× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba38f46eb8e5422e41a0dbd2e4f7f5d108edd225d918c13a8e3b961f0955b761
File name: ConsoleZ
Detection ratio: 16 / 68
Analysis date: 2018-10-08 12:37:00 UTC ( 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40577218 20181008
AegisLab Gen.Variant.Ursu!c 20181008
ALYac Trojan.GenericKD.40577218 20181008
Arcabit Trojan.Generic.D26B28C2 20181008
BitDefender Trojan.GenericKD.40577218 20181008
CAT-QuickHeal Trojan.IGENERIC 20181008
Cyren W32/Trojan.WYDK-8693 20181008
Emsisoft Trojan.GenericKD.40577218 (B) 20181008
F-Secure Trojan.GenericKD.40577218 20181008
GData Trojan.GenericKD.40577218 20181008
MAX malware (ai score=93) 20181008
eScan Trojan.GenericKD.40577218 20181008
Palo Alto Networks (Known Signatures) generic.ml 20181008
Panda Trj/GdSda.A 20181008
TrendMicro-HouseCall TROJ_GEN.R002H06HL18 20181008
Webroot W32.Adware.Gen 20181008
AhnLab-V3 20181008
Alibaba 20180921
Antiy-AVL 20181008
Avast 20181008
Avast-Mobile 20181008
AVG 20181008
Avira (no cloud) 20181008
AVware 20180925
Babable 20180918
Baidu 20181008
Bkav 20181008
ClamAV 20181008
CMC 20181007
Comodo 20181008
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181008
DrWeb 20181008
eGambit 20181008
Endgame 20180730
ESET-NOD32 20181008
F-Prot 20181008
Fortinet 20181008
Ikarus 20181008
Sophos ML 20180717
Jiangmin 20181008
K7AntiVirus 20181008
K7GW 20181008
Kaspersky 20181008
Kingsoft 20181008
Malwarebytes 20181008
McAfee 20181008
McAfee-GW-Edition 20181008
Microsoft 20181008
NANO-Antivirus 20181008
Qihoo-360 20181008
Rising 20181008
SentinelOne (Static ML) 20180926
Sophos AV 20181008
SUPERAntiSpyware 20181006
Symantec 20181008
Symantec Mobile Insight 20181001
TACHYON 20181008
Tencent 20181008
TheHacker 20181008
TrendMicro 20181008
Trustlook 20181008
VBA32 20181008
VIPRE 20181008
ViRobot 20181008
Yandex 20181005
Zillya 20181008
ZoneAlarm by Check Point 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011-2018 Bucher Christophe

Product ConsoleZ
Original name ConsoleWow.exe
Internal name ConsoleZ
File version 1.18.3.18143
Description ConsoleZ WOW64 helper process
Comments Tabbed cool console window (THIS IS NOT A SHELL :-)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-23 18:53:20
Entry Point 0x0000125F
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
SetEnvironmentVariableW
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetACP
FindFirstFileExW
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
SERBIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Copyright (C) 2011-2018 Bucher Christophe

SubsystemVersion
6.0

Comments
Tabbed cool console window (THIS IS NOT A SHELL :-)

LinkerVersion
14.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.18.3.18143

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
ConsoleZ WOW64 helper process

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
33280

EntryPoint
0x125f

OriginalFileName
ConsoleWow.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011-2018 Bucher Christophe

FileVersion
1.18.3.18143

TimeStamp
2018:05:23 19:53:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ConsoleZ

ProductVersion
1.18.3.18143

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
46080

ProductName
ConsoleZ

ProductVersionNumber
1.18.3.18143

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b5a837b0f98b64b287789530037cef60
SHA1 2ced39b1dc779aedb9ac178b3f90fd6826a209a4
SHA256 ba38f46eb8e5422e41a0dbd2e4f7f5d108edd225d918c13a8e3b961f0955b761
ssdeep
1536:Qz/7qGngMTBtoNyASt1Ceijmw5ciPd0hNrsW1eIcd6Khagetf:oLngMTLoNRC1CHmbiPd0XW6Kha1x

authentihash eb3d9b4e44cdb81099a1f7078cad2b068c21da24e0ffacf21226ddf9fdd7e544
imphash ab72c1fce4e8134928bde79ffa7f2c32
File size 75.5 KB ( 77312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 19:14:50 UTC ( 5 months ago )
Last submission 2018-08-01 09:11:11 UTC ( 2 months, 3 weeks ago )
File names b5a837b0f98b64b287789530037cef60.virobj
ConsoleZ
ConsoleWow.exe
ConsoleWow.exe
ConsoleWow.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!