× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9478505d778321e1c4a98ad474d5fae31ecf0acda70d303260386532a5e5d7d6
File name: 8002e1fe30c237df97e95e4e6172ac4a61683160
Detection ratio: 45 / 65
Analysis date: 2017-09-30 19:13:07 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.99 20170930
AegisLab Troj.Psw.W32!c 20170930
ALYac Gen:Variant.Ursu.99 20170930
Antiy-AVL Trojan[PSW]/Win32.AGeneric 20170930
Arcabit Trojan.Ursu.99 20170930
Avast Win32:Malware-gen 20170930
AVG Win32:Malware-gen 20170930
Avira (no cloud) TR/Dropper.Gen 20170930
AVware Trojan.Win32.Generic!BT 20170930
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20170930
BitDefender Gen:Variant.Ursu.99 20170930
CAT-QuickHeal TrojanPWS.Generic 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170930
Cyren W32/Trojan.DSQT-8928 20170930
DrWeb Trojan.DownLoader25.8942 20170930
Emsisoft Gen:Variant.Ursu.99 (B) 20170930
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of MSIL/Injector.SWO 20170930
F-Secure Gen:Variant.Ursu.99 20170930
Fortinet MSIL/Generic.AP.12F5B6!tr 20170929
GData Gen:Variant.Ursu.99 20170930
Ikarus Trojan.VB.Crypt 20170930
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00514e161 ) 20170928
K7GW Trojan ( 00514e161 ) 20170930
Kaspersky HEUR:Trojan-PSW.Win32.Generic 20170930
Malwarebytes Trojan.PasswordStealer 20170930
MAX malware (ai score=89) 20170930
McAfee Artemis!55C0510E20AA 20170930
McAfee-GW-Edition Artemis!Trojan 20170930
Microsoft Trojan:Win32/Skeeyah.A!rfn 20170930
eScan Gen:Variant.Ursu.99 20170930
NANO-Antivirus Trojan.Win32.Ursu.eslynt 20170930
Panda Trj/CI.A 20170930
Rising Dropper.Generic!8.35E (CLOUD) 20170930
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/MSIL-KCG 20170930
Symantec Trojan.Gen 20170930
TrendMicro TROJ_GEN.R00XC0OI817 20170930
TrendMicro-HouseCall TROJ_GEN.R00XC0OI817 20170930
VBA32 Trojan.MSIL.Crypt 20170929
VIPRE Trojan.Win32.Generic!BT 20170930
Yandex Trojan.Crypt!ewrnAAElduE 20170908
ZoneAlarm by Check Point HEUR:Trojan-PSW.Win32.Generic 20170930
AhnLab-V3 20170930
Alibaba 20170911
Avast-Mobile 20170929
ClamAV 20170930
CMC 20170928
Comodo 20170930
F-Prot 20170930
Jiangmin 20170930
Kingsoft 20170930
nProtect 20170930
Palo Alto Networks (Known Signatures) 20170930
Qihoo-360 20170930
SUPERAntiSpyware 20170930
Symantec Mobile Insight 20170928
Tencent 20170930
TheHacker 20170928
TotalDefense 20170930
Trustlook 20170930
ViRobot 20170930
Webroot 20170930
WhiteArmor 20170927
Zillya 20170929
Zoner 20170930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wmplayer.exe
Internal name wmplayer.exe
File version 12.0.7600.16667 (win7_gdr.100831-1503)
Description Windows Media Player
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-19 15:57:22
Entry Point 0x00055F4E
Number of sections 3
.NET details
Module Version ID 65b8cec7-4460-4007-a101-00b52e37cfde
TypeLib ID 4cdbe743-67d0-4bca-893e-f9c9817fdba7
PE sections
Overlays
MD5 8fa7d2aa0eadc091354847fd87a64415
File type data
Offset 499200
Size 14246400
Entropy 0.01
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 29
RT_GROUP_ICON 2
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 31
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.7600.16667

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
154624

EntryPoint
0x55f4e

OriginalFileName
wmplayer.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
12.0.7600.16667 (win7_gdr.100831-1503)

TimeStamp
2017:08:19 16:57:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmplayer.exe

ProductVersion
12.0.7600.16667

FileDescription
Windows Media Player

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
344064

ProductName
Microsoft Windows Operating System

ProductVersionNumber
12.0.7600.16667

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 55c0510e20aa823c57b7c3668aa66666
SHA1 8002e1fe30c237df97e95e4e6172ac4a61683160
SHA256 9478505d778321e1c4a98ad474d5fae31ecf0acda70d303260386532a5e5d7d6
ssdeep
12288:o4VhF1zCplin7UHkn9Nlm/eAYQqLWtVT:fNNklu7X9Ns/tYJLEV

authentihash 4e1306519af1b590810072125bc1f32bab95d37b9217141159d02c94ec1a8124
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 14.1 MB ( 14745600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2017-09-06 13:43:59 UTC ( 1 month, 2 weeks ago )
Last submission 2017-09-30 19:13:07 UTC ( 2 weeks, 5 days ago )
File names 55c0510e20aa823c57b7c3668aa66666
8002e1fe30c237df97e95e4e6172ac4a61683160
wmplayer.exe
55c0510e20aa823c57b7c3668aa66666.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications