× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82c2b966e981e676afeb92ed93d0be88a203417929b9abaaa4a4aba6a7f83821
File name: sspssystem.exe
Detection ratio: 18 / 67
Analysis date: 2018-09-17 17:34:45 UTC ( 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180917
AVG FileRepMalware 20180917
CAT-QuickHeal Trojan.Emotet.X4 20180917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180917
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.BAUN 20180917
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180917
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fm 20180917
Microsoft Trojan:Win32/Emotet.AC!bit 20180917
Palo Alto Networks (Known Signatures) generic.ml 20180917
Qihoo-360 HEUR/QVM20.1.EE05.Malware.Gen 20180917
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgPzU/m1BsHLfQ) 20180917
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180917
Webroot W32.Trojan.Emotet 20180917
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180917
Ad-Aware 20180913
AegisLab 20180917
AhnLab-V3 20180917
Alibaba 20180713
ALYac 20180917
Antiy-AVL 20180917
Arcabit 20180917
Avast-Mobile 20180917
Avira (no cloud) 20180917
AVware 20180917
Babable 20180907
Baidu 20180914
BitDefender 20180917
Bkav 20180917
ClamAV 20180917
CMC 20180917
Comodo 20180917
Cybereason 20180225
Cyren 20180917
DrWeb 20180917
eGambit 20180917
Emsisoft 20180917
F-Prot 20180917
F-Secure 20180917
Fortinet 20180917
GData 20180917
Ikarus 20180917
Jiangmin 20180917
K7AntiVirus 20180917
K7GW 20180917
Kingsoft 20180917
Malwarebytes 20180917
MAX 20180917
McAfee 20180917
eScan 20180917
NANO-Antivirus 20180917
Panda 20180917
Sophos AV 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TrendMicro 20180917
TrendMicro-HouseCall 20180917
Trustlook 20180917
VBA32 20180917
VIPRE 20180917
ViRobot 20180917
Yandex 20180915
Zillya 20180917
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name uconv
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-17 16:17:25
Entry Point 0x00021155
Number of sections 8
PE sections
PE imports
CryptDestroyKey
IsValidAcl
InitiateSystemShutdownA
GetFileSecurityW
MakeSelfRelativeSD
CryptSetHashParam
RegDeleteValueA
QueryUsersOnEncryptedFile
DeleteAce
AVIStreamStart
CM_Get_DevNode_Custom_PropertyW
CM_Get_Device_Interface_List_SizeW
ImageList_SetBkColor
PageSetupDlgA
ChooseFontA
CryptMsgSignCTL
PFXExportCertStoreEx
CryptStringToBinaryA
GetGlyphIndicesW
PaintRgn
SetArcDirection
ArcTo
ImmGetCompositionWindow
GetIpAddrTable
EnumResourceTypesA
ReplaceFileA
GetDateFormatA
SetCommConfig
InterlockedDecrement
GetProcessShutdownParameters
GetModuleHandleA
MapViewOfFileEx
OpenSemaphoreA
_lopen
GetTickCount
TlsSetValue
DeleteTimerQueueTimer
IsDBCSLeadByte
AddRefActCtx
GetStringTypeW
CreateFileMappingW
FindFirstChangeNotificationW
MprAdminPortEnum
MprConfigInterfaceGetInfo
acmStreamOpen
ICSeqCompressFrameStart
ICDrawBegin
NetApiBufferReallocate
NetLocalGroupAddMembers
NetLocalGroupGetMembers
VARIANT_UserFree
SafeArrayAllocDescriptorEx
BSTR_UserFree
RevokeActiveObject
RasGetAutodialAddressA
RasGetEntryPropertiesA
RpcServerTestCancel
NdrSimpleTypeUnmarshall
NdrAsyncServerCall
I_RpcNegotiateTransferSyntax
SetupDiGetDeviceInstanceIdW
SetupDiSelectDevice
SetupDiGetClassDescriptionExA
SetupDiSetDeviceInstallParamsA
ShellAboutA
Shell_NotifyIconA
AssocQueryKeyW
ChrCmpIW
StrRChrW
PathFileExistsW
PathUnExpandEnvStringsW
PathGetArgsA
PathFindOnPathW
SHRegOpenUSKeyA
StrStrW
SHRegWriteUSValueW
TranslateNameW
GetUserNameExA
EmptyClipboard
GetSysColorBrush
OemToCharBuffA
ScrollWindowEx
SetRectEmpty
CharLowerW
GetDlgItemInt
SetActiveWindow
CreateCursor
ReleaseDC
GetRawInputDeviceInfoW
GetRawInputData
CharLowerBuffA
BringWindowToTop
SetScrollRange
IsCharLowerW
InvalidateRect
LoadMenuIndirectA
FindWindowExA
GetDesktopWindow
CopyAcceleratorTableW
SetScrollInfo
CloseClipboard
GetMenuContextHelpId
InternetOpenUrlW
CloseDriver
timeGetTime
mciGetCreatorTask
midiOutMessage
timeSetEvent
mixerGetControlDetailsA
CryptCATAdminAddCatalog
CryptCATGetMemberInfo
CryptCATCDFEnumAttributes
WTHelperGetProvCertFromChain
getpeername
getservbyport
SCardListCardsW
SCardGetStatusChangeA
wcscoll
setvbuf
getchar
HGLOBAL_UserFree
RegisterDragDrop
OleIsRunning
CoSwitchCallContext
CoResumeClassObjects
FreePropVariantArray
PropVariantClear
HICON_UserSize
CoGetObjectContext
PdhBrowseCountersW
PdhOpenQueryH
CoInternetIsFeatureEnabledForUrl
RegisterBindStatusCallback
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
0

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
266240

EntryPoint
0x21155

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2018:09:17 18:17:25+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
uconv

ProductVersion
Personal

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 308cdf8c5ed98cbd30929bafc5e67c66
SHA1 3558cbf6d8e0fdafd17a4a6b7c9d81f220eaee55
SHA256 82c2b966e981e676afeb92ed93d0be88a203417929b9abaaa4a4aba6a7f83821
ssdeep
6144:+7Z2hg3D4bGpjdk77jjGJT1oGmvZ5fHMMB:+7Z2h2D4bkjW73KJT1nmvZ5fHM

authentihash 1066175e5491b06a8be2dcf9ea1601da1a040f51fe45e76f7e9c18249b711f9c
imphash 145c3322964004b0ff311728d15c27b5
File size 391.5 KB ( 400896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-17 16:23:19 UTC ( 5 months ago )
Last submission 2018-11-14 18:41:36 UTC ( 3 months, 1 week ago )
File names paltsd.exe
d0dDAZSjr.exe
knV4CcO0Ye0.exe
5HnNJbNp6xn.exe
hzolqLwJBIEB.exe
hJ6liHNqeZVD.exe
E26wbVGvLTl0.exe
GbLvv7Pq8F9u.exe
tFp0wHnf.exe
DJbU86UH.exe
zmACID8U.exe
volumedynamic.exe
XTrWPer6OtW.exe
308cdf8c5ed98cbd30929bafc5e67c66
FeHTNKHBY06.exe
LEB3EO3wrnvM.exe
sspssystem.exe
ymmvxTWb.exe
Gh6dSbyj.exe
fmsLGH4UB7.exe
xcosFcrEBqP.exe
Y9NJPwqCr.exe
uconv
5oKCrt0euI.exe
967.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!