× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b55db1cd1a5e7dd38027210d81689c20b31b28d934e5e6abced2e2a8c317feb
File name: lX6KBcgBAYXh.exe
Detection ratio: 47 / 69
Analysis date: 2018-12-06 18:28:31 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40810785 20181206
AegisLab Trojan.Win32.Emotet.4!c 20181206
AhnLab-V3 Trojan/Win32.Emotet.R247548 20181206
ALYac Trojan.Agent.Emotet 20181206
Arcabit Trojan.Generic.D26EB921 20181206
Avast Win32:BankerX-gen [Trj] 20181206
AVG Win32:BankerX-gen [Trj] 20181206
Avira (no cloud) TR/AD.Emotet.cnd 20181206
BitDefender Trojan.GenericKD.40810785 20181206
CAT-QuickHeal Trojan.Emotet.X4 20181206
Comodo Malware@#2pe2c5dj47jtx 20181206
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181206
Cyren W32/Emotet.KI.gen!Eldorado 20181206
eGambit Unsafe.AI_Score_81% 20181206
Emsisoft Trojan.GenericKD.40810785 (B) 20181206
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181206
F-Prot W32/Emotet.KI.gen!Eldorado 20181206
F-Secure Trojan.GenericKD.40810785 20181206
Fortinet W32/Kryptik.GNKB!tr 20181206
GData Trojan.GenericKD.40810785 20181206
Ikarus Trojan-Banker.Emotet 20181206
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542c6e1 ) 20181206
K7GW Trojan ( 00542c6e1 ) 20181206
Kaspersky Trojan-Banker.Win32.Emotet.btgy 20181206
Malwarebytes Trojan.Emotet 20181206
MAX malware (ai score=100) 20181206
McAfee Emotet-FKK!F93676306978 20181206
McAfee-GW-Edition Emotet-FKK!F93676306978 20181206
Microsoft Trojan:Win32/Emotet 20181206
eScan Trojan.GenericKD.40810785 20181206
NANO-Antivirus Trojan.Win32.Emotet.fkwecy 20181206
Palo Alto Networks (Known Signatures) generic.ml 20181206
Panda Trj/RnkBend.A 20181206
Qihoo-360 Win32/Trojan.436 20181206
Rising Trojan.Kryptik!8.8 (CLOUD) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-ANX 20181206
Symantec Trojan.Emotet 20181206
Trapmine malicious.high.ml.score 20181205
TrendMicro TSPY_EMOTET.OIBEBL 20181206
TrendMicro-HouseCall TSPY_EMOTET.OIBEBL 20181206
VBA32 BScope.TrojanBanker.Emotet 20181206
Webroot W32.Trojan.Emotet 20181206
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btgy 20181206
Alibaba 20180921
Antiy-AVL 20181205
Avast-Mobile 20181206
Babable 20180918
Baidu 20181206
Bkav 20181205
ClamAV 20181206
CMC 20181205
Cybereason 20180225
DrWeb 20181206
Jiangmin 20181206
Kingsoft 20181206
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trustlook 20181206
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating S
Original name WerMgr
Internal name WerMgr
File version 6.1.7601.23452 (win7sp1_ldr.160512-0
Description Twe Problem Reporting
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-20 19:20:17
Entry Point 0x00006C3C
Number of sections 7
PE sections
PE imports
PrivilegeCheck
GetStringScripts
LocalFileTimeToFileTime
GetModuleHandleW
FreeConsole
GetNamedPipeClientProcessId
LZSeek
DdeFreeStringHandle
GetMenuDefaultItem
GetDlgItemInt
LoadAcceleratorsW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twe Problem Reporting

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
334336

EntryPoint
0x6c3c

OriginalFileName
WerMgr

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.23452 (win7sp1_ldr.160512-0

TimeStamp
2004:06:20 21:20:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WerMgr

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twe Corporation

CodeSize
29696

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 f9367630697814df89999cbfae96c849
SHA1 96da64fdd9cb2f5df599cae8ded1e4792b241c17
SHA256 8b55db1cd1a5e7dd38027210d81689c20b31b28d934e5e6abced2e2a8c317feb
ssdeep
3072:mRyuT71ZNMEHzbphQQl/nE9iOYdsODyV3jxSlWMAj:mRyuT5x7hnE9vYNDyVY

authentihash 7b602eef7ef036f468de89977d4a63470addf290ff22a2f5aa043030f0d62742
imphash b84a01864edccfbb8ce5c78107240d8d
File size 350.0 KB ( 358400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 13:12:33 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-21 21:40:09 UTC ( 2 months ago )
File names XdTodTPWjr.exe
f9367630697814df89999cbfae96c849
Bkn8t6CScdoFCdAK.exe
Bx24yadq.exe
rbkC7uY7nC.exe
NpLPm2zfUvGl.exe
NVbDXqui.exe
fixhop.exe
WerMgr
pdhrestore.exe
lX6KBcgBAYXh.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!