× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 897b8adce1ad5ebda35f9081ea7134d096ac7f0b33e89f553e76774ad4cc14e5
File name: xcwuwP.exe
Detection ratio: 15 / 70
Analysis date: 2019-01-30 18:00:11 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190128
AVG FileRepMalware 20190130
Bkav HW32.Packed. 20190130
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190130
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Emotet.AC!bit 20190130
Palo Alto Networks (Known Signatures) generic.ml 20190130
Qihoo-360 HEUR/QVM20.1.E5A9.Malware.Gen 20190130
Rising Trojan.Azden!8.F0E3/N3#97% (RDM+:cmRtazoQBsHN0YTF3kKhtR/a6/8J) 20190130
SUPERAntiSpyware Trojan.Agent/Gen-Falprod 20190123
Symantec ML.Attribute.HighConfidence 20190130
Trapmine malicious.high.ml.score 20190123
Webroot W32.Trojan.Gen 20190130
Ad-Aware 20190130
AegisLab 20190130
AhnLab-V3 20190130
Alibaba 20180921
ALYac 20190130
Antiy-AVL 20190130
Arcabit 20190130
Avast 20190130
Avast-Mobile 20190130
Avira (no cloud) 20190130
Babable 20180918
Baidu 20190130
BitDefender 20190130
CAT-QuickHeal 20190130
ClamAV 20190130
CMC 20190130
Comodo 20190130
Cybereason 20190109
Cyren 20190130
DrWeb 20190130
eGambit 20190130
Emsisoft 20190130
ESET-NOD32 20190130
F-Prot 20190130
F-Secure 20190130
Fortinet 20190130
GData 20190130
Ikarus 20190130
Jiangmin 20190130
K7AntiVirus 20190130
K7GW 20190130
Kaspersky 20190130
Kingsoft 20190130
Malwarebytes 20190130
MAX 20190130
McAfee 20190130
McAfee-GW-Edition 20190130
eScan 20190130
NANO-Antivirus 20190130
Panda 20190130
SentinelOne (Static ML) 20190124
Sophos AV 20190130
TACHYON 20190130
Tencent 20190130
TheHacker 20190129
TotalDefense 20190130
TrendMicro 20190130
TrendMicro-HouseCall 20190130
Trustlook 20190130
VBA32 20190130
ViRobot 20190130
Yandex 20190129
Zillya 20190130
ZoneAlarm by Check Point 20190130
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All righ

Product Microsof
File version 6.1.7600.
Description Microsoft® Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-02-09 10:03:08
Entry Point 0x00001490
Number of sections 8
PE sections
PE imports
ImpersonateSelf
DeleteAce
CreateWellKnownSid
DeleteService
GetTickCount64
GetThreadPriority
GetTimeZoneInformation
GetFileMUIPath
GetSystemDefaultUILanguage
GetConsoleWindow
CreateSemaphoreW
SetThreadStackGuarantee
GetCommandLineW
GetLastActivePopup
BroadcastSystemMessageA
LogicalToPhysicalPoint
GetWindow
GetMenuDefaultItem
FrameRect
shutdown
Number of PE resources by type
RT_DIALOG 24
RT_STRING 12
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
SWEDISH 3
PORTUGUESE 3
GERMAN 3
SPANISH 3
FRENCH 3
PORTUGUESE BRAZILIAN 3
SPANISH MODERN 3
ENGLISH UK 3
DUTCH 3
SPANISH MEXICAN 3
ITALIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
167936

ImageVersion
0.0

ProductName
Microsof

FileVersionNumber
2.1.10.138

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.1

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.

TimeStamp
2000:02:09 02:03:08-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600

FileDescription
Microsoft Windows

OSVersion
6.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All righ

MachineType
Intel 386 or later, and compatibles

CompanyName
3dfx Interactive, Inc.

CodeSize
16384

FileSubtype
0

ProductVersionNumber
2.6.2.116

EntryPoint
0x1490

ObjectFileType
Dynamic link library

File identification
MD5 94c7b5be90726e5fefce8d03d92afa61
SHA1 933ad3fc4cd606a297c7aabb417c5fb1f8b65c75
SHA256 897b8adce1ad5ebda35f9081ea7134d096ac7f0b33e89f553e76774ad4cc14e5
ssdeep
3072:C+MZfQKpXrgIktEaFAzTrbLT51Qrq6xnM5gSzdJUzWn0HCWY86bIWLu4Nrme/1Z7:m94F8rbvQrq64f/Ui04

authentihash 6f29e334e8094e96376e5fb602927de6cad64de3683394722da80bec51c34794
imphash 5c53cdc8148e265e5f6b523dc0393b14
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-30 17:49:34 UTC ( 3 months, 3 weeks ago )
Last submission 2019-01-30 18:13:44 UTC ( 3 months, 3 weeks ago )
File names wYh3PjzVMk.exe
emotet_e1_897b8adce1ad5ebda35f9081ea7134d096ac7f0b33e89f553e76774ad4cc14e5_2019-01-30__174502.exe_
xcwuwP.exe
goXKFLyY.exe
P5fU99D7Bnw.exe
Y1AFG09eyBee.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!