× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f34fd4be7a7f8019a03ef18d9d43b410c1c0ce827d3b3bfea7c8448f451e33b
File name: zuXuWxmrXoRgltPOL.exe
Detection ratio: 50 / 67
Analysis date: 2019-04-11 11:32:19 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190409
Ad-Aware Trojan.GenericKDZ.55103 20190411
AegisLab Trojan.Win32.Emotet.L!c 20190411
AhnLab-V3 Trojan/Win32.Emotet.R263255 20190411
Alibaba TrojanBanker:Win32/Emotet.7dc379d2 20190402
ALYac Trojan.Agent.Emotet 20190411
Arcabit Trojan.Generic.DD73F 20190411
Avast Win32:DangerousSig [Trj] 20190411
AVG Win32:DangerousSig [Trj] 20190411
Avira (no cloud) TR/Crypt.Agent.wqsib 20190411
BitDefender Trojan.GenericKDZ.55103 20190411
ClamAV Win.Malware.Fugrafa-6935000-0 20190411
Comodo Malware@#9dexw867l012 20190411
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.14e334 20190403
Cyren W32/Emotet.SI.gen!Eldorado 20190411
DrWeb Trojan.Siggen8.24452 20190411
eGambit Unsafe.AI_Score_97% 20190411
Emsisoft Trojan.GenericKDZ.55103 (B) 20190411
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRXC 20190411
F-Prot W32/Emotet.SI.gen!Eldorado 20190411
F-Secure Trojan.TR/Crypt.Agent.wqsib 20190411
FireEye Generic.mg.c4b6069f71887b92 20190411
Fortinet W32/Generic.AP.2999A6!tr 20190411
GData Trojan.GenericKDZ.55103 20190411
Ikarus Trojan-Banker.Emotet 20190411
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054b5081 ) 20190411
K7GW Trojan ( 0054b5081 ) 20190411
Kaspersky Trojan-Banker.Win32.Emotet.cwkz 20190411
Malwarebytes Trojan.Emotet 20190411
MAX malware (ai score=100) 20190411
McAfee Emotet-FMI!C4B6069F7188 20190411
McAfee-GW-Edition Emotet-FMI!C4B6069F7188 20190411
Microsoft Trojan:Win32/Emotet.AC!bit 20190411
eScan Trojan.GenericKDZ.55103 20190411
Palo Alto Networks (Known Signatures) generic.ml 20190411
Panda Trj/GdSda.A 20190410
Qihoo-360 Win32/Trojan.653 20190411
Rising Trojan.Kryptik!8.8 (CLOUD) 20190411
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Emotet-Q 20190411
Tencent Win32.Trojan.Falsesign.Szbi 20190411
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THDAAAI 20190411
VBA32 BScope.TrojanPSW.Papras 20190411
ViRobot Trojan.Win32.Emotet.147720 20190411
Yandex Trojan.PWS.Emotet! 20190411
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cwkz 20190411
Antiy-AVL 20190411
Avast-Mobile 20190411
Babable 20180918
Baidu 20190318
Bkav 20190410
CAT-QuickHeal 20190410
CMC 20190321
Jiangmin 20190411
Kingsoft 20190411
NANO-Antivirus 20190411
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190411
TheHacker 20190405
TotalDefense 20190411
Trustlook 20190411
Zillya 20190410
Zoner 20190411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015

Product ChatClient
Original name ChatClient
Internal name ChatClient
File version 1.3.3.80
Description ChatClient
Comments PCWinSoft Software
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:30 AM 4/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-09 06:33:44
Entry Point 0x00012B50
Number of sections 4
PE sections
Overlays
MD5 7dec40aa15d160410a8c4f8d3b760547
File type data
Offset 144384
Size 3336
Entropy 7.33
PE imports
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
CreateMetaFileW
CopyEnhMetaFileW
SetPixel
EndDoc
SetPaletteEntries
AngleArc
CreatePalette
CreateDIBitmap
GetPolyFillMode
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
GetTextCharacterExtra
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
PathToRegion
GetSystemPaletteEntries
OffsetRgn
EnumFontsW
GetCurrentPositionEx
EndPath
GetPixel
GetLayout
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
GetDCBrushColor
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
SetPixelV
DeleteObject
CreatePenIndirect
PatBlt
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
RealizePalette
SetEnhMetaFileBits
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
RoundRect
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
FillPath
SetDIBitsToDevice
CreateDIBSection
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
ExtTextOutW
CreateCompatibleDC
PolyBezierTo
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
Ellipse
CreateSolidBrush
Polyline
StartDocW
CreateCompatibleBitmap
DeleteMetaFile
ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
FatalExit
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
SetConsoleActiveScreenBuffer
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
EraseTape
CreateThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetProcAddress
GetProcessHeap
ExpandEnvironmentStringsW
CreateMailslotA
MapUserPhysicalPagesScatter
ExpandEnvironmentStringsA
CreateEventW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
lstrcpyn
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
LCMapStringA
SleepEx
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
AddConsoleAliasW
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
EnumResourceTypesA
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
IsValidCodePage
HeapCreate
SetConsoleDisplayMode
VirtualFree
Sleep
IsBadCodePtr
VirtualAlloc
GetCaretBlinkTime
GetOpenClipboardWindow
GetParent
CopyIcon
DestroyMenu
GetMessageW
CharToOemBuffA
IsCharAlphaW
IsWindow
IsMenu
IsWindowEnabled
VkKeyScanW
DispatchMessageW
CreatePopupMenu
GetQueueStatus
IsWindowVisible
LoadStringW
GetMenuCheckMarkDimensions
wsprintfA
CountClipboardFormats
PostThreadMessageW
IsWindowUnicode
LoadIconW
GetFocus
wsprintfW
CharNextW
Number of PE resources by type
RT_ICON 4
RT_DIALOG 2
RT_MENU 2
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SpecialBuild
000

CodeSize
73728

SubsystemVersion
5.0

Comments
PCWinSoft Software

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.3.80

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ChatClient

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
70144

PrivateBuild
1.3.3.80

EntryPoint
0x12b50

OriginalFileName
ChatClient

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
1.3.3.80

TimeStamp
2019:04:09 08:33:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChatClient

ProductVersion
1.3.3.80

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PCWinSoft Software

LegalTrademarks
PCWinSoft (tm)

ProductName
ChatClient

ProductVersionNumber
1.3.3.80

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c4b6069f71887b92c163b2bfe96a7154
SHA1 e7bfd1c14e334a84c39dbc7d32923c0bd5acb21e
SHA256 7f34fd4be7a7f8019a03ef18d9d43b410c1c0ce827d3b3bfea7c8448f451e33b
ssdeep
1536:sccDTGzg/RnqyACg2uHtdDaxlrxdp9ABRhi6/9bDRoKCt5t1Y+ugCiZi:aDKzgpACg/7axlrxdQBfi6/Fot5t4ko

authentihash 8028060ea6ddadcf2c89c25129483907f5083e005ec5fa308e8fa878e79dd6af
imphash 408b8ffe7711f6618a8ecb950cefed54
File size 144.3 KB ( 147720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-09 06:45:48 UTC ( 1 month, 1 week ago )
Last submission 2019-04-09 06:45:48 UTC ( 1 month, 1 week ago )
File names zuXuWxmrXoRgltPOL.exe
ChatClient
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs