× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b924489d9eea3b491a0bc9d7c893a26508b6963e4b8939dfa8ab7649c4e3c048
File name: MW_1.exe
Detection ratio: 17 / 65
Analysis date: 2018-05-24 22:04:44 UTC ( 10 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180524
Cylance Unsafe 20180524
Emsisoft Trojan.GenericKDZ.44200 (B) 20180524
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180524
Fortinet W32/GenKryptik.BTIX!tr 20180524
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180524
Malwarebytes Spyware.PasswordStealer 20180524
MAX malware (ai score=84) 20180524
eScan Trojan.GenericKDZ.44200 20180524
Palo Alto Networks (Known Signatures) generic.ml 20180524
Qihoo-360 HEUR/QVM20.1.62B1.Malware.Gen 20180524
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180524
Symantec ML.Attribute.HighConfidence 20180524
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180524
Ad-Aware 20180524
AegisLab 20180524
AhnLab-V3 20180524
Alibaba 20180524
ALYac 20180524
Antiy-AVL 20180524
Arcabit 20180524
Avast 20180524
Avast-Mobile 20180524
AVG 20180524
Avira (no cloud) 20180524
AVware 20180524
Babable 20180406
BitDefender 20180524
Bkav 20180524
CAT-QuickHeal 20180524
ClamAV 20180521
CMC 20180524
Comodo 20180524
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180524
DrWeb 20180524
eGambit 20180524
F-Prot 20180524
F-Secure 20180524
GData 20180524
Ikarus 20180524
Jiangmin 20180524
K7AntiVirus 20180524
K7GW 20180524
Kingsoft 20180524
McAfee 20180524
McAfee-GW-Edition 20180524
Microsoft 20180524
NANO-Antivirus 20180524
nProtect 20180524
Panda 20180524
Rising 20180524
SUPERAntiSpyware 20180524
Symantec Mobile Insight 20180522
Tencent 20180524
TheHacker 20180524
TrendMicro 20180524
TrendMicro-HouseCall 20180524
Trustlook 20180524
VBA32 20180524
VIPRE 20180524
ViRobot 20180524
Webroot 20180524
Yandex 20180524
Zillya 20180524
Zoner 20180524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001C3C
Number of sections 4
PE sections
PE imports
GetUserNameA
CertOpenSystemStoreA
CertGetCertificateChain
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
SHCopyKeyW
SHSetValueW
StrCpyNW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.164

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x1c3c

MIMEType
application/octet-stream

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9fbfaffcfe2b0ba35621eb46cfbf1d3a
SHA1 fa72bf0377e19b4bba93615466453583e3163471
SHA256 b924489d9eea3b491a0bc9d7c893a26508b6963e4b8939dfa8ab7649c4e3c048
ssdeep
3072:aYfj84GE6DzSCw1Bt0aEWM744/Evxl6lsFM:aYr84GsbfMXEv

authentihash 38daa322446ceb2a2ea99df68315c40574f36ecb7feca30436ac197384c917a8
imphash 398c045aba07997941481853b9a7d870
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 22:04:44 UTC ( 10 months ago )
Last submission 2018-06-17 15:17:58 UTC ( 9 months, 1 week ago )
File names MW_1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!