SB 20181207
GData Trojan.GenericKD.40811215 20181207
Ikarus Trojan-Banker.Emotet 20181207
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181207
K7GW Riskware ( 0040eff71 ) 20181207
Kaspersky Trojan-Banker.Win32.Emotet.btin 20181207
Malwarebytes Trojan.Emotet 20181207
MAX malware (ai score=100) 20181208
McAfee Emotet-FID!E4E381FCEA52 20181207
McAfee-GW-Edition Emotet-FID!E4E381FCEA52 20181207
Microsoft Trojan:Win32/Emotet.BT 20181207
eScan Trojan.GenericKD.40811215 20181207
NANO-Antivirus Trojan.Win32.Emotet.fkvbue 20181207
Palo Alto Networks (Known Signatures) generic.ml 20181208
Panda Trj/GdSda.A 20181207
Qihoo-360 Win32/Trojan.c84 20181208
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181207
Sophos AV Mal/EncPk-ANY 20181207
Symantec Trojan.Gen.2 20181207
Tencent Win32.Trojan-banker.Emotet.Ambz 20181208
Trapmine suspicious.low.ml.score 20181205
TrendMicro TROJ_GEN.USL318 20181207
TrendMicro-HouseCall TROJ_GEN.USL318 20181207
VBA32 BScope.Trojan.Emotet 20181207
Webroot W32.Trojan.Emotet 20181208
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btin 20181207
AhnLab-V3 20181207
Antiy-AVL 20181207
Avast-Mobile 20181207
Babable 20180918
Baidu 20181207
Bkav 20181206
CAT-QuickHeal 20181207
ClamAV 20181208
CMC 20181207
DrWeb 20181208
Jiangmin 20181207
Kingsoft 20181208
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181207
TheHacker 20181202
TotalDefense 20181207
Trustlook 20181208
ViRobot 20181207
Yandex 20181207
Zillya 20181206
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 18:30:16
Entry Point 0x00003D30
Number of sections 5
PE sections
PE imports
CM_Reenumerate_DevNode_Ex
ImageList_SetIconSize
CryptMsgGetAndVerifySigner
SelectClipPath
LineTo
GetRandomRgn
GetVolumePathNamesForVolumeNameW
GlobalMemoryStatus
GetNamedPipeClientComputerNameA
GetDriveTypeW
GetBinaryTypeW
GetModuleHandleA
Process32First
FillConsoleOutputAttribute
GetStringTypeExA
lstrlenW
SetupDiDestroyDriverInfoList
SetupDefaultQueueCallbackW
SHRegQueryInfoUSKeyW
StrChrA
StrSpnW
GetComputerObjectNameW
InsertMenuA
EnumDisplayMonitors
BeginDeferWindowPos
GetMenu
GetPriorityClipboardFormat
ExcludeUpdateRgn
GetUpdateRect
RealGetWindowClassA
InternetFindNextFileA
AddPrinterW
g_rgSCardT1Pci
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:03 19:30:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x3d30

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 e4e381fcea52ae03d81ed08639b59863
SHA1 b4b8390c4456f7747e465e630d373c53484d77d4
SHA256 799a6e3bc8fcb2f928c0618fe672aa4edae7a6560414bbfefbb51b2823041c36
ssdeep
3072:5N+kv65Bxl4kmMjWlo1KPQDf/b/xN8fEfGi/MPxWS1ScN+j2Tmx2QuZV5y:5N+kvwSoQk/0fEfdSlHN+j2TmxHu

authentihash d6a5e46e0e2fe821c29a7e00100dae462224b77a193b71d6691a71d8d87b437d
imphash 3fcdf9af49be15e56ea01b3bd05aab42
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 18:35:18 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-03 18:47:35 UTC ( 2 months, 3 weeks ago )
File names UWBDsulPK3RVgx.exe
wups.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!