× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8da07525940e4971c5759d10dfc690428465b0ce53523e23a52b88a10bcf4c4d
File name: Iiib2rlOsDcw.exe
Detection ratio: 12 / 67
Analysis date: 2018-09-17 11:21:35 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20180917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180917
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fm 20180917
Microsoft Trojan:Win32/Emotet.AC!bit 20180917
Panda Generic Suspicious 20180916
Qihoo-360 HEUR/QVM20.1.ECEF.Malware.Gen 20180917
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgPzU/m1BsHLfQ) 20180917
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180917
Ad-Aware 20180913
AegisLab 20180917
AhnLab-V3 20180917
Alibaba 20180713
ALYac 20180917
Antiy-AVL 20180917
Arcabit 20180917
Avast 20180917
Avast-Mobile 20180917
AVG 20180917
Avira (no cloud) 20180917
AVware 20180917
Babable 20180907
Baidu 20180914
BitDefender 20180917
Bkav 20180917
CMC 20180917
Comodo 20180917
Cybereason 20180225
Cyren 20180917
DrWeb 20180917
eGambit 20180917
Emsisoft 20180917
ESET-NOD32 20180917
F-Prot 20180917
F-Secure 20180917
Fortinet 20180917
GData 20180917
Ikarus 20180917
Jiangmin 20180917
K7AntiVirus 20180917
K7GW 20180917
Kaspersky 20180917
Kingsoft 20180917
Malwarebytes 20180917
MAX 20180917
McAfee 20180917
eScan 20180917
NANO-Antivirus 20180917
Palo Alto Networks (Known Signatures) 20180917
Sophos AV 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180917
TrendMicro-HouseCall 20180917
Trustlook 20180917
VBA32 20180917
VIPRE 20180917
ViRobot 20180917
Webroot 20180917
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180917
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name uconv
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-17 11:15:42
Entry Point 0x00020839
Number of sections 8
PE sections
PE imports
CryptDestroyKey
IsValidAcl
InitiateSystemShutdownA
GetFileSecurityW
MakeSelfRelativeSD
CryptSetHashParam
RegDeleteValueA
QueryUsersOnEncryptedFile
DeleteAce
AVIStreamStart
CM_Get_DevNode_Custom_PropertyW
CM_Get_Device_Interface_List_SizeW
ImageList_SetBkColor
PageSetupDlgA
ChooseFontA
CryptMsgSignCTL
PFXExportCertStoreEx
CryptStringToBinaryA
GetGlyphIndicesW
PaintRgn
SetArcDirection
ArcTo
ImmGetCompositionWindow
GetIpAddrTable
EnumResourceTypesA
ReplaceFileA
GetDateFormatA
SetCommConfig
GetProcessShutdownParameters
GetModuleHandleA
MapViewOfFileEx
OpenSemaphoreA
_lopen
InterlockedDecrement
GetTickCount
TlsSetValue
DeleteTimerQueueTimer
IsDBCSLeadByte
AddRefActCtx
GetStringTypeW
CreateFileMappingW
FindFirstChangeNotificationW
MprAdminPortEnum
MprConfigInterfaceGetInfo
acmStreamOpen
ICSeqCompressFrameStart
ICDrawBegin
NetLocalGroupGetMembers
NetLocalGroupAddMembers
NetApiBufferReallocate
VARIANT_UserFree
SafeArrayAllocDescriptorEx
BSTR_UserFree
RevokeActiveObject
RasGetAutodialAddressA
RasGetEntryPropertiesA
RpcServerTestCancel
NdrSimpleTypeUnmarshall
I_RpcNegotiateTransferSyntax
NdrAsyncServerCall
SetupDiGetDeviceInstanceIdW
SetupDiSelectDevice
SetupDiGetClassDescriptionExA
SetupDiSetDeviceInstallParamsA
ShellAboutA
Shell_NotifyIconA
AssocQueryKeyW
PathUnExpandEnvStringsW
StrRChrW
PathFileExistsW
ChrCmpIW
PathGetArgsA
PathFindOnPathW
SHRegOpenUSKeyA
StrStrW
SHRegWriteUSValueW
TranslateNameW
GetUserNameExA
EmptyClipboard
GetDesktopWindow
SetScrollRange
ScrollWindowEx
SetRectEmpty
CharLowerW
GetDlgItemInt
SetActiveWindow
SetScrollInfo
ReleaseDC
GetRawInputDeviceInfoW
GetRawInputData
CharLowerBuffA
BringWindowToTop
OemToCharBuffA
IsCharLowerW
InvalidateRect
LoadMenuIndirectA
FindWindowExA
GetSysColorBrush
CopyAcceleratorTableW
CreateCursor
CloseClipboard
GetMenuContextHelpId
InternetOpenUrlW
CloseDriver
timeGetTime
mciGetCreatorTask
midiOutMessage
timeSetEvent
mixerGetControlDetailsA
CryptCATAdminAddCatalog
WTHelperGetProvCertFromChain
CryptCATCDFEnumAttributes
CryptCATGetMemberInfo
getpeername
getservbyport
SCardListCardsW
SCardGetStatusChangeA
wcscoll
setvbuf
getchar
HGLOBAL_UserFree
RegisterDragDrop
FreePropVariantArray
CoSwitchCallContext
CoResumeClassObjects
OleIsRunning
PropVariantClear
HICON_UserSize
CoGetObjectContext
PdhBrowseCountersW
PdhOpenQueryH
CoInternetIsFeatureEnabledForUrl
RegisterBindStatusCallback
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
0

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
261120

EntryPoint
0x20839

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2018:09:17 04:15:42-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
uconv

ProductVersion
Personal

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 11318744585631e9b714fea6207010b7
SHA1 fb2086d390c1755b53580013c727398d9fb5c01b
SHA256 8da07525940e4971c5759d10dfc690428465b0ce53523e23a52b88a10bcf4c4d
ssdeep
3072:roImd7TSxETw9+eJJpHlGmfpK2mjehHYGZ/J89rwW1cdTWxMB8ua7uu2l/3SucTD:UI47OxETwLJjN7N5E91UWCuuaqu/

authentihash e2e36eba1dd04d7b92da083205ee64191c24b7c1cf53e8849e9bcb26bb52d636
imphash 15ae48d76d15bcf8af68568a1303013d
File size 383.0 KB ( 392192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-17 11:21:35 UTC ( 5 months, 1 week ago )
Last submission 2018-09-17 15:31:00 UTC ( 5 months, 1 week ago )
File names cbb4jQXQeX1.exe
PjPCeZZx.exe
Gu4ZJqjfxrf.exe
Ifz25xGeeIo.exe
XWTj5r3OIgnZ.exe
ORANGEIOWA.EXE
lD9dOKJoSGp.exe
mTCBpt3i.exe
5zF0CaRb.exe
ezufVVa9.exe
399.exe
palloada.exe
uconv
hCPx8bDh.exe
255.exe.5.dr
HtfDFZ4e.exe
windowfail.exe
255.exe
b62avOca5wR.exe
LEvt70mqLg1.exe
uZeVGs3KFS.exe
YSTRXyvPJ.exe
QvNdmDGoONr.exe
Iiib2rlOsDcw.exe
uG5GqgnWyEI.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!