× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e18bc984dc13a6e442a2fea931e6078b4d47d5e757b4f9400fecc817e57ac01
File name: YN65.exe
Detection ratio: 43 / 68
Analysis date: 2018-07-08 23:43:44 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31059911 20180708
AegisLab Tspy.Emotet.Smal8A!c 20180708
Antiy-AVL Trojan/Win32.TSGeneric 20180708
Arcabit Trojan.Generic.D1D9EFC7 20180708
Avast Win32:Malware-gen 20180708
AVG Win32:Malware-gen 20180708
AVware Trojan.Win32.Generic!BT 20180708
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180706
BitDefender Trojan.GenericKD.31059911 20180708
CAT-QuickHeal Trojan.Cloxer 20180708
Comodo .UnclassifiedMalware 20180708
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.623496 20180225
Cylance Unsafe 20180709
Cyren W32/Trojan.VYEK-4345 20180708
Emsisoft Trojan.GenericKD.31059911 (B) 20180708
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Emotet.BK 20180708
F-Secure Trojan.GenericKD.31059911 20180708
Fortinet W32/EMOTET.SMAL8A!tr 20180708
GData Trojan.GenericKD.31059911 20180708
Ikarus Trojan.SuspectCRC 20180708
Sophos ML heuristic 20180601
K7GW Riskware ( 0040eff71 ) 20180709
Kaspersky Trojan.Win32.Dovs.pev 20180708
Malwarebytes Trojan.Emotet 20180708
MAX malware (ai score=99) 20180709
McAfee Emotet-FHS!5E67C5303600 20180708
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180708
Microsoft Trojan:Win32/Emotet.AC!bit 20180709
eScan Trojan.GenericKD.31059911 20180708
Palo Alto Networks (Known Signatures) generic.ml 20180709
Panda Trj/CI.A 20180708
Qihoo-360 HEUR/QVM20.1.5491.Malware.Gen 20180709
Rising Trojan.Cloxer!8.F54F (CLOUD) 20180708
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180708
Symantec Packed.Generic.517 20180708
TrendMicro TSPY_EMOTET.SMAL8A 20180708
TrendMicro-HouseCall TSPY_EMOTET.SMAL8A 20180708
VIPRE Trojan.Win32.Generic!BT 20180708
Webroot W32.Trojan.Emotet 20180709
ZoneAlarm by Check Point Trojan.Win32.Dovs.pev 20180708
AhnLab-V3 20180708
ALYac 20180708
Avast-Mobile 20180708
Avira (no cloud) 20180708
Babable 20180406
Bkav 20180706
ClamAV 20180708
CMC 20180708
DrWeb 20180708
eGambit 20180709
F-Prot 20180708
Jiangmin 20180709
K7AntiVirus 20180708
Kingsoft 20180709
NANO-Antivirus 20180708
SUPERAntiSpyware 20180708
TACHYON 20180708
Tencent 20180709
TheHacker 20180708
TotalDefense 20180708
Trustlook 20180709
VBA32 20180707
ViRobot 20180708
Yandex 20180706
Zillya 20180706
Zoner 20180708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wscnotify.dll
Internal name wscnotify.dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000016D4
Number of sections 6
PE sections
PE imports
DeleteService
SetDCPenColor
GetFontUnicodeRanges
GetThreadId
FlushProcessWriteBuffers
SetCommState
lstrlenA
SHDeleteKeyA
LoadImageW
AddPrintProvidorW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x16d4

OriginalFileName
wscnotify.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:16 23:40:12-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
wscnotify.dll

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
112128

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 5e67c53036001a801df878a60429e97f
SHA1 00b71e8623496debce4c931f58fe8dcea4b88cb8
SHA256 8e18bc984dc13a6e442a2fea931e6078b4d47d5e757b4f9400fecc817e57ac01
ssdeep
1536:XylV/wizrDWgP3DSuujnE3A07GSvRieeQuEuumF8a6h8qzImO:QVbzXWk3DnujE3A0ZieeQuEbg8jDIB

authentihash 679fe5e04054422d587e2415099523f875fa7a8347f958db0bdfd24a85cf1ebf
imphash 839c50f15d392c58ad9cad15221cca1b
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-07 00:53:21 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-27 10:58:17 UTC ( 3 months, 3 weeks ago )
File names wscnotify.dll
YN65.exe
5e67c53036001a801df878a60429e97f.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!