Antivirus scan for a69dc99d3b0c1525a3e6ac25fc0a64f6bd4cc7b71c2e81b03ce1013f3ab313cf at 2018-07-18 13:26:07 UTC

Antivirus	Result	Update
AhnLab-V3	Trojan/Win32.Emotet.R231763	20180718
Avast	Win32:GenX	20180718
AVG	Win32:GenX	20180718
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180717
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20180530
Cylance	Unsafe	20180718
Cyren	W32/Emotet.DZ.gen!Eldorado	20180718
Emsisoft	Trojan.Emotet (A)	20180718
Endgame	malicious (high confidence)	20180711
ESET-NOD32	a variant of Win32/Kryptik.GIUM	20180718
F-Prot	W32/Emotet.DZ.gen!Eldorado	20180718
Fortinet	W32/PossibleThreat	20180718
GData	Win32.Trojan-Spy.Emotet.SE	20180718
Sophos ML	heuristic	20180717
Kaspersky	Trojan.Win32.Dovs.piy	20180718
Malwarebytes	Spyware.Emotet	20180718
Microsoft	Trojan:Win32/Emotet.AC!bit	20180718
Palo Alto Networks (Known Signatures)	generic.ml	20180718
Panda	Trj/GdSda.A	20180718
Qihoo-360	HEUR/QVM20.1.8065.Malware.Gen	20180718
Rising	Trojan.Kryptik!8.8 (TFE:dGZlOgTLYFRAh8IbQA)	20180718
SentinelOne (Static ML)	static engine - malicious	20180701
Sophos AV	Mal/EncPk-ANX	20180718
Symantec	Packed.Generic.517	20180718
TrendMicro	TROJ_GEN.R020C0SGG18	20180718
TrendMicro-HouseCall	TROJ_GEN.R020C0SGG18	20180718
VBA32	BScope.Trojan.Dovs	20180718
Webroot	W32.Trojan.Emotet	20180718
ZoneAlarm by Check Point	Trojan.Win32.Dovs.piy	20180718
Ad-Aware		20180718
AegisLab		20180718
Alibaba		20180713
ALYac		20180718
Antiy-AVL		20180718
Arcabit		20180718
Avast-Mobile		20180718
Avira (no cloud)		20180718
AVware		20180718
Babable		20180406
BitDefender		20180718
Bkav		20180718
CAT-QuickHeal		20180718
ClamAV		20180717
CMC		20180717
Comodo		20180718
Cybereason		20180225
DrWeb		20180718
eGambit		20180718
F-Secure		20180718
Ikarus		20180718
Jiangmin		20180718
K7AntiVirus		20180718
K7GW		20180718
Kingsoft		20180718
MAX		20180718
McAfee		20180718
McAfee-GW-Edition		20180718
eScan		20180718
NANO-Antivirus		20180718
SUPERAntiSpyware		20180718
TACHYON		20180718
Tencent		20180718
TheHacker		20180716
TotalDefense		20180718
Trustlook		20180718
VIPRE		20180718
ViRobot		20180718
Yandex		20180717
Zillya		20180718
Zoner		20180717

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product Microsoft® Windows® Operating S

Original name wfw.fwf

Internal name вввы (03.2)

Description Windows Cryptographic

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2017-02-23 03:20:06

Entry Point 0x00001A2B

Number of sections 6

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 100044 100352 6.10 8246e00db47a82d5662e07115ead9bbe

.data 106496 6920 3072 5.23 11d8edb17620a3eaaee6497b8fbf0954

.idata 114688 532 1024 2.78 d95331e688038d6d33ae7cf6b103e59d

.CRT 118784 4 512 0.06 25dc1190bcb24d84757e0048e7da495b

.rsrc 122880 952 1024 3.22 97a33710dd1475178099ac037a33bc7d

.reloc 126976 204 512 2.84 7402f196a53e5bdaf70b2887dbe5d1c5

PE imports

Number of PE resources by type

RT_VERSION 1

Number of PE resources by language

ENGLISH US 1

PE resources

db039dff4b4eef608090de86e9fa08e89a5047f6b2205ced2222660f0f659ed9 data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Sun Jul 15 00:10:46 2018 1640 39 Bytes

12 (12) Sun Jul 15 00:10:46 2018 1764 20 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

12.1

ImageVersion

0.0

FileSubtype

FileVersionNumber

36.1.2223.432

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

Windows Cryptographic

ImageFileCharacteristics

No relocs, Executable, 32-bit

CharacterSet

Unicode

InitializedDataSize

10240

EntryPoint

0x1a2b

OriginalFileName

PrintIsolationHost.exe

MIMEType

application/octet-stream

LegalCopyright

Microsoft Corporation. All rights reserv

TimeStamp

2017:02:23 04:20:06+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

(03.2)

ProductVersion

6.1.7600.16385

SubsystemVersion

5.0

OSVersion

5.1

FileOS

Windows NT 32-bit

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Ddfdgf dgdsger

CodeSize

100352

ProductName

Microsoft Windows Operating S

ProductVersionNumber

16.1.4235.11

FileTypeExtension

exe

ObjectFileType

Dynamic link library

File identification

MD5 8f372224257dae9f4ba553a0bca722f5

SHA1 17c054892dcaa8d53cd1e825ab00d4b24790175c

SHA256 a69dc99d3b0c1525a3e6ac25fc0a64f6bd4cc7b71c2e81b03ce1013f3ab313cf

ssdeep

3072:Iaevy2ezDgaX9fUB38dWs/3e8q9gXlE2b:I7yCaNfUB0Ws/u8qJ

authentihash 6190551e37df9dc8c8586fb03c23fd14a9adcfb7bc3385cbffae77816a3637ca

imphash 448f080b0e1fe327b6cfb48235c20316

File size 105.0 KB ( 107520 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	OS/2 Executable (generic) (33.6%) Generic Win/DOS Executable (33.1%) DOS Executable Generic (33.1%)

VirusTotal metadata

First submission 2018-07-18 13:26:07 UTC ( 7 months, 1 week ago )

Last submission 2018-07-18 13:26:07 UTC ( 7 months, 1 week ago )

File names

wfw.fwf
вввы (03.2)

SHA256:	a69dc99d3b0c1525a3e6ac25fc0a64f6bd4cc7b71c2e81b03ce1013f3ab313cf
File name:	8f372224257dae9f4ba553a0bca722f5
Detection ratio:	29 / 68
Analysis date:	2018-07-18 13:26:07 UTC ( 7 months, 1 week ago ) View latest

Ciphered bundle