× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: afa9402aefa9d1fe839b683f8ea258269fa4ef5f1b998463616f0ecdef08dc89
File name: afa9402aefa9d1fe839b683f8ea258269fa4ef5f1b998463616f0ecdef08dc89
Detection ratio: 50 / 71
Analysis date: 2018-12-16 01:49:55 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40807358 20181215
AegisLab Trojan.Win32.Emotet.4!c 20181214
AhnLab-V3 Trojan/Win32.Emotet.R248033 20181215
ALYac Trojan.GenericKD.40807358 20181215
Arcabit Trojan.Generic.D26EABBE 20181215
Avast Win32:MalwareX-gen [Trj] 20181215
AVG Win32:MalwareX-gen [Trj] 20181215
BitDefender Trojan.GenericKD.40807358 20181216
CAT-QuickHeal Trojan.Fuerboos 20181215
Comodo Malware@#35ymq7mebo0f 20181216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181216
Cyren W32/Emotet.KG.gen!Eldorado 20181216
DrWeb Trojan.EmotetENT.322 20181216
Emsisoft Trojan.GenericKD.40807358 (B) 20181216
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNJO 20181215
F-Prot W32/Emotet.KG.gen!Eldorado 20181216
F-Secure Trojan.GenericKD.40807358 20181216
Fortinet W32/Kryptik.GNJO!tr 20181216
GData Trojan.GenericKD.40807358 20181216
Ikarus Trojan-Banker.Emotet 20181216
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542bb31 ) 20181215
K7GW Trojan ( 00542bb31 ) 20181215
Kaspersky Trojan-Banker.Win32.Emotet.btdk 20181215
Malwarebytes Trojan.Emotet 20181215
MAX malware (ai score=99) 20181216
McAfee Emotet-FKU!00D110F4EAAA 20181215
McAfee-GW-Edition Emotet-FKU!00D110F4EAAA 20181215
Microsoft Trojan:Win32/Emotet.BT 20181215
eScan Trojan.GenericKD.40807358 20181215
NANO-Antivirus Trojan.Win32.Emotet.fkvlus 20181215
Palo Alto Networks (Known Signatures) generic.ml 20181216
Panda Trj/GdSda.A 20181215
Qihoo-360 HEUR/QVM20.1.9812.Malware.Gen 20181216
Rising Trojan.Kryptik!8.8 (CLOUD) 20181215
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181215
Symantec Trojan.Gen.2 20181215
Tencent Win32.Trojan-banker.Emotet.Eyb 20181216
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R011C0RL418 20181215
TrendMicro-HouseCall TROJ_GEN.R011C0RL418 20181215
VBA32 BScope.TrojanBanker.Emotet 20181214
VIPRE Trojan.Win32.Generic!BT 20181213
ViRobot Trojan.Win32.Z.Emotet.499712.D 20181215
Webroot W32.Trojan.Emotet 20181216
Zillya Trojan.Emotet.Win32.8710 20181215
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btdk 20181215
Alibaba 20180921
Antiy-AVL 20181215
Avast-Mobile 20181215
Avira (no cloud) 20181216
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181216
CMC 20181216
Cybereason 20180225
eGambit 20181216
Jiangmin 20181215
Kingsoft 20181216
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181214
TheHacker 20181213
TotalDefense 20181215
Trustlook 20181216
Yandex 20181214
Zoner 20181215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-02 09:46:10
Entry Point 0x000024A0
Number of sections 4
PE sections
PE imports
InitiateSystemShutdownA
ReportEventA
CryptAcquireContextA
AuthzInitializeContextFromToken
AnimatePalette
GetModuleHandleA
GetSystemDirectoryW
IsDBCSLeadByteEx
Sleep
GetNamedPipeClientComputerNameA
DsQuoteRdnValueW
RpcBindingSetAuthInfoW
RpcServerYield
RpcBindingSetAuthInfoExA
SetupDiOpenDeviceInterfaceW
PathRemoveFileSpecA
CreateIconFromResource
DefRawInputProc
PackDDElParam
GetMenuItemRect
GetFileVersionInfoW
midiInReset
Ord(30)
Ord(29)
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
CodeSize
20480

SubsystemVersion
5.0

LinkerVersion
12.0

ProuctVersion
Version 4.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
479232

EntryPoint
0x24a0

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All right

FileVersion
7.6.7601.1

TimeStamp
2018:12:02 10:46:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wups.

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

ProductName
Micro

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 00d110f4eaaaa3ab8f56982918f2950e
SHA1 2152a17d73840eebf77ea6f75b2d17055f21a7ea
SHA256 afa9402aefa9d1fe839b683f8ea258269fa4ef5f1b998463616f0ecdef08dc89
ssdeep
3072:xsBjz0/9vveZ6coHsHTwXamG2/IETXRWVclAUlJaOGgIWq0/l8e:x6Ps9v2McoHyWFIETXRWVOlJadgrt

authentihash 5e78a5f791b12a0a334815d8606910f859329a86b6db6ac05a0e0e702401483f
imphash f287d30a3aefdc1a2110df4d5c2ee5b6
File size 488.0 KB ( 499712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-02 09:51:23 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-02 09:51:23 UTC ( 2 months, 3 weeks ago )
File names wups.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!