× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a34543a1a70531b406197e2c4cd5b96eaf4eff1527fb6378aa7ea32ccd1db1a5
File name: Windows Service Engine.exe
Detection ratio: 49 / 67
Analysis date: 2018-01-08 02:22:10 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Ransom.HiddenTears.1 20180108
AegisLab Troj.W32.Generic!c 20180105
AhnLab-V3 Trojan/Win32.Ransom.C1513538 20180107
ALYac Gen:Heur.Ransom.HiddenTears.1 20180108
Antiy-AVL Trojan/Win32.AGeneric 20180108
Arcabit Trojan.Ransom.HiddenTears.1 20180108
Avast FileRepMalware 20180108
AVG FileRepMalware 20180108
Avira (no cloud) TR/ATRAPS.yilt 20180107
AVware Trojan.Win32.Generic!BT 20180103
BitDefender Gen:Heur.Ransom.HiddenTears.1 20180108
CAT-QuickHeal Ransom.Ryzerlo.S4 20180106
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180108
Cyren W32/Ransom.IQ.gen!Eldorado 20180108
DrWeb Trojan.Encoder.10598 20180108
Emsisoft Gen:Heur.Ransom.HiddenTears.1 (B) 20180108
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Filecoder.AK 20180107
F-Prot W32/Ransom.IQ.gen!Eldorado 20180108
F-Secure Gen:Heur.Ransom.HiddenTears.1 20180108
Fortinet MSIL/Filecoder.Y!tr 20180107
GData MSIL.Trojan-Ransom.Cryptear.R 20180108
Ikarus Trojan-Ransom.FileCoder 20180107
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.bnniw 20180108
K7AntiVirus Trojan ( 004de29f1 ) 20180107
K7GW Trojan ( 004de29f1 ) 20180107
Kaspersky HEUR:Trojan.Win32.Generic 20180108
MAX malware (ai score=100) 20180108
McAfee RDN/Ransom 20180102
McAfee-GW-Edition RDN/Ransom 20180108
Microsoft Ransom:MSIL/Ryzerlo.A 20180108
eScan Gen:Heur.Ransom.HiddenTears.1 20180108
NANO-Antivirus Trojan.Win32.MlwGen.edzfjk 20180107
Panda Trj/CI.A 20180107
Qihoo-360 Win32/Trojan.7b8 20180108
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Troj/Cryptear-A 20180108
Symantec Trojan.Gen.2 20180107
Tencent Win32.Trojan.Generic.Piag 20180108
TrendMicro Ransom_UYARITEAR.A 20180108
TrendMicro-HouseCall Ransom_UYARITEAR.A 20180108
VIPRE Trojan.Win32.Generic!BT 20180108
Webroot W32.Trojan.Gen 20180108
Yandex Trojan.Agent!4ABsO2Fdwj0 20171229
Zillya Trojan.Filecoder.Win32.2843 20180105
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180108
Alibaba 20180105
Avast-Mobile 20180107
Baidu 20180105
Bkav 20180106
ClamAV 20180107
CMC 20180107
Comodo 20180108
Kingsoft 20180108
Malwarebytes 20180107
nProtect 20180107
Palo Alto Networks (Known Signatures) 20180108
Rising 20180106
SUPERAntiSpyware 20180108
TheHacker 20180103
TotalDefense 20180107
Trustlook 20180108
VBA32 20180105
ViRobot 20180107
WhiteArmor 20171226
Zoner 20180107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product Windows Service Engine
Original name Windows Service Engine.exe
Internal name Windows Service Engine.exe
File version 1.0.0.0
Description Windows Service Engine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-07 19:00:29
Entry Point 0x0001E14A
Number of sections 3
.NET details
Module Version ID 0b16f711-23b1-40db-9a98-1e6a7ae17462
TypeLib ID 983f4d88-1f1e-4f5b-8eef-c42088e161bb
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x1e14a

OriginalFileName
Windows Service Engine.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:06:07 20:00:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Windows Service Engine.exe

ProductVersion
1.0.0.0

FileDescription
Windows Service Engine

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
115200

ProductName
Windows Service Engine

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 be6ece0c36cd22e18cd00f1839f216a4
SHA1 4a0613d858871d44484a338b46b09a6163d98ac2
SHA256 a34543a1a70531b406197e2c4cd5b96eaf4eff1527fb6378aa7ea32ccd1db1a5
ssdeep
3072:4xu+n52TM+lmsolAIrRuw+mqv9j1MWLQD:+p+lDAA

authentihash 06f93443bb2aec8ea5c046ba9e0ef8625eccfabadef59b196b6981e8817ea711
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 115.5 KB ( 118272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-06-28 18:30:26 UTC ( 2 years, 3 months ago )
Last submission 2016-08-06 00:31:04 UTC ( 2 years, 2 months ago )
File names Windows Service Engine.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!