× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf59e11bf017aa06a62f03a5f5fcf4e780b25b7781fe8de300f4317267631311
Detection ratio: 13 / 66
Analysis date: 2018-04-09 13:54:02 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180409
AVG FileRepMalware 20180409
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180409
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.ee96e5 20180225
Cylance Unsafe 20180409
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFJD 20180409
Sophos ML heuristic 20180121
Microsoft Trojan:Win32/Azden.B!cl 20180409
Qihoo-360 HEUR/QVM20.1.63CF.Malware.Gen 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180409
Ad-Aware 20180409
AegisLab 20180409
AhnLab-V3 20180409
Alibaba 20180408
ALYac 20180409
Antiy-AVL 20180409
Arcabit 20180409
Avast-Mobile 20180409
Avira (no cloud) 20180409
AVware 20180409
BitDefender 20180409
Bkav 20180407
CAT-QuickHeal 20180408
ClamAV 20180409
CMC 20180408
Comodo 20180409
Cyren 20180409
DrWeb 20180409
eGambit 20180409
Emsisoft 20180409
F-Prot 20180409
F-Secure 20180409
Fortinet 20180409
GData 20180409
Ikarus 20180409
Jiangmin 20180409
K7AntiVirus 20180409
K7GW 20180409
Kaspersky 20180409
Kingsoft 20180409
Malwarebytes 20180409
MAX 20180409
McAfee 20180409
McAfee-GW-Edition 20180408
eScan 20180409
NANO-Antivirus 20180409
nProtect 20180409
Palo Alto Networks (Known Signatures) 20180409
Panda 20180409
Rising 20180409
Sophos AV 20180409
SUPERAntiSpyware 20180409
Symantec Mobile Insight 20180406
Tencent 20180409
TheHacker 20180404
TrendMicro-HouseCall 20180409
Trustlook 20180409
VBA32 20180406
VIPRE 20180409
ViRobot 20180409
Webroot 20180409
WhiteArmor 20180408
Yandex 20180408
Zillya 20180409
ZoneAlarm by Check Point 20180409
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wmvencod.dll
Internal name wmvencod.dll
File version 0.0.0.0
Description
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00002C31
Number of sections 5
PE sections
PE imports
DeleteAce
DecryptFileW
CM_Get_Device_Interface_List_ExW
RestoreClusterDatabase
ImageList_Add
CertComparePublicKeyInfo
CertOpenSystemStoreW
SelectObject
CreateRectRgnIndirect
GetLastError
InterlockedExchangeAdd
GetWindowsDirectoryW
GetConsoleMode
CreateNamedPipeW
GetConsoleOutputCP
SetTapeParameters
SetConsoleWindowInfo
GetFileType
QueryActCtxW
GetPrivateProfileIntW
FlsFree
LZSeek
LZOpenFileW
acmDriverRemove
DrawDibGetPalette
VarBstrFromUI2
RasFreeEapUserIdentityA
I_RpcAsyncAbortCall
NdrPointerBufferSize
SetupGetSourceInfoA
CommandLineToArgvW
SHStrDupW
PathAppendW
SHRegDuplicateHKey
IsCharAlphaNumericA
ShowScrollBar
SetWindowRgn
CreateWindowStationA
GetKeyboardLayout
GetUpdateRgn
GetDialogBaseUnits
GetDlgItem
TrackMouseEvent
RegisterClipboardFormatW
GetTabbedTextExtentW
AppendMenuA
InternetOpenUrlW
OpenDriver
mixerGetNumDevs
mciSendStringW
waveOutOpen
inet_ntoa
getsockopt
Ord(30)
CLIPFORMAT_UserUnmarshal
HICON_UserSize
CoTaskMemFree
PdhEnumObjectsHW
CompareSecurityIds
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
99665398

LinkerVersion
0.4

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x2c31

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1070112495

File identification
MD5 2d9a1b43e30b1dd2c2afc025de7c7ced
SHA1 b26fe99ee96e5d87bbb8da6207ea893a3a4a4a3d
SHA256 bf59e11bf017aa06a62f03a5f5fcf4e780b25b7781fe8de300f4317267631311
ssdeep
1536:YF+etQIIlkU4aBCjrB64s9gtSP6Z1R+Ek9cO6+f89zPNu:ALtqhHBosuIiZmEyUrU

authentihash ab03cbe05de66a7d099b23bb5886540429fd35bbe549bbc9796ca84face8ae40
imphash 0ce1b29ec1dd54fada791c1d3b6a4ec7
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-09 13:53:08 UTC ( 1 year ago )
Last submission 2018-05-06 17:45:50 UTC ( 11 months, 2 weeks ago )
File names 0foQQ3nhmOZW.exe
wmvencod.dll
31794.exe
1875.exe
32504472.exe
7752.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!