× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b246132f4539404dfccccee002a35e6fb7ec1c6c645ca7cbaf676081448909cb
File name: b246132f4539404dfccccee002a35e6fb7ec1c6c645ca7cbaf676081448909cb
Detection ratio: 16 / 69
Analysis date: 2018-09-23 19:58:42 UTC ( 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Dh-A [Heur] 20180923
AVG Win32:Dh-A [Heur] 20180923
Avira (no cloud) TR/Dropper.Gen 20180923
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180923
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Phorpiex.G 20180923
Fortinet W32/Generic.AP.1FC796!tr 20180923
Sophos ML heuristic 20180717
Kaspersky HEUR:Worm.Win32.Generic 20180923
McAfee-GW-Edition BehavesLike.Win32.Generic.kt 20180923
Qihoo-360 HEUR/QVM07.1.0FC1.Malware.Gen 20180923
Rising Malware.Heuristic!ET#95% (RDM+:cmRtazovj5v27bTE7BZe8JSfeelX) 20180923
Symantec ML.Attribute.HighConfidence 20180923
VBA32 BScope.Trojan.Zonidel 20180921
ZoneAlarm by Check Point HEUR:Worm.Win32.Generic 20180923
Ad-Aware 20180923
AegisLab 20180923
AhnLab-V3 20180923
Alibaba 20180921
ALYac 20180923
Antiy-AVL 20180923
Arcabit 20180923
Avast-Mobile 20180923
AVware 20180923
Babable 20180918
Baidu 20180914
BitDefender 20180923
Bkav 20180921
CAT-QuickHeal 20180923
ClamAV 20180923
CMC 20180923
Comodo 20180923
Cybereason 20180225
Cyren 20180923
DrWeb 20180923
eGambit 20180923
Emsisoft 20180923
F-Prot 20180923
F-Secure 20180923
GData 20180923
Ikarus 20180923
Jiangmin 20180923
K7AntiVirus 20180923
K7GW 20180923
Kingsoft 20180923
Malwarebytes 20180923
MAX 20180923
McAfee 20180923
Microsoft 20180924
eScan 20180923
NANO-Antivirus 20180923
Palo Alto Networks (Known Signatures) 20180923
Panda 20180923
SentinelOne (Static ML) 20180830
Sophos AV 20180923
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180922
Tencent 20180923
TheHacker 20180920
TotalDefense 20180923
TrendMicro 20180923
TrendMicro-HouseCall 20180923
Trustlook 20180923
VIPRE 20180923
ViRobot 20180923
Webroot 20180923
Yandex 20180922
Zillya 20180922
Zoner 20180922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-23 19:52:23
Entry Point 0x0000103C
Number of sections 5
PE sections
Overlays
MD5 8d001d435e4891eb34b9629740228104
File type ASCII text
Offset 24064
Size 45322
Entropy 3.31
PE imports
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateToolhelp32Snapshot
GetModuleFileNameW
ExpandEnvironmentStringsW
CopyFileW
CreateThread
GetTickCount
GetModuleHandleA
Process32First
GetLastError
CreateProcessW
CreateMutexA
GetStartupInfoA
Sleep
CloseHandle
SetFileAttributesW
DeleteFileW
CreateDirectoryW
ExitProcess
GetProcAddress
ExitThread
Process32Next
_except_handler3
__p__fmode
srand
strstr
_acmdln
_exit
__p__commode
memset
_snwprintf
sprintf
__setusermatherr
exit
_XcptFilter
sscanf
__getmainargs
_initterm
_controlfp
rand
_adjust_fdiv
strncpy
__set_app_type
SHGetFolderPathW
ShellExecuteW
PathFileExistsW
CharLowerA
socket
recv
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
connect
shutdown
htons
closesocket
select
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:09:23 20:52:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
10752

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x103c

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 09fe122801f9b84c3627433e0e7d681d
SHA1 18bd7ed524a9ec53955ea9c7d2244f37e216194c
SHA256 b246132f4539404dfccccee002a35e6fb7ec1c6c645ca7cbaf676081448909cb
ssdeep
384:4u+XHW4VG5xU3ppbVpW9U8SrceQ1X39NsO:pUHW4VyqbyUbrKnLsO

authentihash 6e2137a76ab3ea80782d9f48ae41e3a0c4a2ec51294f5fcbbaa49c162572b5ab
imphash c7757846686fc2003904a913d1faafd8
File size 67.8 KB ( 69386 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-23 19:58:42 UTC ( 6 months ago )
Last submission 2018-09-23 19:58:42 UTC ( 6 months ago )
File names winupd32cfg.exe
winupd32cfg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.