× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a805060edb715614114d5b164404687f91b59a5965405798807dfc8ebf692e2b
File name: GMdRz.exe
Detection ratio: 34 / 68
Analysis date: 2019-01-11 14:08:59 UTC ( 1 month ago ) View latest
Antivirus Result Update
AegisLab Trojan.Multi.Generic.4!c 20190111
AhnLab-V3 Trojan/Win32.Emotet.R251407 20190111
Avast Win32:BankerX-gen [Trj] 20190112
AVG Win32:BankerX-gen [Trj] 20190112
Comodo Packed.Win32.TDSS.~AA@1rhbt5 20190111
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.794ef8 20190109
Cyren W32/Trojan.CDBS-2013 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOND 20190111
Fortinet W32/GenKryptik.CWEK!tr 20190111
Ikarus Trojan.Win32.Krypt 20190111
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190111
K7GW Riskware ( 0040eff71 ) 20190111
Kaspersky Trojan-Banker.Win32.Emotet.byul 20190111
Malwarebytes Trojan.Emotet 20190111
MAX malware (ai score=100) 20190112
McAfee Emotet-FLN!2C3312647674 20190111
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190111
Microsoft Trojan:Win32/Emotet.AC!bit 20190111
Palo Alto Networks (Known Signatures) generic.ml 20190112
Panda Trj/RnkBend.A 20190111
Qihoo-360 HEUR/QVM19.1.7615.Malware.Gen 20190112
Rising Trojan.Azden!8.F0E3 (TFE:3:xXOZ0RF4JRH) 20190111
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190111
Symantec Packed.Generic.517 20190111
Tencent Win32.Trojan-banker.Emotet.Hrpb 20190112
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAAAI 20190111
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAAAI 20190111
Webroot W32.Trojan.Emotet 20190112
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byul 20190111
Acronis 20190111
Ad-Aware 20190112
Alibaba 20180921
ALYac 20190112
Antiy-AVL 20190111
Arcabit 20190112
Avast-Mobile 20190111
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
BitDefender 20190112
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190111
DrWeb 20190111
eGambit 20190112
Emsisoft 20190111
F-Prot 20190111
GData 20190111
Jiangmin 20190111
Kingsoft 20190112
eScan 20190111
NANO-Antivirus 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
TheHacker 20190106
TotalDefense 20190111
Trustlook 20190112
VBA32 20190111
ViRobot 20190111
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright c 2000

Product Ulead VerCheck
Original name VerCheck.exe
Internal name VerCheck
File version 4, 0, 0, 0
Description VerCheck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-11 04:37:28
Entry Point 0x000029BF
Number of sections 5
PE sections
PE imports
IsValidAcl
GetSecurityDescriptorGroup
GetSidLengthRequired
RegOpenKeyExW
LogonUserA
GetFileSecurityA
LookupAccountSidA
CM_Get_DevNode_Registry_PropertyA
GetOpenFileNameW
GetTextFaceA
GetOutlineTextMetricsW
GetCharacterPlacementA
FillPath
GetSystemPaletteEntries
GetUserDefaultUILanguage
HeapFree
GetConsoleOutputCP
VirtualAllocEx
GetModuleFileNameW
GetConsoleCP
GetConsoleWindow
HeapAlloc
FindNLSString
GlobalUnlock
GetFileAttributesW
GetUserGeoID
FindNextVolumeW
GetLocalTime
GetTapeParameters
GetStartupInfoA
EnumSystemLocalesA
Wow64DisableWow64FsRedirection
GetConsoleMode
CreateThread
GetDateFormatW
MultiByteToWideChar
GetLogicalDrives
GetFileInformationByHandle
GlobalLock
VerifyScripts
GetProcessHeap
CreateFileMappingW
MapViewOfFile
GetTimeFormatW
GlobalReAlloc
LoadLibraryW
InterlockedExchange
GetCurrentProcess
Wow64RevertWow64FsRedirection
FreeConsole
GetModuleHandleW
FormatMessageW
IsWow64Process
FreeLibraryAndExitThread
UnmapViewOfFile
GlobalAlloc
QueryDosDeviceW
DebugBreak
NetGroupDelUser
QueryCredentialsAttributesW
GetWindowLongA
LoadImageW
DrawFocusRect
DrawTextExW
InsertMenuItemW
LookupIconIdFromDirectory
DeferWindowPos
CreateIconFromResource
GetWindowLongW
LoadKeyboardLayoutA
GetKeyState
DestroyWindow
GetColorProfileHeader
strftime
FaultInIEFeature
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VerCheck

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
155648

EntryPoint
0x29bf

OriginalFileName
VerCheck.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright c 2000

FileVersion
4, 0, 0, 0

TimeStamp
2019:01:11 04:37:28+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
VerCheck

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ulead

CodeSize
20480

ProductName
Ulead VerCheck

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2c33126476745fe56560472a8af5a1d8
SHA1 3c037d1794ef864a7decb83c510c7b5836596f64
SHA256 a805060edb715614114d5b164404687f91b59a5965405798807dfc8ebf692e2b
ssdeep
3072:bjDExAc5rXGZ0kVNlWP5zUCy9RMvEfoE/I79z9IgLQi3AZ:/DK5E0kPlWB3yXiEgEg79z9x

authentihash 246056c5821c3654a8c0ae633b51679d95bc2c3b3f22dcada82be78a23f5272e
imphash 847cb74e6b5f6fa2009776d9d4aaaa02
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-10 21:00:30 UTC ( 1 month ago )
Last submission 2019-01-10 21:00:30 UTC ( 1 month ago )
File names GMdRz.exe
VerCheck
VerCheck.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!