× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c16f3a36d99e6abeb9fa2700d444db238b411b8445999c130057c9991d904bcd
File name: 441468768672.exe
Detection ratio: 20 / 68
Analysis date: 2018-06-16 00:03:47 UTC ( 9 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180615
AhnLab-V3 Trojan/Win32.Emotet.R230194 20180615
Avast FileRepMalware 20180615
AVG FileRepMalware 20180615
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
Comodo TrojWare.Win32.Dovs.MO 20180615
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180616
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CCOE 20180615
Fortinet W32/Kryptik.GHOI!tr 20180615
Ikarus Trojan-Banker.Emotet 20180615
Kaspersky UDS:DangerousObject.Multi.Generic 20180615
McAfee-GW-Edition BehavesLike.Win32.Dropper.fm 20180615
Palo Alto Networks (Known Signatures) generic.ml 20180616
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180615
Symantec ML.Attribute.HighConfidence 20180615
Webroot W32.Trojan.Emotet 20180616
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180616
Ad-Aware 20180616
Alibaba 20180615
ALYac 20180615
Antiy-AVL 20180616
Arcabit 20180615
Avast-Mobile 20180614
Avira (no cloud) 20180615
AVware 20180615
Babable 20180406
BitDefender 20180615
Bkav 20180615
CAT-QuickHeal 20180615
ClamAV 20180615
CMC 20180615
Cybereason 20180225
Cyren 20180615
DrWeb 20180615
eGambit 20180616
Emsisoft 20180615
F-Prot 20180615
F-Secure 20180615
GData 20180615
Sophos ML 20180601
Jiangmin 20180615
K7AntiVirus 20180615
K7GW 20180615
Kingsoft 20180616
Malwarebytes 20180615
MAX 20180616
McAfee 20180616
Microsoft 20180615
eScan 20180616
NANO-Antivirus 20180615
Panda 20180615
Qihoo-360 20180616
Rising 20180615
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180616
TheHacker 20180613
TotalDefense 20180615
TrendMicro 20180616
TrendMicro-HouseCall 20180615
Trustlook 20180616
VBA32 20180615
VIPRE 20180616
ViRobot 20180615
Yandex 20180615
Zillya 20180615
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-16 04:14:05
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
GetFileSecurityW
RegCloseKey
DuplicateToken
AddAuditAccessAceEx
LogonUserA
CertGetSubjectCertificateFromStore
CertNameToStrA
CryptMemRealloc
CryptSIPLoad
SetDCPenColor
ExtSelectClipRgn
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
GetTempPathW
EnumSystemLocalesW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
GetActiveObject
VarBstrFromBool
UnRegisterTypeLib
glBegin
glMultMatrixd
RasGetConnectStatusA
RasGetProjectionInfoA
PathSetDlgItemPathW
CharLowerBuffW
GetMessagePos
TrackPopupMenu
wsprintfA
GetInputState
GetMessageExtraInfo
DialogBoxParamW
GetDialogBaseUnits
MessageBeep
DrawCaption
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
CLSIDFromString
OleCreateStaticFromData
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
234496

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:15 21:14:05-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c99240ddf997b859c5dd17de59a2651e
SHA1 ecee034763e32971227492594fda26835efc91b1
SHA256 c16f3a36d99e6abeb9fa2700d444db238b411b8445999c130057c9991d904bcd
ssdeep
1536:edRJWWGfKVwd27W8/DWrej4iDbH5lsRNjKxAyVwULr3:ed3WHL27W8rWrej4inH5lmyAyVLr

authentihash f4c82b712737611a1c2723e983a36792959ceb13d97a08be7dd467c61a60aa09
imphash e10362fc15b2740e82a36cc57d9589b9
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-15 21:22:46 UTC ( 9 months ago )
Last submission 2018-07-22 03:55:55 UTC ( 8 months ago )
File names 50203691.exe
441468768672.exe
425592967873.exe
425592967873.exe
output.113468127.txt
50203691.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!