× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b4f6c49302114b34b940785508672c39ff0b2b0461d1449638e9690522c2921
File name: 8b4f6c49302114b34b940785508672c39ff0b2b0461d1449638e9690522c2921
Detection ratio: 16 / 70
Analysis date: 2018-12-03 18:50:05 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181203
AVG FileRepMalware 20181203
Comodo TrojWare.Win32.Trojan.XPack.~gen1@1rwlif 20181203
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.35ac3a 20180225
Cylance Unsafe 20181203
eGambit Unsafe.AI_Score_99% 20181203
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181203
Microsoft Trojan:Win32/Fuerboos.A!cl 20181203
Qihoo-360 HEUR/QVM20.1.9F83.Malware.Gen 20181203
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazpalUKuIbpquLWz2F6vhuPt) 20181203
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181203
Webroot W32.Trojan.Emotet 20181203
Ad-Aware 20181203
AegisLab 20181203
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181203
Antiy-AVL 20181202
Arcabit 20181203
Avast-Mobile 20181203
Avira (no cloud) 20181203
Babable 20180918
Baidu 20181203
BitDefender 20181203
Bkav 20181203
CAT-QuickHeal 20181203
ClamAV 20181203
CMC 20181203
Cyren 20181203
DrWeb 20181203
Emsisoft 20181203
ESET-NOD32 20181203
F-Prot 20181203
F-Secure 20181203
Fortinet 20181203
GData 20181203
Ikarus 20181203
Jiangmin 20181203
K7AntiVirus 20181203
K7GW 20181203
Kaspersky 20181203
Kingsoft 20181203
Malwarebytes 20181203
MAX 20181203
McAfee 20181203
eScan 20181203
NANO-Antivirus 20181203
Palo Alto Networks (Known Signatures) 20181203
Panda 20181203
Sophos AV 20181203
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181203
Tencent 20181203
TheHacker 20181202
TotalDefense 20181203
Trapmine 20181128
TrendMicro 20181203
TrendMicro-HouseCall 20181203
Trustlook 20181203
VBA32 20181203
VIPRE 20181202
ViRobot 20181203
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181203
Zoner 20181203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 18:45:21
Entry Point 0x00003D50
Number of sections 5
PE sections
PE imports
ImageList_SetIconSize
CryptMsgGetAndVerifySigner
SelectClipPath
LineTo
GetRandomRgn
GetVolumePathNamesForVolumeNameW
GlobalMemoryStatus
GetNamedPipeClientComputerNameA
GetDriveTypeW
GetBinaryTypeW
GetModuleHandleA
Process32First
lstrlenW
GetStringTypeExA
FillConsoleOutputAttribute
SetupDiDestroyDriverInfoList
CM_Reenumerate_DevNode_Ex
SetupDefaultQueueCallbackW
SHRegQueryInfoUSKeyW
StrChrA
StrSpnW
GetComputerObjectNameW
InsertMenuA
GetPriorityClipboardFormat
BeginDeferWindowPos
GetMenu
EnumDisplayMonitors
ExcludeUpdateRgn
GetUpdateRect
RealGetWindowClassA
InternetFindNextFileA
AddPrinterW
g_rgSCardT1Pci
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:03 19:45:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3d50

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 387926535ac3aa42fd091a724b898a08
SHA1 534cad7c9e0f6e7c0bf4234f7f0495f3bb135930
SHA256 8b4f6c49302114b34b940785508672c39ff0b2b0461d1449638e9690522c2921
ssdeep
3072:wbkeCFJBrYLfLzjxJxyEw6VHFfBu2IDdaef7nSk6PW:DFBrYDLjgEJFEoefLa

authentihash 29e813303043e3c8315c1f87b2b908e961aa26b1e862fa7359d84efd30c3605a
imphash 187914dd2026cc0919479c87f5bb0273
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 18:48:37 UTC ( 2 months, 2 weeks ago )
Last submission 2019-02-14 09:58:15 UTC ( 4 days ago )
File names 72034.exe
36236.exe
56268.exe
0813.exe
2202.exe
9.exe
11.exe
2018-12-03-Emotet-binary-retrieved-by-Word-macro.exe
552350.exe
6.exe
wups.
eGyfD1MZ.exe
dirmddefw.exe
50.exe
39314976.EXE
618.exe
372857.exe
ifacemerged.exe
keyandsendand.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!