× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a67f4d14801ebb880fa126fad01759f56d85fc92d8d523598e112f97aa851ccb
File name: FuZa.exe
Detection ratio: 47 / 68
Analysis date: 2018-11-01 09:12:19 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.415601 20181101
AhnLab-V3 Trojan/Win32.Emotet.R241389 20181101
ALYac Gen:Variant.Razy.415601 20181101
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181031
Arcabit Trojan.Razy.D65771 20181101
Avast Win32:BankerX-gen [Trj] 20181101
AVG Win32:BankerX-gen [Trj] 20181101
Avira (no cloud) TR/AD.Emotet.jtxjx 20181101
BitDefender Gen:Variant.Razy.415601 20181101
CAT-QuickHeal Trojan.Emotet.X4 20181031
CMC Trojan.Win32.Obfuscated.en!O 20181101
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.555b02 20180225
Cylance Unsafe 20181101
Cyren W32/Trojan.SEUZ-3159 20181101
Emsisoft Gen:Variant.Razy.415601 (B) 20181101
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMAN 20181101
F-Secure Gen:Variant.Razy.415601 20181101
Fortinet W32/FakeAV.CPFG!tr 20181101
GData Win32.Trojan-Spy.Emotet.9XLVBA 20181101
Ikarus Trojan.Win32.Krypt 20181031
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dpv 20181101
K7AntiVirus Trojan ( 0053fd421 ) 20181101
K7GW Trojan ( 0053fd421 ) 20181101
Kaspersky Trojan-Banker.Win32.Emotet.bkzc 20181101
MAX malware (ai score=99) 20181101
McAfee RDN/Generic.dx 20181101
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.bz 20181101
Microsoft Trojan:Win32/Emotet.AC!bit 20181101
eScan Gen:Variant.Razy.415601 20181101
NANO-Antivirus Trojan.Win32.Emotet.fjtbbz 20181101
Palo Alto Networks (Known Signatures) generic.ml 20181101
Panda Trj/GdSda.A 20181031
Qihoo-360 HEUR/QVM20.1.CE13.Malware.Gen 20181101
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181101
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181101
Symantec Trojan.Emotet 20181031
Tencent Win32.Trojan-banker.Emotet.Amwi 20181101
TrendMicro TROJ_GEN.R00AC0OJT18 20181101
TrendMicro-HouseCall TROJ_GEN.R00AC0OJT18 20181101
VBA32 Trojan.Fuerboos 20181031
VIPRE Trojan.Win32.Generic!BT 20181101
Webroot W32.Trojan.Gen 20181101
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bkzc 20181101
AegisLab 20181101
Alibaba 20180921
Avast-Mobile 20181101
Babable 20180918
Baidu 20181101
Bkav 20181031
ClamAV 20181101
DrWeb 20181101
eGambit 20181101
F-Prot 20181101
Kingsoft 20181101
Malwarebytes 20181101
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181101
TheHacker 20181031
TotalDefense 20181101
Trustlook 20181101
ViRobot 20181101
Yandex 20181030
Zillya 20181030
Zoner 20181101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Internal name wmspdmod.dll
File version 6.1.7601.19091
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-01 09:39:18
Entry Point 0x00007EAF
Number of sections 5
PE sections
PE imports
ReadEncryptedFileRaw
OffsetRgn
GetTcpStatistics
GetUserDefaultUILanguage
GetModuleHandleA
InitAtomTable
SetConsoleWindowInfo
SetupDiGetClassImageListExW
CM_Get_DevNode_Status
SetWindowsHookW
timeBeginPeriod
realloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:01 10:39:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
18.0

FileTypeExtension
exe

InitializedDataSize
774144

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x7eaf

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7fc44c4555b028c5bed3422f7550b1f2
SHA1 445d61e1125330d1489304b02514eac72f591255
SHA256 a67f4d14801ebb880fa126fad01759f56d85fc92d8d523598e112f97aa851ccb
ssdeep
3072:mNkNV2VXZlJyq0tXv8kvJluPFRoD3THG:mnVXZeq0hbvJwNWD3THG

authentihash 287428812b293ebcd99e69b5f5e3b58bf007508335b031a207c54d0022245d21
imphash 1c6949eb949fb6f77f27e56a68614cb6
File size 792.0 KB ( 811008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-27 09:08:29 UTC ( 3 months, 3 weeks ago )
Last submission 2018-10-27 09:08:29 UTC ( 3 months, 3 weeks ago )
File names FuZa.exe
wmspdmod.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs