× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b65fb16bc5214b980c8c74bbbf8597e7782dadc586740ef2313949aabcb712e9
File name: LXwsw4b7.exe
Detection ratio: 29 / 68
Analysis date: 2018-06-17 06:02:53 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30981972 20180617
AegisLab Ml.Attribute.Gen!c 20180617
Arcabit Trojan.Generic.D1D8BF54 20180617
Avast Win32:Malware-gen 20180617
AVG Win32:Malware-gen 20180617
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
BitDefender Trojan.GenericKD.30981972 20180617
Comodo TrojWare.Win32.Dovs.MO 20180617
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180617
Emsisoft Trojan.GenericKD.30981972 (B) 20180617
Endgame malicious (high confidence) 20180612
F-Secure Trojan.GenericKD.30981972 20180617
Fortinet W32/Kryptik.GHOI!tr 20180617
GData Win32.Trojan-Spy.Emotet.FDH9AE 20180617
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Dovs.oub 20180617
MAX malware (ai score=94) 20180617
McAfee Artemis!8D0552810BDC 20180617
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fm 20180617
eScan Trojan.GenericKD.30981972 20180617
Palo Alto Networks (Known Signatures) generic.ml 20180617
Qihoo-360 HEUR/QVM20.1.E2E3.Malware.Gen 20180617
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180616
TrendMicro-HouseCall Suspicious_GEN.F47V0616 20180617
VBA32 BScope.Malware-Cryptor.Win32.Cb 20180615
Webroot W32.Trojan.Emotet 20180617
ZoneAlarm by Check Point Trojan.Win32.Dovs.oub 20180617
AhnLab-V3 20180616
Alibaba 20180615
ALYac 20180617
Antiy-AVL 20180617
Avast-Mobile 20180616
Avira (no cloud) 20180616
AVware 20180617
Babable 20180406
Bkav 20180616
CAT-QuickHeal 20180616
ClamAV 20180617
CMC 20180616
Cybereason 20180225
Cyren 20180617
DrWeb 20180617
eGambit 20180617
ESET-NOD32 20180617
F-Prot 20180617
Ikarus 20180616
Jiangmin 20180617
K7AntiVirus 20180617
K7GW 20180617
Kingsoft 20180617
Malwarebytes 20180617
Microsoft 20180617
NANO-Antivirus 20180617
Panda 20180616
Rising 20180617
Sophos AV 20180617
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180617
Tencent 20180617
TheHacker 20180613
TotalDefense 20180617
TrendMicro 20180617
Trustlook 20180617
VIPRE 20180617
ViRobot 20180616
Yandex 20180615
Zillya 20180615
Zoner 20180617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-17 01:30:22
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
LogonUserA
RegCloseKey
CertGetCTLContextProperty
CertNameToStrA
CryptMemRealloc
CryptSIPLoad
CertGetSubjectCertificateFromStore
SetDCPenColor
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
EnumSystemLocalesW
GetTempPathW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
LZSeek
LZInit
VarBstrFromBool
glMultMatrixd
RasGetProjectionInfoA
AssocQueryKeyW
PathSetDlgItemPathW
CharLowerBuffW
GetMessagePos
TrackPopupMenu
wsprintfA
GetInputState
GetDialogBaseUnits
GetMessageExtraInfo
MessageBeep
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
puts
fgetwc
CLSIDFromString
OleCreateStaticFromData
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
231936

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:17 03:30:22+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
98816

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 8d0552810bdcb6906af10bc279cf8ae7
SHA1 1adfa3f1d0cd35ef7cee3c9b95400fdfb23fd115
SHA256 b65fb16bc5214b980c8c74bbbf8597e7782dadc586740ef2313949aabcb712e9
ssdeep
1536:QMk4Rz7XlxGrivzEesyONe46/CJMINFjewIy3iA6jpo2LfTf1r:QMNUEzoetCnFawI4wjpoSTf

authentihash 669cc39d1a1c3bc4bbade7a6831199a371ba924ae9a3683e78323286fd0a9723
imphash f88c2d4d4bacdcac17fc17b5c12e70a5
File size 319.5 KB ( 327168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-16 18:34:19 UTC ( 8 months ago )
Last submission 2018-06-18 14:16:10 UTC ( 8 months ago )
File names 4929.exe
4550.exe
3100.exe
da844d966e07c706ec6bc8e0be78b5b46d424571
LXwsw4b7.exe
4929.exe
19851.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!