× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8947f0014f51da24d1d7425ed702c282fa92923c96123ad006c5a7808bc11f00
File name: PKWYcv19ptZNokWFzYr.exe
Detection ratio: 19 / 68
Analysis date: 2018-07-26 05:47:43 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R232549 20180726
AVG FileRepMalware 20180726
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180726
Bkav HW32.Packed.859A 20180725
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180726
Endgame malicious (high confidence) 20180710
ESET-NOD32 a variant of Win32/Kryptik.GJFO 20180726
Fortinet W32/GenKryptik.CFYN!tr 20180726
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20180726
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180726
Microsoft Trojan:Win32/Emotet.AC!bit 20180726
Qihoo-360 HEUR/QVM20.1.C145.Malware.Gen 20180726
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgJUt7g6UlyBQA) 20180726
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180726
VBA32 BScope.TrojanBanker.Emotet 20180725
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180726
Ad-Aware 20180726
AegisLab 20180726
Alibaba 20180713
ALYac 20180726
Antiy-AVL 20180725
Arcabit 20180726
Avast 20180726
Avast-Mobile 20180725
Avira (no cloud) 20180725
AVware 20180726
Babable 20180725
BitDefender 20180726
CAT-QuickHeal 20180725
ClamAV 20180726
CMC 20180725
Comodo 20180725
Cybereason 20180225
Cyren 20180726
DrWeb 20180726
eGambit 20180726
Emsisoft 20180726
F-Prot 20180726
F-Secure 20180726
GData 20180726
Ikarus 20180725
Jiangmin 20180726
K7AntiVirus 20180725
K7GW 20180726
Kingsoft 20180726
Malwarebytes 20180726
MAX 20180726
McAfee 20180726
eScan 20180726
NANO-Antivirus 20180726
Palo Alto Networks (Known Signatures) 20180726
Panda 20180725
Sophos AV 20180726
SUPERAntiSpyware 20180726
TACHYON 20180726
Tencent 20180726
TheHacker 20180726
TotalDefense 20180722
TrendMicro 20180726
TrendMicro-HouseCall 20180726
Trustlook 20180726
VIPRE 20180726
ViRobot 20180726
Webroot 20180726
Yandex 20180725
Zillya 20180725
Zoner 20180725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001B501
Number of sections 6
PE sections
PE imports
RevertToSelf
BuildTrusteeWithObjectsAndSidW
CryptStringToBinaryA
JetMakeKey
GetCPInfo
lstrlenA
FlsFree
FlsGetValue
VarDateFromR4
VarCyMulI4
OaBuildVersion
VarCyCmp
glPolygonMode
NdrStubCall2
StrCpyNW
DefMDIChildProcA
ChildWindowFromPointEx
EnumWindowStationsW
waveOutGetErrorTextW
wcsncmp
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
15360

EntryPoint
0x1b501

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
113152

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0ccd03ff32a224bfef9beb53e3921af5
SHA1 a4c8ad9931d43cfaf580d901e003550c08e92e6d
SHA256 8947f0014f51da24d1d7425ed702c282fa92923c96123ad006c5a7808bc11f00
ssdeep
3072:omHtAbrE5z3nbIgDbS1cslhMxgRZNKtYdcv:3ibanbNQcZoZNKtYdc

authentihash 39c3247391a282ed611041a33e1d6526a77ca0e1fa962de95b4fc05cbf27b28b
imphash fadf31465818c2979d50beaa564bd735
File size 122.0 KB ( 124928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-26 05:47:43 UTC ( 6 months, 3 weeks ago )
Last submission 2018-07-26 05:47:43 UTC ( 6 months, 3 weeks ago )
File names royaleentry.exe
PKWYcv19ptZNokWFzYr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!