× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96a2a2b0e413c157ac675986944a3491355530befe00e28b282b165a6e4d2b51
File name: 96a2a2b0e413c157ac675986944a3491355530befe00e28b282b165a6e4d2b51
Detection ratio: 10 / 67
Analysis date: 2018-08-17 07:22:35 UTC ( 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180817
CAT-QuickHeal Trojan.Emotet.X4 20180816
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
McAfee Emotet-FIK!9D0F7F22E040 20180817
Microsoft Trojan:Win32/Emotet.AC!bit 20180817
Qihoo-360 HEUR/QVM20.1.3D8B.Malware.Gen 20180817
Rising Malware.Heuristic!ET#83% (RDM+:cmRtazq0BBs/y9KQ5K16rJGfmT+u) 20180817
SentinelOne (Static ML) static engine - malicious 20180701
Ad-Aware 20180817
AegisLab 20180817
AhnLab-V3 20180817
Alibaba 20180713
ALYac 20180817
Antiy-AVL 20180816
Arcabit 20180817
Avast 20180817
Avast-Mobile 20180817
AVG 20180817
Avira (no cloud) 20180817
AVware 20180817
Babable 20180725
BitDefender 20180817
Bkav 20180816
ClamAV 20180817
CMC 20180817
Comodo 20180817
Cybereason 20180225
Cyren 20180817
DrWeb 20180817
eGambit 20180817
Emsisoft 20180817
ESET-NOD32 20180817
F-Prot 20180817
F-Secure 20180817
Fortinet 20180817
GData 20180817
Ikarus 20180816
Jiangmin 20180817
K7AntiVirus 20180816
K7GW 20180817
Kaspersky 20180817
Kingsoft 20180817
Malwarebytes 20180817
MAX 20180817
McAfee-GW-Edition 20180817
eScan 20180817
NANO-Antivirus 20180817
Palo Alto Networks (Known Signatures) 20180817
Panda 20180816
Sophos AV 20180817
SUPERAntiSpyware 20180817
Symantec 20180817
Symantec Mobile Insight 20180814
TACHYON 20180817
Tencent 20180817
TheHacker 20180815
TotalDefense 20180816
TrendMicro 20180817
TrendMicro-HouseCall 20180817
Trustlook 20180817
VBA32 20180816
VIPRE 20180817
ViRobot 20180817
Webroot 20180817
Yandex 20180816
Zillya 20180816
ZoneAlarm by Check Point 20180817
Zoner 20180816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name qwfew
Internal name gwrher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-17 14:16:13
Entry Point 0x00014597
Number of sections 6
PE sections
PE imports
RegDisablePredefinedCache
QueryUsersOnEncryptedFile
GetTrusteeNameW
Arc
GetMiterLimit
SetThreadLocale
GetModuleHandleA
lstrcatA
GetWindowsDirectoryA
GetCommandLineA
WinExec
GetProcessHeap
NetLocalGroupAddMembers
NetLocalGroupGetInfo
SafeArrayUnaccessData
RpcBindingSetAuthInfoExA
PathIsDirectoryEmptyW
ImpersonateSecurityContext
GetKeyboardLayout
GetCapture
EndDialog
SetWindowContextHelpId
ChangeMenuA
InternetUnlockRequestFile
EndDocPrinter
XcvDataW
SCardFreeMemory
vfwprintf
CreateBindCtx
CoRevokeClassObject
ReleaseBindInfo
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
274944

EntryPoint
0x14597

OriginalFileName
qwfew

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2018:08:17 16:16:13+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
gwrher

ProductVersion
6.1.7600.163

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporat

CodeSize
86528

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9d0f7f22e040f2da8c857b1d0d175767
SHA1 9bf5515cf7a15e10c376bca57d777ba756a96145
SHA256 96a2a2b0e413c157ac675986944a3491355530befe00e28b282b165a6e4d2b51
ssdeep
6144:q5TM9834bQXjJO5vhvXo/KF//O4j0fYK/nQ2WumLalAwbj:2TMe34bQXw3vIKF/G4jdK/jealZb

authentihash 98ba16e12ccfef30b697eb38e8bbf10f98089da79c7d8c9dbb55808209f55b4c
imphash 9de99e04440946697f7e6a589aa7901d
File size 349.0 KB ( 357376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-17 07:22:35 UTC ( 6 months ago )
Last submission 2018-08-22 15:44:18 UTC ( 5 months, 3 weeks ago )
File names 24101100.exe
qwfew
22287.exe
28506.exe
dingpowr.exe
5818.exe
17557976.exe
21227992.exe
9d0f7f22e040f2da8c857b1d0d175767_exe
gwrher
41.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs