× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b01df0b9d28ea4932658857422a584934a78d9776a0bcc5d714df4a2747a587a
File name: 90018200.exe
Detection ratio: 30 / 68
Analysis date: 2018-07-15 05:38:31 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31095127 20180715
AegisLab Packer.Generic!c 20180715
AVG FileRepMalware 20180715
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180712
BitDefender Trojan.GenericKD.31095127 20180715
Comodo CloudScanner.Trojan.Gen 20180715
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180715
Cyren W32/Trojan.LPFD-8614 20180715
Emsisoft Trojan.GenericKD.31095127 (B) 20180715
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIUR 20180715
GData Win32.Trojan-Spy.Emotet.FKO22G 20180715
Ikarus Win32.Outbreak 20180714
Sophos ML heuristic 20180601
Kaspersky Trojan-Banker.Win32.Emotet.axoz 20180715
MAX malware (ai score=95) 20180715
McAfee Artemis!F0551C0022A7 20180715
McAfee-GW-Edition Artemis 20180715
Microsoft Trojan:Win32/Emotet.AC!bit 20180714
eScan Trojan.GenericKD.31095127 20180715
Palo Alto Networks (Known Signatures) generic.ml 20180715
Qihoo-360 HEUR/QVM20.1.8065.Malware.Gen 20180715
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180715
Symantec Packed.Generic.517 20180714
TrendMicro TROJ_GEN.USGE18 20180715
TrendMicro-HouseCall TROJ_GEN.USGE18 20180715
Webroot W32.Trojan.Emotet 20180715
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.axoz 20180715
AhnLab-V3 20180714
Alibaba 20180713
ALYac 20180715
Antiy-AVL 20180715
Arcabit 20180715
Avast 20180715
Avast-Mobile 20180715
Avira (no cloud) 20180714
AVware 20180715
Babable 20180406
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180715
CMC 20180714
Cybereason 20180225
DrWeb 20180715
eGambit 20180715
F-Prot 20180715
F-Secure 20180714
Fortinet 20180715
Jiangmin 20180715
K7AntiVirus 20180715
K7GW 20180715
Kingsoft 20180715
Malwarebytes 20180715
NANO-Antivirus 20180715
Panda 20180714
Rising 20180715
SUPERAntiSpyware 20180715
TACHYON 20180715
Tencent 20180715
TheHacker 20180712
TotalDefense 20180714
Trustlook 20180715
VBA32 20180713
VIPRE 20180715
ViRobot 20180714
Yandex 20180713
Zillya 20180713
Zoner 20180714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wfw.fwf
Internal name вввы (03.2)
Description Windows Cryptographic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x000019CE
Number of sections 6
PE sections
PE imports
SetBitmapBits
lstrlenA
FlsFree
SystemTimeToTzSpecificLocalTime
DdeDisconnectList
ShowCursor
GetClipboardOwner
CryptCATCDFEnumMembers
UninstallColorProfileW
isleadbyte
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Cryptographic

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
10240

EntryPoint
0x19ce

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
(03.2)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ddfdgf dgdsger

CodeSize
100352

ProductName
Microsoft Windows Operating S

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 f0551c0022a7a2c8a6a08425f3fa38da
SHA1 276c22c4e81db53b3c1c034b123a85dade616fea
SHA256 b01df0b9d28ea4932658857422a584934a78d9776a0bcc5d714df4a2747a587a
ssdeep
1536:N7dIseG+moG52Wvxznef7HJ9tJziS+17cHtLb9FehxUey:NRtN+O52WvYbJRx+1y3ezUb

authentihash d2a9327cf91e4976775cf1fb23c02db75ed047c303fb09dda87eff3c5a37bfac
imphash b2118665c61c3489a3ac1684cb7656d4
File size 105.0 KB ( 107520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-14 17:22:19 UTC ( 7 months, 1 week ago )
Last submission 2018-07-14 17:22:23 UTC ( 7 months, 1 week ago )
File names 09998908.exe
wfw.fwf
667121.exe
вввы (03.2)
90018200.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!