× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a291aac806c219e1060f367e8a9fab8d06959017fceff5d6bb3d5da4718c315
File name: HEIORANGE.EXE
Detection ratio: 20 / 68
Analysis date: 2018-09-19 00:02:45 UTC ( 5 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180918
CAT-QuickHeal Trojan.Emotet.X4 20180918
Cylance Unsafe 20180919
Emsisoft Trojan.Emotet (A) 20180918
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CLLY 20180919
Kaspersky UDS:DangerousObject.Multi.Generic 20180918
Malwarebytes Trojan.Emotet 20180918
McAfee Emotet-FIB!DF62E36E28ED 20180918
McAfee-GW-Edition BehavesLike.Win32.PUPXAQ.cc 20180918
Microsoft Trojan:Win32/Emotet.AC!bit 20180918
Palo Alto Networks (Known Signatures) generic.ml 20180919
Qihoo-360 HEUR/QVM20.1.F4ED.Malware.Gen 20180919
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgL+Z60sd6m2hA) 20180918
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180918
Symantec Packed.Generic.517 20180918
VBA32 BScope.Trojan.Emotet 20180918
Webroot W32.Trojan.Emotet 20180919
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180919
Ad-Aware 20180917
AegisLab 20180918
AhnLab-V3 20180918
Alibaba 20180713
ALYac 20180918
Antiy-AVL 20180918
Arcabit 20180918
Avast 20180918
Avast-Mobile 20180918
Avira (no cloud) 20180919
AVware 20180918
Babable 20180918
Baidu 20180914
BitDefender 20180918
Bkav 20180918
ClamAV 20180919
CMC 20180918
Comodo 20180918
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180918
DrWeb 20180918
eGambit 20180919
F-Prot 20180918
F-Secure 20180918
Fortinet 20180918
GData 20180918
Ikarus 20180918
Sophos ML 20180717
Jiangmin 20180918
K7AntiVirus 20180918
K7GW 20180918
Kingsoft 20180919
MAX 20180919
eScan 20180918
NANO-Antivirus 20180919
Panda 20180918
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180918
Tencent 20180919
TheHacker 20180918
TotalDefense 20180918
TrendMicro 20180919
TrendMicro-HouseCall 20180919
Trustlook 20180919
VIPRE 20180919
ViRobot 20180918
Yandex 20180917
Zillya 20180918
Zoner 20180918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Hewlett-Packard Company 1999-2001

Product HP DeskJet
Original name
File version 2,66,0,0
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 04:15:40
Entry Point 0x00017D69
Number of sections 5
PE sections
PE imports
RegDisablePredefinedCacheEx
RemoveUsersFromEncryptedFile
CryptCreateHash
AVIStreamReadFormat
JetCloseTable
GetFileSize
GetProcessHandleCount
GetModuleHandleA
GetCommandLineW
PowerRestoreDefaultPowerSchemes
IsCharLowerW
PhysicalToLogicalPoint
ScrollDC
GetRawInputDeviceInfoW
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.66.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x17d69

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2,66,0,0

TimeStamp
2018:09:18 21:15:40-07:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) Hewlett-Packard Company 1999-2001

MachineType
Intel 386 or later, and compatibles

CompanyName
HP

CodeSize
98304

ProductName
HP DeskJet

ProductVersionNumber
2.66.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 df62e36e28ed65000fe77bf73bea48c3
SHA1 6dca34a500277880c7be6f1b50dc283efa96af33
SHA256 8a291aac806c219e1060f367e8a9fab8d06959017fceff5d6bb3d5da4718c315
ssdeep
3072:oLG1cPCajEuXA+2K9j4xktnJnAAoAo4nrrJng8VDhXh:oyCKaEG2K9E2tJnAFAo4HC8

authentihash ea1a5825ea4c30021f9b24db19f3cffd151f8afe2c513617ee201b14a21c16bb
imphash 5ce24c3306301885f4056a56eb71b39b
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-18 21:29:35 UTC ( 5 months ago )
Last submission 2018-09-18 23:23:45 UTC ( 5 months ago )
File names pGYmNYKH.exe
GdY3LyYpDrGH.exe
SHLPIOWA.EXE
WAVvb0hDwi.exe
ITVQvfVlew.exe
0tZQs3Y2.exe
EEk1LgU7rF.exe
HEIORANGE.EXE
wI3bIqz0OoZt.exe
r6Mb37pat43.exe
108.exe
i4aPApXxP5.exe
BCU7PwUf.exe
cUG0Xs6Kng.exe
FBjoCa8P.exe
OPiVAyIBXD.exe
KzAYXuWOV62.exe
ATrKMeIqf.exe
OO4YyQ2d6uOR.exe
xufDdYfXrjt.exe
bthHFStSBHq.exe
F1QDRhorpB.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!