× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6e9520448ecb6d41ed42eb0a1af3ef3d6a04c667deba681e5b27f4e83ac1aab
File name: WINSVCS.EXE
Detection ratio: 36 / 68
Analysis date: 2018-11-06 09:57:37 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Malware.SYddld.153C6EC2 20181106
AhnLab-V3 Malware/Win32.Dlder.C2675989 20181106
ALYac Generic.Malware.SYddld.153C6EC2 20181106
Arcabit Generic.Malware.SYddld.153C6EC2 20181106
Avast FileRepMalware 20181106
AVG FileRepMalware 20181106
Avira (no cloud) TR/Crypt.XPACK.Gen 20181106
BitDefender Generic.Malware.SYddld.153C6EC2 20181106
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.83968a 20180225
Cylance Unsafe 20181106
DrWeb Win32.HLLW.Autoruner2.48132 20181106
Emsisoft Generic.Malware.SYddld.153C6EC2 (B) 20181106
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Phorpiex.J 20181106
Fortinet W32/Phorpiex.J!worm 20181106
GData Generic.Malware.SYddld.153C6EC2 20181106
Ikarus Worm.Win32.Phorpiex 20181105
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053af931 ) 20181106
K7GW Trojan ( 0053af931 ) 20181106
Kaspersky HEUR:Trojan.Win32.Generic 20181106
MAX malware (ai score=100) 20181106
McAfee GenericRXGO-EK!30F990F83968 20181106
McAfee-GW-Edition BehavesLike.Win32.Emotet.nm 20181106
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181106
eScan Generic.Malware.SYddld.153C6EC2 20181106
Palo Alto Networks (Known Signatures) generic.ml 20181106
Qihoo-360 HEUR/QVM07.1.04B7.Malware.Gen 20181106
Rising Worm.Phorpiex!8.48D (CLOUD) 20181106
Sophos AV Mal/Generic-S 20181106
Symantec Trojan.Gen.2 20181106
Tencent Win32.Worm.Phorpiex.Lknx 20181106
TrendMicro-HouseCall TROJ_GEN.R039H0CK518 20181106
VBA32 BScope.Trojan.Zonidel 20181106
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181106
AegisLab 20181106
Alibaba 20180921
Antiy-AVL 20181106
Avast-Mobile 20181106
Babable 20180918
Baidu 20181106
Bkav 20181102
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
Cyren 20181106
eGambit 20181106
F-Prot 20181106
F-Secure 20181106
Jiangmin 20181106
Kingsoft 20181106
Malwarebytes 20181106
NANO-Antivirus 20181106
Panda 20181105
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
TheHacker 20181104
TotalDefense 20181106
TrendMicro 20181106
Trustlook 20181106
VIPRE 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181102
Zillya 20181105
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-04 19:28:05
Entry Point 0x0000104E
Number of sections 5
PE sections
PE imports
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateToolhelp32Snapshot
GetLastError
CopyFileW
GetDriveTypeW
lstrlenA
GetModuleFileNameW
GlobalFree
ExitProcess
GetFileAttributesW
Process32Next
GetStartupInfoA
GetFileSize
Process32First
GetVolumeInformationW
SetErrorMode
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateMutexA
ExpandEnvironmentStringsW
GetFullPathNameW
CreateThread
MapViewOfFile
SetFilePointer
FindNextFileW
WriteFile
CloseHandle
CreateFileMappingA
FindFirstFileW
ExitThread
SetCurrentDirectoryW
UnmapViewOfFile
CreateFileW
GlobalAlloc
CreateProcessW
GetLogicalDriveStringsW
FindClose
Sleep
SetFileAttributesW
GetTickCount
GetModuleHandleA
__p__fmode
rand
_wfopen
fclose
_snwprintf
fprintf
_except_handler3
memset
fseek
memcpy
ftell
_snprintf
_XcptFilter
exit
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
srand
__p__commode
__getmainargs
_initterm
wcsstr
_exit
__set_app_type
VariantInit
ShellExecuteW
PathFileExistsW
PathFindFileNameA
PathFindFileNameW
CharLowerA
CharLowerW
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
CoCreateInstance
CoUninitialize
CoInitialize
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:04 20:28:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15360

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x104e

InitializedDataSize
15872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 30f990f83968afabc024456ca6d25390
SHA1 57317ae73ff91ae9e954e5de38911af131055513
SHA256 a6e9520448ecb6d41ed42eb0a1af3ef3d6a04c667deba681e5b27f4e83ac1aab
ssdeep
384:kFOLRw/JRKPadEINzpm/Pvr6rhIPljBMvOf/5GLL2L1QGL7Whs5e10UbZBvGt7aF:e7bpFk/L4OPtBT3g/qKhz0UNBK2F

authentihash c44a209a2af6771717d3154b5dfe1569df975488d42c357ce159b9505023eb67
imphash 7ae05a944686487267829fc5d6efc0dc
File size 31.5 KB ( 32256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-05 16:35:06 UTC ( 6 months, 3 weeks ago )
Last submission 2018-11-22 03:24:45 UTC ( 6 months ago )
File names winsvcs.exe
upit.exe
windows archive manager.exe
WINSVCS.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications