× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0f3249eabd22685ed85781a71c3c0636bb56d524700178514aac30f1a374ffa
File name: c6rgLcZK1W3zat2l.exe
Detection ratio: 10 / 64
Analysis date: 2018-07-01 19:16:55 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180701
AVG FileRepMalware 20180701
Bkav HW32.Packed.E5EC 20180630
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Emsisoft Trojan.Emotet (A) 20180701
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GEWE!tr 20180701
Panda Generic Suspicious 20180701
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180701
Ad-Aware 20180701
AegisLab 20180701
AhnLab-V3 20180701
ALYac 20180701
Antiy-AVL 20180701
Arcabit 20180701
Avast-Mobile 20180701
Avira (no cloud) 20180701
AVware 20180701
Babable 20180406
Baidu 20180628
BitDefender 20180701
CAT-QuickHeal 20180701
ClamAV 20180701
CMC 20180701
Comodo 20180701
Cybereason 20180225
Cyren 20180701
DrWeb 20180701
eGambit 20180701
ESET-NOD32 20180701
F-Prot 20180701
F-Secure 20180701
GData 20180701
Ikarus 20180701
Sophos ML 20180601
Jiangmin 20180701
K7AntiVirus 20180701
K7GW 20180701
Kaspersky 20180701
Kingsoft 20180701
Malwarebytes 20180701
MAX 20180701
McAfee 20180701
McAfee-GW-Edition 20180701
Microsoft 20180701
eScan 20180701
NANO-Antivirus 20180701
Palo Alto Networks (Known Signatures) 20180701
Qihoo-360 20180701
Sophos AV 20180701
SUPERAntiSpyware 20180701
TACHYON 20180701
Tencent 20180701
TheHacker 20180628
TotalDefense 20180701
Trustlook 20180701
VBA32 20180629
VIPRE 20180701
ViRobot 20180701
Webroot 20180701
Yandex 20180629
Zillya 20180629
ZoneAlarm by Check Point 20180701
Zoner 20180701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-02 02:01:03
Entry Point 0x00012EFD
Number of sections 5
PE sections
PE imports
GetThreadId
GetUserDefaultLCID
GetTickCount
VarCyMul
CoGetCallerTID
ReleaseBindInfo
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x12efd

MIMEType
application/octet-stream

TimeStamp
2018:07:02 04:01:03+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
13.33.111

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QweWWWemiconductor Corporation

CodeSize
78336

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0719d14796382b624f5d120670259d41
SHA1 5073b6a3e7830d0c775527446f5b12caace5d092
SHA256 a0f3249eabd22685ed85781a71c3c0636bb56d524700178514aac30f1a374ffa
ssdeep
1536:y7G/c3eaKS/oHAgrFvhZAFkT8KWY1HGeLri:wGi2SsbBhZAF0J1B

authentihash 850e6c08fef897a9e78deecd9f3cef3701909a533c54dd65906eec7705ad322e
imphash fee70bc8b3858c351eb48aa400c43f11
File size 91.5 KB ( 93696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-01 19:16:55 UTC ( 7 months, 3 weeks ago )
Last submission 2018-07-20 21:45:24 UTC ( 7 months ago )
File names 70163832048.exe
cd0442ceec50f045b4cc046ea575b3f44cf0596e
output.113551968.txt
21588289.exe
515756584422.exe
c6rgLcZK1W3zat2l.exe
05270089683.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!