× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b412a9a005eabab22520e569dba631f657858a80106b8760641edb4ee5649b0c
File name: b412a9a005eabab22520e569dba631f657858a80106b8760641edb4ee5649b0c
Detection ratio: 26 / 70
Analysis date: 2018-12-06 08:56:32 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.4!c 20181206
Avast Win32:BankerX-gen [Trj] 20181206
AVG Win32:BankerX-gen [Trj] 20181206
BitDefender Trojan.Autoruns.GenericKDS.31397836 20181206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.c7965a 20180225
Cylance Unsafe 20181206
Cyren W32/Emotet.KG.gen!Eldorado 20181206
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GHBR 20181206
F-Prot W32/Emotet.KG.gen!Eldorado 20181206
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181206
Malwarebytes Trojan.Emotet 20181206
MAX malware (ai score=100) 20181206
McAfee Emotet-FKU!F77AB87C7965 20181206
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181206
Microsoft Trojan:Win32/Emotet.AC!bit 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181206
Qihoo-360 HEUR/QVM20.1.AC81.Malware.Gen 20181206
Rising Trojan.Kryptik!8.8 (CLOUD) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181206
Symantec ML.Attribute.HighConfidence 20181206
Webroot W32.Trojan.Emotet 20181206
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181206
Ad-Aware 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast-Mobile 20181206
Avira (no cloud) 20181206
Babable 20180918
Baidu 20181206
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181206
CMC 20181205
Comodo 20181206
DrWeb 20181206
eGambit 20181206
Emsisoft 20181206
F-Secure 20181206
Fortinet 20181206
GData 20181206
Ikarus 20181205
Jiangmin 20181206
K7AntiVirus 20181205
K7GW 20181205
Kingsoft 20181206
eScan 20181206
NANO-Antivirus 20181206
Panda 20181205
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trapmine 20181205
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181205
VIPRE 20181206
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-06 01:45:51
Entry Point 0x00002E30
Number of sections 5
PE sections
PE imports
GetObjectW
EnumResourceNamesW
GetNamedPipeClientComputerNameA
GetModuleHandleA
GetOverlappedResult
GetPrivateProfileIntA
GetFileAttributesExA
InitializeSecurityContextA
GetClassLongW
GetColorProfileHeader
Ord(29)
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:06 02:45:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x2e30

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 f77ab87c7965a54b41300752a137fa80
SHA1 d78988b782fdba83cf69a1bb65f03a177440d439
SHA256 b412a9a005eabab22520e569dba631f657858a80106b8760641edb4ee5649b0c
ssdeep
3072:i66rck2Hz+0to45wa7JgAAtC6H4FQfsP4zFcpatfORgDVOqhyePOA:i66rcTHS2o45WtC4yQfwaigDRyA

authentihash 856978bd8663dae223c8c7c606f41ccc3cc9fff08c50204e66e4a00369c8232b
imphash 18f647dc9f2e92096657c8170eb59bb4
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-06 01:51:56 UTC ( 2 months, 2 weeks ago )
Last submission 2018-12-21 05:15:28 UTC ( 2 months ago )
File names zKlI.exe
B6VfaYYR31.exe
gKJyiPllUqP4JkX.exe
1i94dJTJ91.exe
lCGYfnlgVi4.exe
08pTEV57Tl.exe
wups.
f77ab87c7965a54b41300752a137fa80
jtICxe2zcys.exe
d4N25X60fDf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!