× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 949bf684d7fd7d84bd8fa2faa493e4bea5b5e2bd89ff6c47b5295baad4856782
File name: 23259608.EXE
Detection ratio: 45 / 68
Analysis date: 2018-09-18 05:20:26 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40461959 20180917
ALYac Trojan.Agent.Emotet 20180918
Arcabit Trojan.Generic.D2696687 20180918
Avast Win32:Malware-gen 20180918
AVG Win32:Malware-gen 20180918
AVware Trojan.Win32.Generic!BT 20180918
BitDefender Trojan.GenericKD.40461959 20180918
CAT-QuickHeal Trojan.Emotet.X4 20180917
ClamAV Win.Dropper.Emotet-6681624-0 20180918
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.3b755d 20180225
Cylance Unsafe 20180918
Cyren W32/Trojan.SJVL-9251 20180918
Emsisoft Trojan.GenericKD.40461959 (B) 20180918
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GHBR 20180918
F-Secure Trojan.GenericKD.40461959 20180918
Fortinet W32/Emotet.BCYC!tr 20180918
GData Trojan.GenericKD.40461959 20180918
Ikarus Trojan.Win32.Crypt 20180917
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.csi 20180917
K7AntiVirus Trojan ( 00533b301 ) 20180918
K7GW Trojan ( 00533b301 ) 20180918
Kaspersky Trojan-Banker.Win32.Emotet.bcyc 20180918
Malwarebytes Trojan.Emotet 20180918
MAX malware (ai score=98) 20180918
McAfee RDN/Generic.grp 20180918
McAfee-GW-Edition RDN/Generic.grp 20180918
Microsoft Trojan:Win32/Emotet.AC!bit 20180918
eScan Trojan.GenericKD.40461959 20180918
NANO-Antivirus Trojan.Win32.Emotet.fhrffq 20180918
Palo Alto Networks (Known Signatures) generic.ml 20180918
Panda Trj/Genetic.gen 20180917
Qihoo-360 HEUR/QVM20.1.B9A5.Malware.Gen 20180918
Rising Trojan.Kryptik!8.8 (CLOUD) 20180918
Sophos AV Mal/EncPk-ANY 20180918
Symantec Packed.Generic.517 20180917
Tencent Win32.Trojan-banker.Emotet.Sxyh 20180918
TrendMicro TSPY_EMOTET.THIAOAH 20180918
TrendMicro-HouseCall TSPY_EMOTET.THIAOAH 20180918
VBA32 TrojanBanker.Emotet 20180917
VIPRE Trojan.Win32.Generic!BT 20180918
Webroot W32.Trojan.Emotet 20180918
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bcyc 20180918
AegisLab 20180918
AhnLab-V3 20180917
Alibaba 20180713
Antiy-AVL 20180918
Avast-Mobile 20180917
Avira (no cloud) 20180917
Babable 20180918
Baidu 20180914
Bkav 20180917
CMC 20180917
Comodo 20180918
DrWeb 20180918
eGambit 20180918
F-Prot 20180918
Kingsoft 20180918
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180918
TheHacker 20180914
TotalDefense 20180918
Trustlook 20180918
ViRobot 20180917
Yandex 20180917
Zillya 20180917
Zoner 20180917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name wups.dl
File version 7.6.
Description Window
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-08 16:01:04
Entry Point 0x000242E7
Number of sections 5
PE sections
PE imports
GetCurrentHwProfileW
RegSetKeySecurity
GetModuleHandleA
FindFirstFileExW
GetBinaryTypeA
StrChrNW
FreeCredentialsHandle
FindNextUrlCacheEntryExA
FindFirstUrlCacheEntryExA
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Window

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
365056

EntryPoint
0x242e7

MIMEType
application/octet-stream

FileVersion
7.6.

TimeStamp
2018:09:08 09:01:04-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
wups.dl

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corp

CodeSize
148480

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 59a38203b755d87f62418ae2ece0e083
SHA1 9cb9153682ce57af98b2d6803d7cf91a328cdda9
SHA256 949bf684d7fd7d84bd8fa2faa493e4bea5b5e2bd89ff6c47b5295baad4856782
ssdeep
6144:nbD01X0yRGzifG4yrlx5KL5zc0rf8Uky3siJMcjd:nb8X0yRGziA8+0rzky3siZ

authentihash 567f8856faef751d8296c76dca6d69228044269f7b4cb97a2c334b2e3301c14e
imphash fa66f46cb403befcbd006db578a2753d
File size 497.0 KB ( 508928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-08 09:04:29 UTC ( 5 months, 2 weeks ago )
Last submission 2018-09-10 18:08:24 UTC ( 5 months, 2 weeks ago )
File names wups.dl
23259608.EXE
15133056.exe
tIntEsQ.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.