× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: baf567acf2bcd8c87dd97e2e12d2b9112615815a4c8f22b95c5039bfb327f89a
File name: baf567acf2bcd8c87dd97e2e12d2b9112615815a4c8f22b95c5039bfb327f89a
Detection ratio: 22 / 67
Analysis date: 2018-08-19 13:35:28 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.273983 20180819
Arcabit Trojan.Ursu.D42E3F 20180819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180818
BitDefender Trojan.Autoruns.GenericKD.31175108 20180819
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CIPD 20180819
Fortinet W32/GenKryptik.BTIX!tr 20180819
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180819
MAX malware (ai score=80) 20180819
McAfee Artemis!AEC0342046B3 20180819
McAfee-GW-Edition BehavesLike.Win32.Emotet.fm 20180819
Microsoft Trojan:Win32/Emotet.AC!bit 20180819
eScan Gen:Variant.Ursu.273983 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Qihoo-360 HEUR/QVM20.1.4892.Malware.Gen 20180819
Rising Trojan.Cloxer!8.F54F (TFE:1:BeMLOEvBCkK) 20180819
Symantec ML.Attribute.HighConfidence 20180818
Webroot W32.Trojan.Emotet 20180819
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180819
AegisLab 20180819
AhnLab-V3 20180819
Alibaba 20180713
ALYac 20180819
Antiy-AVL 20180819
Avast 20180819
Avast-Mobile 20180819
AVG 20180819
Avira (no cloud) 20180819
AVware 20180819
Babable 20180725
Bkav 20180817
CAT-QuickHeal 20180819
ClamAV 20180819
CMC 20180817
Comodo 20180819
Cybereason 20180225
Cyren 20180819
DrWeb 20180819
eGambit 20180819
Emsisoft 20180819
F-Prot 20180819
F-Secure 20180819
GData 20180819
Ikarus 20180819
Jiangmin 20180819
K7AntiVirus 20180819
K7GW 20180819
Kingsoft 20180819
Malwarebytes 20180819
NANO-Antivirus 20180819
Panda 20180819
SentinelOne (Static ML) 20180701
Sophos AV 20180819
SUPERAntiSpyware 20180819
TACHYON 20180819
Tencent 20180819
TheHacker 20180818
TotalDefense 20180818
TrendMicro 20180819
TrendMicro-HouseCall 20180819
Trustlook 20180819
VBA32 20180817
VIPRE 20180819
ViRobot 20180819
Yandex 20180818
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wsmprovhost.exe
Internal name wsmprovhost.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description wsmprovhost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-19 09:02:00
Entry Point 0x0000C01C
Number of sections 5
PE sections
PE imports
GetTokenInformation
LogonUserW
GetSecurityDescriptorControl
GetSidLengthRequired
GetCurrentHwProfileA
GetFileSecurityA
QueryUsersOnEncryptedFile
IsValidSecurityDescriptor
EnumServicesStatusA
FindTextA
GetBrushOrgEx
GetDeviceCaps
EqualRgn
GetPolyFillMode
DPtoLP
ExtCreatePen
GetVolumePathNameW
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
VirtualAllocEx
GetWindowsDirectoryW
GetCommandLineW
GetProcessHeap
ExpandEnvironmentStringsW
FindResourceExA
GlobalAddAtomW
GetStringTypeA
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextVolumeMountPointW
IsProcessorFeaturePresent
ReleaseActCtx
ExitThread
FindFirstFileExW
FindAtomW
LocalSize
GetThreadId
GetTimeZoneInformation
LoadResource
LocalFileTimeToFileTime
GetComputerNameExW
LoadRegTypeLib
ExtractAssociatedIconW
InitializeSecurityContextA
SetFocus
GetWindowThreadProcessId
LoadImageA
GetClassLongW
SetParent
GetScrollInfo
GetMessageExtraInfo
DrawStateA
GetRawInputData
GetSysColorBrush
GetScrollRange
DdePostAdvise
GetDlgItem
DrawTextExA
FlashWindow
CloseClipboard
GetKeyboardType
ExitWindowsEx
GetDC
GetKeyState
FindNextUrlCacheEntryW
FindCloseUrlCache
DeletePortW
strtod
vfwprintf
fgetwc
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
wsmprovhost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
302080

EntryPoint
0xc01c

OriginalFileName
wsmprovhost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:19 10:02:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wsmprovhost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
53248

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 aec0342046b3f47e64d7075782a1f5e1
SHA1 5e47d6ce7a3552b9a5b2289811ccb715638a8011
SHA256 baf567acf2bcd8c87dd97e2e12d2b9112615815a4c8f22b95c5039bfb327f89a
ssdeep
3072:CGS/etLPhe1aHW3Wxl/tpJb6+eBX7VskPuIWJ7Mo2BEEMlxV8nJfceDA3ucXWjsk:CGSWtEEHtxlJb6+CX2WoflkEeHc

authentihash c53e83b2c8fcd92e8179b38d11d754aed75adbb285c299f5085f591a86ddb6ae
imphash 9a3ca9f576d8d8e64dd571ec34cd52ad
File size 343.0 KB ( 351232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-19 09:06:58 UTC ( 6 months ago )
Last submission 2018-08-19 09:06:58 UTC ( 6 months ago )
File names wsmprovhost.exe
70080538.exe
23849432.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!