× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bf5a59de51566687e880a2680fb93d93bdccc63b055ec74743f0ac7c86f9b89
File name: 20200770.exe
Detection ratio: 13 / 66
Analysis date: 2018-06-01 12:06:57 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20180601
Cylance Unsafe 20180601
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/GenKryptik.BALZ 20180601
Fortinet W32/GenKryptik.CALT!tr 20180601
Sophos ML heuristic 20180601
K7GW Hacktool ( 700007861 ) 20180601
Palo Alto Networks (Known Signatures) generic.ml 20180601
Qihoo-360 HEUR/QVM20.1.8D87.Malware.Gen 20180601
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180601
VBA32 BScope.Trojan.Dovs 20180601
Webroot W32.Trojan.Emotet 20180601
Ad-Aware 20180601
AegisLab 20180601
AhnLab-V3 20180601
Alibaba 20180601
ALYac 20180601
Antiy-AVL 20180601
Arcabit 20180601
Avast 20180601
Avast-Mobile 20180531
AVG 20180601
Avira (no cloud) 20180601
AVware 20180601
Babable 20180406
BitDefender 20180601
Bkav 20180601
CAT-QuickHeal 20180601
ClamAV 20180601
CMC 20180529
Comodo 20180601
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180601
DrWeb 20180601
eGambit 20180601
Emsisoft 20180601
F-Prot 20180601
F-Secure 20180601
GData 20180601
Ikarus 20180601
Jiangmin 20180601
K7AntiVirus 20180601
Kaspersky 20180601
Kingsoft 20180601
Malwarebytes 20180601
MAX 20180601
McAfee 20180601
McAfee-GW-Edition 20180601
Microsoft 20180601
eScan 20180601
NANO-Antivirus 20180601
nProtect 20180601
Panda 20180531
Rising 20180601
Sophos AV 20180601
SUPERAntiSpyware 20180601
Symantec Mobile Insight 20180601
Tencent 20180601
TheHacker 20180531
TotalDefense 20180601
TrendMicro 20180601
TrendMicro-HouseCall 20180601
Trustlook 20180601
VIPRE 20180601
ViRobot 20180601
Yandex 20180529
Zillya 20180531
ZoneAlarm by Check Point 20180601
Zoner 20180531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SPReview.exe
Internal name SPReview.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description SP Reviewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2035-07-30 21:36:11
Entry Point 0x0000262D
Number of sections 5
PE sections
PE imports
CloseEncryptedFileRaw
AddAce
CM_Locate_DevNodeW
CertEnumCRLsInStore
CertSerializeCertificateStoreElement
GetObjectType
IpRenewAddress
GetNativeSystemInfo
OpenThread
SetProcessWorkingSetSize
SizeofResource
CreateDirectoryExW
ReadFile
lstrlenA
GetExitCodeThread
VirtualProtectEx
Process32Next
AttachConsole
SetSystemTimeAdjustment
GetComputerNameExW
QueueUserWorkItem
Thread32Next
FindFirstFileNameTransactedW
ExpandEnvironmentStringsA
CancelIo
SetEnvironmentVariableA
LZSeek
acmDriverRemove
acmStreamSize
VarDateFromR8
VarR8FromUI4
NdrStubCall2
I_RpcMapWin32Status
RpcMgmtEnableIdleCleanup
SetupDiDrawMiniIcon
ExtractAssociatedIconW
SHRegEnumUSValueW
SHDeleteKeyW
EncryptMessage
BroadcastSystemMessageA
DrawTextW
DestroyWindow
IsProcessDPIAware
CopyImage
InternetQueryDataAvailable
InternetSetCookieA
mixerGetDevCapsW
Ord(30)
wprintf
RtlInterlockedPopEntrySList
OleCreate
HICON_UserMarshal
CoGetObjectContext
CoGetMalloc
PdhBrowseCountersW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45056

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SP Reviewer

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
SPReview.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2035:07:30 22:36:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPReview.exe

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
172032

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x262d

ObjectFileType
Executable application

File identification
MD5 778c5fc8221aa99f8f4ab007df3e6c64
SHA1 6131eefa594f6fffb35ad9fad2dfb1cb515a13ec
SHA256 8bf5a59de51566687e880a2680fb93d93bdccc63b055ec74743f0ac7c86f9b89
ssdeep
3072:zcmF2WcnFcImZIpfei0NVYgMlGZTgM7I:wmx4Mxuk

authentihash cc0b5570086fea8f35145ff1bd5d9ec8aa73965d264e1933c563792633b17780
imphash c5dff317f2080356c7e3bdab28b0bdbf
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-01 11:37:23 UTC ( 9 months, 3 weeks ago )
Last submission 2018-06-01 11:37:23 UTC ( 9 months, 3 weeks ago )
File names 20200770.exe
SPReview.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!