× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b82bfc5ea12e352d0063ef813fa832196130ec880b22c9e8d0233023d8b587a0
File name: 9uj8n76b5.exe
Detection ratio: 2 / 54
Analysis date: 2016-03-08 08:47:30 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160308
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160308
Ad-Aware 20160308
AegisLab 20160308
Yandex 20160308
AhnLab-V3 20160307
Alibaba 20160308
ALYac 20160308
Arcabit 20160308
Avast 20160308
AVG 20160308
Avira (no cloud) 20160308
AVware 20160308
Baidu-International 20160307
BitDefender 20160308
Bkav 20160307
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
DrWeb 20160308
Emsisoft 20160308
ESET-NOD32 20160308
F-Prot 20160308
F-Secure 20160308
Fortinet 20160307
GData 20160308
Ikarus 20160308
Jiangmin 20160308
K7AntiVirus 20160308
K7GW 20160308
Kaspersky 20160307
Malwarebytes 20160308
McAfee 20160308
McAfee-GW-Edition 20160308
Microsoft 20160308
eScan 20160308
NANO-Antivirus 20160308
nProtect 20160308
Panda 20160307
Sophos AV 20160308
SUPERAntiSpyware 20160308
Symantec 20160307
Tencent 20160308
TheHacker 20160307
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
VIPRE 20160308
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name emt7ren.dll
Internal name emt7ren.dll
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Media
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-08 10:03:39
Entry Point 0x0000105A
Number of sections 12
PE sections
PE imports
SetConsoleTitleW
FreeUserPhysicalPages
GetConsoleCursorInfo
GetModuleHandleW
FreeConsole
CreateFileMappingA
GetProcAddress
MoveFileExA
lstrcmpW
MprAdminMIBEntrySet
localeconv
fputws
isdigit
iswalpha
isprint
_chkstk
sin
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
153088

ImageVersion
0.0

ProductName
Microsoft Windows

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
emt7ren.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2016:03:08 11:03:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
emt7ren.dll

ProductVersion
5.1.2600.5512

FileDescription
Media

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
53760

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x105a

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 786c4a1e64aab338a73ec5563f01ffef
SHA1 a87859dac4ba481159fc6c47d68848a3af6a5545
SHA256 b82bfc5ea12e352d0063ef813fa832196130ec880b22c9e8d0233023d8b587a0
ssdeep
3072:MtU4uwbFZX44Qq/MfmnAhWAxL39axGoD2eOrulGYBhykCbZxS:MLbFZI4PU9h7xLteGq7XBhykgZx

authentihash b6bb71c686d7913111144a02ba8c3cb48709c9e0521c6a09f75e78b696680eaa
imphash f1517b318be7bc02394ca996e7ee6c12
File size 187.5 KB ( 192000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-08 08:40:12 UTC ( 3 years, 2 months ago )
Last submission 2017-08-21 04:07:46 UTC ( 1 year, 9 months ago )
File names emt7ren.dll
9uj8n76b5.exe
9uj8n76b5.exe
9uj8n76b5_exe
9uj8n76b5[1].exe.1968.dr
9uj8n76b5[1].exe.1228.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications