× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab195dde06240ca9794b9877d7170d4a1db5543a20368ce25a0bebbadc64abeb
Detection ratio: 16 / 63
Analysis date: 2018-03-26 17:10:12 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180326
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180326
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180326
eGambit Unsafe.AI_Score_99% 20180326
Endgame malicious (high confidence) 20180316
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180326
Malwarebytes Trojan.Emotet 20180326
McAfee Emotet-FFL!8E9CD06E5C41 20180326
Palo Alto Networks (Known Signatures) generic.ml 20180326
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180326
Symantec ML.Attribute.HighConfidence 20180326
WhiteArmor Malware.HighConfidence 20180324
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180326
Ad-Aware 20180326
AhnLab-V3 20180326
Alibaba 20180326
ALYac 20180326
Antiy-AVL 20180326
Arcabit 20180326
Avast 20180326
Avast-Mobile 20180325
AVG 20180326
Avira (no cloud) 20180326
AVware 20180326
BitDefender 20180326
Bkav 20180326
CAT-QuickHeal 20180326
ClamAV 20180326
CMC 20180326
Comodo 20180326
Cybereason None
Cyren 20180326
DrWeb 20180326
Emsisoft 20180326
ESET-NOD32 20180326
F-Prot 20180326
F-Secure 20180326
Fortinet 20180326
GData 20180326
Ikarus 20180326
Jiangmin 20180326
K7AntiVirus 20180326
K7GW 20180326
Kingsoft 20180326
MAX 20180326
McAfee-GW-Edition 20180326
Microsoft 20180326
eScan 20180326
NANO-Antivirus 20180326
nProtect 20180326
Panda 20180325
Qihoo-360 20180326
Rising 20180326
SUPERAntiSpyware 20180326
Symantec Mobile Insight 20180311
Tencent 20180326
TheHacker 20180326
TrendMicro 20180326
Trustlook 20180326
VBA32 20180326
VIPRE 20180326
ViRobot 20180326
Yandex 20180324
Zoner 20180326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WMsgAPI.DLL
Internal name wmsgapi
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description WinLogon IPC Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-26 16:01:30
Entry Point 0x00003300
Number of sections 6
PE sections
PE imports
DeleteAce
RegNotifyChangeKeyValue
RegSetValueExW
CertCloseStore
CryptMsgControl
CreatePolygonRgn
AngleArc
GetLastError
GetCurrentDirectoryW
GetBinaryTypeW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
ProcessIdToSessionId
GetCommandLineA
GetModuleFileNameA
VirtualUnlock
LocalUnlock
GetProcessHeap
MprConfigTransportGetInfo
DsCrackNamesW
DispCallFunc
VarUI2FromStr
glTexImage2D
RasGetProjectionInfoW
RasGetCustomAuthDataW
NdrGetUserMarshalInfo
UuidCreate
NdrConformantArrayUnmarshall
SetupDiRemoveDevice
StrRChrA
UrlGetPartA
SHRegGetValueW
QuerySecurityPackageInfoW
MakeSignature
EmptyClipboard
GetCaretBlinkTime
CountClipboardFormats
GetActiveWindow
TileWindows
SetPhysicalCursorPos
EnumDesktopWindows
IsMenu
RegisterDeviceNotificationW
TrackMouseEvent
CloseClipboard
DestroyCaret
UnpackDDElParam
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
mixerGetID
CryptCATStoreFromHandle
SCardListReaderGroupsA
Ord(30)
_time64
StgIsStorageILockBytes
HICON_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4096

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WinLogon IPC Client

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59392

EntryPoint
0x3300

OriginalFileName
WMsgAPI.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:03:26 18:01:30+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmsgapi

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8e9cd06e5c41533ba4b3d26a5535da7f
SHA1 9e3ffacaa5c0c5ba9d209a7eed058fd1e6f5aa3e
SHA256 ab195dde06240ca9794b9877d7170d4a1db5543a20368ce25a0bebbadc64abeb
ssdeep
1536:EfsOPGJDOxIvzFWQ5diLm2HDU4csRNyk1TTmu8HqSNizYdCYcPV62MgRh:as3aIvJWMdiLQbA5xm/HGfw2Mo

authentihash 6f356ed7486248cf1d3d553cc64ff718749129744090de3caf0f21cd2749d36b
imphash bb56aba1682e185b72faf6737e3f9ab3
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-26 16:06:47 UTC ( 10 months, 3 weeks ago )
Last submission 2018-05-08 03:58:28 UTC ( 9 months, 2 weeks ago )
File names 7333.exe
62929.exe
5468.exe
gabriolamonth.exe
54762.exe
26802840.exe
49501.exe
1938.exe
2644.exe
81476.exe
26016328.exe
13600.exe
6563.exe
3236.exe
1305.exe
3645.exe
wmsgapi
crPPeasRfE.exe
95214.exe
WMsgAPI.DLL
2368.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!