× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a67915345f7a32e7c40c51469a983ae18b731a658c04e370f2674ce8246c32dd
File name: ded8NHEOUoLcssnXc.exe
Detection ratio: 13 / 66
Analysis date: 2018-11-09 00:03:43 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R243338 20181108
AVG FileRepMalware 20181109
Bkav HW32.Packed. 20181108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.100fe8 20180225
Cylance Unsafe 20181109
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181108
NANO-Antivirus Virus.Win32.Gen.ccmw 20181108
Qihoo-360 HEUR/QVM20.1.142B.Malware.Gen 20181109
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazrHMvnPhHtKhMEsVoCkptFf) 20181108
Symantec ML.Attribute.HighConfidence 20181108
Ad-Aware 20181109
AegisLab 20181108
Alibaba 20180921
ALYac 20181109
Antiy-AVL 20181108
Arcabit 20181108
Avast 20181109
Avast-Mobile 20181108
Avira (no cloud) 20181108
Babable 20180918
Baidu 20181108
BitDefender 20181108
CAT-QuickHeal 20181108
ClamAV 20181108
CMC 20181108
Cyren 20181108
DrWeb 20181108
Emsisoft 20181108
ESET-NOD32 20181108
F-Prot 20181108
F-Secure 20181108
Fortinet 20181108
GData 20181108
Ikarus 20181108
Jiangmin 20181108
K7AntiVirus 20181108
K7GW 20181108
Kaspersky 20181108
Kingsoft 20181109
Malwarebytes 20181108
MAX 20181109
McAfee 20181108
Microsoft 20181108
eScan 20181108
Palo Alto Networks (Known Signatures) 20181109
Panda 20181108
SentinelOne (Static ML) 20181011
Sophos AV 20181108
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181108
Tencent 20181109
TheHacker 20181108
TotalDefense 20181108
TrendMicro 20181108
TrendMicro-HouseCall 20181109
Trustlook 20181109
VBA32 20181108
ViRobot 20181108
Webroot 20181109
Yandex 20181108
Zillya 20181108
ZoneAlarm by Check Point 20181109
Zoner 20181109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name extr
Description Wimfltr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 21:58:56
Entry Point 0x000037D0
Number of sections 6
PE sections
PE imports
OpenBackupEventLogA
ChangeServiceConfig2W
QueryUsersOnEncryptedFile
CryptMsgClose
ScaleViewportExtEx
GetFontLanguageInfo
SetBitmapDimensionEx
CreateBrushIndirect
OpenFile
LocalLock
FileTimeToDosDateTime
GetTimeZoneInformation
WritePrivateProfileStringA
GetCommModemStatus
CreateDirectoryA
GetProcessIdOfThread
SetEvent
FlsGetValue
DeleteTimerQueueTimer
GetSystemTimes
GetCurrentThreadId
GetCommandLineW
SetHandleInformation
SleepEx
MprAdminConnectionEnum
VarI4FromStr
VarI4FromCy
RasGetEapUserIdentityA
SetupCopyOEMInfA
DuplicateIcon
SHSetLocalizedName
Ord(437)
GetCursorPos
SendDlgItemMessageA
GetMessagePos
GetScrollRange
LookupIconIdFromDirectory
DestroyAcceleratorTable
CloseWindow
BroadcastSystemMessageW
SCardStatusA
SCardBeginTransaction
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Wimfltr

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x37d0

MIMEType
application/octet-stream

TimeStamp
1996:06:16 23:58:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
extr

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0020351cc4c2a3ea6e0b1fc5fa684fe3
SHA1 626f9da100fe83bbee5a25d52b87a3d4b48be5c9
SHA256 a67915345f7a32e7c40c51469a983ae18b731a658c04e370f2674ce8246c32dd
ssdeep
3072:qTu19iMnR4ueRRKAQWXpr5r3/47hpK1W:qy1RrGFQ6r5c7

authentihash 7f433c653edf3d97694d96ff53251010de76585407f154d65c874659609aef69
imphash 83d49d36f67ea22c6ba3dc95a014ee94
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 00:03:43 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-09 08:57:21 UTC ( 3 months, 2 weeks ago )
File names 090.exe
ded8NHEOUoLcssnXc.exe
8915.exe
componmonjpn.exe
07037359.exe
5210.exe
4032.exe
3522455.exe
773.exe
71.exe
353505.exe
77888053.exe
824992.exe
plaincolorer.exe
96481549.exe
64.exe
5145706.exe
27267.exe
40853628.exe
452.exe
580332.exe
3.exe
37275.exe
shimswebcam.exe
0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!