× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c23dd98f5972fe61574fed660a0ecb791843bccd3af67b59e2034b366e0bb52c
File name: DWB Multi Tool.exe
Detection ratio: 47 / 63
Analysis date: 2019-02-23 09:47:10 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40119961 20190301
AhnLab-V3 Trojan/Win32.Androm.C2406394 20190301
ALYac Trojan.Agent.674420 20190301
Antiy-AVL Trojan/Win32.TSGeneric 20190301
Arcabit Trojan.Generic.D2642E99 20190301
Avast Win32:Trojan-gen 20190301
AVG Win32:Trojan-gen 20190301
Avira (no cloud) DR/Delphi.Gen8 20190301
BitDefender Trojan.GenericKD.40119961 20190301
CAT-QuickHeal Trojan.IGENERIC 20190228
Comodo Malware@#1vulhggb39nv6 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.e434ef 20190109
Cyren W32/Trojan.DRKZ-0753 20190301
DrWeb Trojan.DownLoader26.17124 20190301
Emsisoft Trojan.GenericKD.40119961 (B) 20190301
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.DVUO 20190301
Fortinet W32/Injector.DXRU!tr 20190301
GData Trojan.GenericKD.40119961 20190301
Sophos ML heuristic 20181128
Jiangmin Backdoor.Androm.xbb 20190301
K7AntiVirus Trojan ( 00526fb11 ) 20190301
K7GW Trojan ( 00526fb11 ) 20190301
Kaspersky Backdoor.Win32.Androm.pazk 20190301
MAX malware (ai score=100) 20190301
McAfee Artemis!F8114C9E434E 20190301
McAfee-GW-Edition Trojan-FOTS!953A868E5D75 20190301
Microsoft Trojan:Win32/DelfInject 20190301
eScan Trojan.GenericKD.40119961 20190301
NANO-Antivirus Trojan.Win32.Fareit.exziih 20190301
Palo Alto Networks (Known Signatures) generic.ml 20190301
Panda Trj/CI.A 20190301
Qihoo-360 Win32/Backdoor.530 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Fareit-Q 20190301
Symantec Trojan.Gen.2 20190301
Tencent Win32.Trojan.Inject.Auto 20190301
TheHacker Trojan/Injector.dvuo 20190225
Trapmine malicious.high.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Hlux 20190301
VIPRE Trojan.Win32.Generic!BT 20190301
ViRobot Trojan.Win32.S.Agent.674420 20190301
Webroot W32.Trojan.Gen 20190301
Yandex Backdoor.Androm!FO/OnMBYheM 20190301
ZoneAlarm by Check Point Backdoor.Win32.Androm.pazk 20190301
Zoner Trojan.Win32.65103 20190228
Acronis 20190222
AegisLab 20190301
Alibaba 20180921
Avast-Mobile 20190301
Babable 20180918
Baidu 20190215
ClamAV 20190228
CMC 20190301
eGambit 20190301
F-Secure 20190301
Kingsoft 20190301
Malwarebytes 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190301
TotalDefense 20190301
Trustlook 20190301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product DWB Multi Tool
Original name DWB Multi Tool.exe
Internal name DWB Multi Tool.exe
File version 1.0.0.0
Description DWB Multi Tool
Comments DWB Multi Tool
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-05-13 06:14:48
Entry Point 0x000E6D20
Number of sections 3
PE sections
Overlays
MD5 9ddbee39c9c17eb3d37c9a1ce871f1d7
File type data
Offset 559104
Size 115316
Entropy 8.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
OleDraw
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_FONTDIR 559
RT_STRING 22
RT_BITMAP 21
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_ICON 5
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 566
NEUTRAL 63
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
DWB Multi Tool

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
DWB Multi Tool

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0xe6d20

OriginalFileName
DWB Multi Tool.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
1992:05:13 08:14:48+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DWB Multi Tool.exe

ProductVersion
1.0.0.0

UninitializedDataSize
516096

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DWB Multi Tool

CodeSize
425984

ProductName
DWB Multi Tool

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 f8114c9e434efbf776caffa97aa5fb06
SHA1 d7609fc6ad46dc9c313ee3e7b5bf349d288d788e
SHA256 c23dd98f5972fe61574fed660a0ecb791843bccd3af67b59e2034b366e0bb52c
ssdeep
12288:zhnbVHc/XJm0nOJJ1x3hN/QtnzGNpqG4m/9l86G4m/9l8q:zhnbVQiJPx+kpqvm/U6vm/Uq

authentihash 118faa2cdb379a54f52f0fb451097b38ff68dfd0571d8200e4921c19917fa9d4
imphash 5ab46afeddc553bcd2265d97f7c7260f
File size 658.6 KB ( 674420 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (40.8%)
Win32 EXE Yoda's Crypter (40.1%)
Win32 Executable (generic) (6.8%)
Win16/32 Executable Delphi generic (3.1%)
OS/2 Executable (generic) (3.0%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-02-13 10:15:39 UTC ( 1 year, 1 month ago )
Last submission 2018-03-19 22:58:42 UTC ( 1 year ago )
File names DWB Multi Tool.exe
VirusShare_f8114c9e434efbf776caffa97aa5fb06
cvns.exe
cvns.exe
d66fceed232be5741e8d0486e34a09ab258bcb84
f8114c9e434efbf776caffa97aa5fb06.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs