× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88b617431b4ea1241e01251bdb164cb8acec0008562241cb441db22c0d89df28
File name: TR1BZkYKtEe6.exe
Detection ratio: 27 / 68
Analysis date: 2019-01-11 14:36:30 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R251442 20190111
Avast Win32:TrojanX-gen [Trj] 20190112
AVG Win32:TrojanX-gen [Trj] 20190112
Comodo Packed.Win32.TDSS.~AA@1rhbt5 20190112
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.d78085 20190109
Cyren W32/Trojan.MJKA-2212 20190112
eGambit Unsafe.AI_Score_99% 20190112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOND 20190111
GData Win32.Trojan.Agent.2BVZBI 20190111
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190111
K7GW Riskware ( 0040eff71 ) 20190111
Kaspersky Trojan-Banker.Win32.Emotet.byvy 20190111
Malwarebytes Trojan.Emotet 20190111
McAfee Emotet-FLN!96D1E3C33BBF 20190111
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190111
Microsoft Trojan:Win32/Emotet.AC!bit 20190111
Palo Alto Networks (Known Signatures) generic.ml 20190112
Qihoo-360 HEUR/QVM19.1.7779.Malware.Gen 20190112
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgOTL6G7k83BVA) 20190111
SentinelOne (Static ML) static engine - malicious 20181223
Symantec Packed.Generic.517 20190111
Trapmine malicious.moderate.ml.score 20190103
Webroot W32.Trojan.Emotet 20190112
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byvy 20190111
Acronis 20190111
Ad-Aware 20190112
AegisLab 20190111
Alibaba 20180921
ALYac 20190112
Antiy-AVL 20190111
Arcabit 20190112
Avast-Mobile 20190111
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
BitDefender 20190112
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190111
DrWeb 20190112
Emsisoft 20190111
F-Prot 20190111
F-Secure 20190111
Fortinet 20190111
Jiangmin 20190111
Kingsoft 20190112
MAX 20190112
eScan 20190111
NANO-Antivirus 20190111
Panda 20190111
Sophos AV 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
Tencent 20190112
TheHacker 20190106
TotalDefense 20190111
TrendMicro 20190112
TrendMicro-HouseCall 20190112
Trustlook 20190112
VBA32 20190111
ViRobot 20190111
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsof

Product Ulead VerCheck
Original name VerCheck.exe
Internal name c_iscii
File version 6.1.7601.
Description VerCheck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-11 11:18:12
Entry Point 0x00002875
Number of sections 5
PE sections
PE imports
IsValidAcl
LookupPrivilegeDisplayNameA
GetWindowsAccountDomainSid
GetServiceKeyNameA
GetSidIdentifierAuthority
FindTextW
GetFileTitleW
GetLogColorSpaceA
LineTo
FrameRgn
GetTextFaceW
GetCharWidthW
GetTextCharset
GetBitmapBits
DefineDosDeviceW
FlushConsoleInputBuffer
GetConsoleOutputCP
GetConsoleFontSize
lstrlenA
GetConsoleCP
ExitProcess
GetCurrentProcess
GetConsoleMode
GetSystemDefaultLCID
FreeEnvironmentStringsW
VerifyScripts
FillConsoleOutputAttribute
GetCurrentThread
lstrcpynW
GetTimeFormatW
GetTempPathA
GetFileSizeEx
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
FreeConsole
GetFileInformationByHandle
GetCommConfig
GetModuleHandleW
LocalFree
GetEnvironmentVariableA
GetConsoleWindow
GetCurrentConsoleFont
GetLongPathNameA
GetErrorInfo
ExtractAssociatedIconA
ExtractAssociatedIconW
FindExecutableA
ExtractIconW
GetMenuItemCount
LookupIconIdFromDirectory
LoadMenuA
LockWindowUpdate
DefWindowProcW
DefFrameProcA
CreateIconFromResource
GetUserObjectInformationA
GetMenuStringA
DefMDIChildProcA
LoadKeyboardLayoutA
GetProcessWindowStation
GetClassLongA
GetKeyState
GetPrinterDriverW
GetPrinterW
strtod
mbtowc
fputws
strtoul
GetConvertStg
FaultInIEFeature
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
155648

ImageVersion
0.0

ProductName
Ulead VerCheck

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
VerCheck.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.

TimeStamp
2019:01:11 03:18:12-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
c_iscii

ProductVersion
1, 0, 0, 1

FileDescription
VerCheck

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsof

MachineType
Intel 386 or later, and compatibles

CompanyName
Ulead

CodeSize
16384

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2875

ObjectFileType
Dynamic link library

File identification
MD5 96d1e3c33bbf096ccd683da0e0db3c27
SHA1 600f490d78085c61adbbd5927c2e085c682a7cf6
SHA256 88b617431b4ea1241e01251bdb164cb8acec0008562241cb441db22c0d89df28
ssdeep
3072:I8xtan1cAnviUnTIEXMZeqpIJMifUBsAZ:/tan1Bnd8ZeqpiMifU

authentihash c4081be40950636837210fb5052b7130edc671422316510ada6f826a1d2e9c53
imphash 9bb3b058bc43ce4fa8b52431037715d7
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 03:21:35 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 04:00:17 UTC ( 1 month, 1 week ago )
File names TR1BZkYKtEe6.exe
7E1LdHuCLWclr4.exe
c_iscii
VerCheck.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!