× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c329d574b24e01f8721622d7979f64aa505b4a0ecc1e834733afa47fd96fb4db
File name: olEgwHBWOdbNnABa.exe
Detection ratio: 17 / 68
Analysis date: 2018-09-27 06:23:15 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG Win32:MdeClass 20180927
CAT-QuickHeal Trojan.Emotet.X4 20180926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180927
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180926
McAfee Emotet-FJG!EE964197100D 20180927
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm 20180927
Microsoft Trojan:Win32/Emotet.AC!bit 20180927
Palo Alto Networks (Known Signatures) generic.ml 20180927
Qihoo-360 HEUR/QVM20.1.2389.Malware.Gen 20180927
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgKi6+X7tRFbWA) 20180927
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ML.Attribute.HighConfidence 20180927
VBA32 Malware-Cryptor.Limpopo 20180926
Webroot W32.Trojan.Emotet 20180927
Ad-Aware 20180927
AegisLab 20180927
AhnLab-V3 20180927
Alibaba 20180921
ALYac 20180927
Antiy-AVL 20180927
Arcabit 20180927
Avast 20180927
Avast-Mobile 20180927
Avira (no cloud) 20180927
AVware 20180925
Babable 20180918
Baidu 20180927
BitDefender 20180927
Bkav 20180927
ClamAV 20181001
CMC 20180926
Comodo 20180927
Cybereason 20180225
Cyren 20180927
DrWeb 20180927
eGambit 20180927
Emsisoft 20180927
ESET-NOD32 20180927
F-Prot 20180927
F-Secure 20180927
Fortinet 20180927
GData 20180927
Ikarus 20180926
Jiangmin 20180926
K7AntiVirus 20180927
Kaspersky 20180927
Kingsoft 20180927
MAX 20180927
eScan 20180927
NANO-Antivirus 20180927
Panda 20180926
Sophos AV 20180927
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180927
Tencent 20180927
TheHacker 20180927
TotalDefense 20180925
TrendMicro 20180927
TrendMicro-HouseCall 20180927
Trustlook 20180927
VIPRE 20180927
ViRobot 20180927
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Microsoft® Windows® Operat
Original name DeviceMetadata
Internal name DeviceMetadata
File version 6.1.7600.16385 (win7_rtm.090713-125
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 04:18:46
Entry Point 0x0002E77E
Number of sections 5
PE sections
PE imports
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
QueryUsersOnEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
CreatePipe
DecodePointer
GetModuleHandleA
HeapCompact
GetSystemDefaultLCID
SetProcessShutdownParameters
UnlockFileEx
GetSystemTimes
FillConsoleOutputCharacterW
GetSystemPowerStatus
SetFileBandwidthReservation
CompareStringA
MprAdminInterfaceDisconnect
MprConfigInterfaceTransportSetInfo
MprAdminInterfaceTransportRemove
NetApiBufferSize
SafeArrayCopy
glEvalMesh1
RpcBindingSetAuthInfoW
SetupDiClassNameFromGuidExW
SetupDiSetDeviceInstallParamsA
UrlEscapeW
StrRChrIW
ToUnicodeEx
CharPrevA
BeginDeferWindowPos
SendDlgItemMessageA
RealGetWindowClassW
DrawIconEx
LoadCursorFromFileA
InsertMenuW
PtInRect
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryW
InternetReadFileExA
waveOutSetVolume
mmioWrite
Ord(30)
iswascii
localeconv
StgOpenStorageEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
30720

EntryPoint
0x2e77e

OriginalFileName
DeviceMetadata

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights res

FileVersion
6.1.7600.16385 (win7_rtm.090713-125

TimeStamp
2018:09:27 06:18:46+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DeviceMetadata

ProductVersion
6.1.7600.163

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
194048

ProductName
Microsoft Windows Operat

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ee964197100d076072b6fdc5bfaf297b
SHA1 892d07aabbf728e4d0a898114f1846e3e969f07d
SHA256 c329d574b24e01f8721622d7979f64aa505b4a0ecc1e834733afa47fd96fb4db
ssdeep
1536:2bwXMyi0nOIQjwoQHLi7Ud+A/+UkcKQqjnVJ+XNIOobOdzElvloCnr9JmPatN5vE:2MtJFDoYLYk+6VKQ0nVGF4LDmPa9E

authentihash 69d5ca6ca22e0f0eda602a110515bc70e9b09974c0d98cc7cd59a7b177a1de90
imphash 16d59eb74047a41da3e3781b2449fda6
File size 215.0 KB ( 220160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-27 04:29:25 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-13 05:18:47 UTC ( 3 months, 1 week ago )
File names C$~Users~test~AppData~Local~Microsoft~Windows~computeneed.exe
soundsstarta(100).gxe
94410.exe
0124.exe
122.exe
29888.exe
07746253.exe
olEgwHBWOdbNnABa.exe
92.exe
3461881.exe
21430.exe
9492.exe
2036539.exe
4818.exe
DeviceMetadata
49117.exe
6961.exe
ihunshlp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!