× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a616b6993de830c16c15d2e41744b0b70b91a812e79259d4e01d11ba03de0d9c
File name: c4AozoaOjglDUx3rl.exe
Detection ratio: 44 / 67
Analysis date: 2018-12-17 02:12:01 UTC ( 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741306 20181217
AhnLab-V3 Trojan/RL.Generic.R243958 20181216
ALYac Trojan.GenericKD.40741306 20181217
Antiy-AVL Trojan/Win32.Emotet 20181216
Arcabit Trojan.Generic.D26DA9BA 20181216
Avast Win32:BankerX-gen [Trj] 20181216
AVG Win32:BankerX-gen [Trj] 20181216
Avira (no cloud) HEUR/AGEN.1018103 20181216
BitDefender Trojan.GenericKD.40741306 20181216
CAT-QuickHeal Trojan.IGENERIC 20181216
Comodo Malware@#3g9e8bo2utfh 20181216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.ec5241 20180225
Cylance Unsafe 20181217
Cyren W32/Trojan.LZMO-3426 20181216
Emsisoft Trojan.Emotet (A) 20181216
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMPB 20181216
F-Prot W32/Emotet.KV.gen!Eldorado 20181216
F-Secure Trojan.GenericKD.40741306 20181216
Fortinet W32/Generic!tr 20181216
Ikarus Trojan.Win32.Emotet 20181216
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181216
K7GW Riskware ( 0040eff71 ) 20181216
Kaspersky HEUR:Trojan.Win32.Generic 20181216
Malwarebytes Trojan.Emotet 20181216
McAfee Emotet-FKA!13514B4EC524 20181216
McAfee-GW-Edition Emotet-FKA!13514B4EC524 20181216
Microsoft Trojan:Win32/Emotet.AC!bit 20181216
eScan Trojan.GenericKD.40741306 20181216
Panda Trj/Genetic.gen 20181216
Qihoo-360 HEUR/QVM20.1.1723.Malware.Gen 20181217
Rising Trojan.Fuery!8.EAFB (CLOUD) 20181216
Sophos AV Mal/EncPk-ANY 20181216
Symantec Trojan.Gen.2 20181216
Tencent Win32.Trojan.Generic.Dvzl 20181217
Trapmine suspicious.low.ml.score 20181205
TrendMicro TSPY_EMOTET.THAAACAH 20181216
TrendMicro-HouseCall TSPY_EMOTET.THAAACAH 20181217
VBA32 Trojan.Emotet 20181214
Webroot W32.Trojan.Emotet 20181217
Zillya Trojan.Generic.Win32.336894 20181215
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181217
AegisLab 20181214
Alibaba 20180921
Avast-Mobile 20181216
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181216
CMC 20181216
DrWeb 20181216
eGambit 20181217
Jiangmin 20181216
Kingsoft 20181217
MAX 20181217
NANO-Antivirus 20181216
Palo Alto Networks (Known Signatures) 20181217
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181214
TheHacker 20181216
TotalDefense 20181216
ViRobot 20181217
Yandex 20181214
Zoner 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wcp.dll
Internal name WCPDll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Componentization Platform Servicing API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-09 12:00:45
Entry Point 0x00001F32
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
SetTextJustification
EndPath
GetStockObject
lstrcpynW
GetTimeFormatW
GetModuleHandleA
GetLongPathNameA
GetTimeZoneInformation
IsDialogMessageA
FindFirstUrlCacheGroup
GetColorProfileHeader
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294963199

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Componentization Platform Servicing API

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
366080

EntryPoint
0x1f32

OriginalFileName
wcp.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:11:09 13:00:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WCPDll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
9216

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 13514b4ec52415d6582746e91bc96a80
SHA1 25de3ffa42c8f3e4e0fde729d163f4223d1073c3
SHA256 a616b6993de830c16c15d2e41744b0b70b91a812e79259d4e01d11ba03de0d9c
ssdeep
3072:Tq37XGYRCwfq67T7nW2wXuKYDvf3POIuSmfbVlINwVwc1x4:2jGYRCwSAwXfI3Zu/VV

authentihash 281e9317edd20aa212c6ddbedb4b58bbabb7ab2c3732d2cb064ee6e5cfb790c5
imphash 38031ec4d1220c704086881a4de33c76
File size 359.0 KB ( 367616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 12:03:33 UTC ( 3 months, 1 week ago )
Last submission 2018-11-09 12:03:33 UTC ( 3 months, 1 week ago )
File names 38793006.exe
wcp.dll
WCPDll
c4AozoaOjglDUx3rl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!