× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a802599359238f43d84d5a81ac1c55e11a18c10e04df2a203fb0c7c3f45d5af8
File name: yU2hsndQS2.exe
Detection ratio: 41 / 70
Analysis date: 2018-12-31 01:08:52 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40875262 20181231
ALYac Trojan.GenericKD.40875262 20181231
Arcabit Trojan.Generic.D26FB4FE 20181230
Avast Win32:BankerX-gen [Trj] 20181230
AVG Win32:BankerX-gen [Trj] 20181230
Avira (no cloud) TR/AD.Emotet.wujvr 20181230
BitDefender Trojan.GenericKD.40875262 20181230
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181231
eGambit Unsafe.AI_Score_83% 20181231
Emsisoft Trojan.GenericKD.40875262 (B) 20181230
ESET-NOD32 a variant of Win32/Kryptik.GODV 20181230
F-Secure Trojan.GenericKD.40875262 20181230
Fortinet W32/Kryptik.GOCE!tr 20181230
GData Trojan.GenericKD.40875262 20181230
Ikarus Trojan.Win32.Crypt 20181230
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054488c1 ) 20181230
K7GW Trojan ( 0054488c1 ) 20181230
Kaspersky Trojan-Banker.Win32.Emotet.bwyi 20181230
Malwarebytes Trojan.Emotet.Generic 20181230
MAX malware (ai score=87) 20181231
McAfee Emotet-FID!D7856A9A992C 20181230
McAfee-GW-Edition Emotet-FID!D7856A9A992C 20181230
Microsoft Trojan:Win32/Emotet.AC!bit 20181230
eScan Trojan.GenericKD.40875262 20181230
NANO-Antivirus Trojan.Win32.Generic.flnwhq 20181230
Palo Alto Networks (Known Signatures) generic.ml 20181231
Panda Trj/Genetic.gen 20181230
Qihoo-360 Win32/Trojan.5a7 20181231
Rising Trojan.Emotet!8.B95 (CLOUD) 20181230
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181230
Symantec Packed.Generic.517 20181230
Tencent Win32.Trojan-banker.Emotet.Wrzx 20181231
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R004C0OLS18 20181230
TrendMicro-HouseCall TROJ_GEN.R004C0OLS18 20181230
VBA32 BScope.Trojan.Emotet 20181229
Webroot W32.Trojan.Emotet 20181231
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bwyi 20181231
Acronis 20181227
AegisLab 20181230
Alibaba 20180921
Antiy-AVL 20181230
Avast-Mobile 20181230
Babable 20180918
Baidu 20181207
Bkav 20181227
CAT-QuickHeal 20181230
ClamAV 20181230
CMC 20181230
Comodo 20181230
Cybereason 20180225
Cyren 20181230
DrWeb 20181230
Endgame 20181108
F-Prot 20181230
Jiangmin 20181230
Kingsoft 20181231
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181230
TheHacker 20181230
TotalDefense 20181230
Trustlook 20181231
VIPRE 20181230
ViRobot 20181231
Yandex 20181229
Zillya 20181228
Zoner 20181231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Product Mozilla
Internal name palmsync
File version 1.4: 2003062408
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x000062BF
Number of sections 6
PE sections
PE imports
GetServiceKeyNameW
CryptHashData
ChangeServiceConfigW
RegSetValueA
SwapBuffers
GetColorAdjustment
DeleteDC
FrameRgn
GetFontData
RealizePalette
ImmIsIME
FlsFree
GetModuleHandleExW
Wow64EnableWow64FsRedirection
SetConsoleOutputCP
VerifyScripts
GetModuleHandleW
GetLocaleInfoW
GetExpandedNameW
RpcErrorStartEnumeration
SHGetFolderLocation
PathRemoveFileSpecA
PathIsRootA
RegisterClassExW
AttachThreadInput
waveInReset
CLSIDFromProgID
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
29696

UninitializedDataSize
1

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
219136

EntryPoint
0x62bf

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. Al

FileVersion
1.4: 2003062408

TimeStamp
2004:08:04 08:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
palmsync

ProductVersion
1.4: 2003062408

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d7856a9a992c9c5d9fae5dff33e68762
SHA1 a245dbb76389059b0be53a5ecf5bb327e9dea724
SHA256 a802599359238f43d84d5a81ac1c55e11a18c10e04df2a203fb0c7c3f45d5af8
ssdeep
3072:KpQzkBPojKQi29slLh0CwqiX6vZQtxRpxv1nt:/zmI/2lLB7Qtx9v1n

authentihash 4512ccd958ea08d01c319e115b073bc51496409090d1efdbb09982d6ec02bffe
imphash f82b7b16390eb8f0d99707f4c2bf7272
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-26 17:03:48 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-26 17:03:48 UTC ( 1 month, 3 weeks ago )
File names palmsync
yU2hsndQS2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!