× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c33681d042bcfb2ce20995647357c3e90ab399a0ec5609787cd83b846f338922
File name: c2b401f0740a35dc9a0f5a45a4c72949
Detection ratio: 51 / 67
Analysis date: 2018-05-04 18:03:49 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30662848 20180504
AegisLab Troj.Banker.W32.Emotet!c 20180504
AhnLab-V3 Trojan/Win32.Emotet.R226463 20180504
ALYac Trojan.GenericKD.30662848 20180504
Antiy-AVL Trojan/Win32.TSGeneric 20180504
Arcabit Trojan.Generic.D1D3E0C0 20180504
Avast Win32:Malware-gen 20180504
AVG Win32:Malware-gen 20180504
Avira (no cloud) TR/AD.HeodoDlder.rddnk 20180504
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
BitDefender Trojan.GenericKD.30662848 20180504
Bkav HW32.Packed.9110 20180504
CAT-QuickHeal Trojan.IGENERIC 20180504
ClamAV Win.Trojan.Emotet-6523405-0 20180504
Comodo .UnclassifiedMalware 20180504
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180504
Cyren W32/S-6e8a7988!Eldorado 20180504
eGambit Unsafe.AI_Score_98% 20180504
Emsisoft Trojan.GenericKD.30662848 (B) 20180504
Endgame malicious (high confidence) 20180504
ESET-NOD32 a variant of Win32/Kryptik.GGDQ 20180504
F-Prot W32/S-6e8a7988!Eldorado 20180504
Fortinet W32/Kryptik.GFIA!tr 20180504
GData Trojan.GenericKD.30662848 20180504
Ikarus Trojan-Banker.Emotet 20180504
Sophos ML heuristic 20180503
Jiangmin Trojan.Banker.Emotet.ahd 20180504
K7AntiVirus Trojan ( 0052f1ec1 ) 20180504
K7GW Trojan ( 0052f1ec1 ) 20180504
Kaspersky Trojan-Banker.Win32.Emotet.akcn 20180504
Malwarebytes Trojan.Downloader 20180504
MAX malware (ai score=99) 20180504
McAfee Emotet-FGX!C2B401F0740A 20180504
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.dc 20180504
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180504
eScan Trojan.GenericKD.30662848 20180504
NANO-Antivirus Trojan.Win32.Emotet.faxdfc 20180504
Palo Alto Networks (Known Signatures) generic.ml 20180504
Panda Generic Suspicious 20180504
Qihoo-360 HEUR/QVM20.1.C6D8.Malware.Gen 20180504
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180504
Symantec Trojan.Gen.2 20180504
TrendMicro TROJ_GEN.R02DC0RDS18 20180504
TrendMicro-HouseCall TROJ_GEN.R02DC0RDS18 20180504
VIPRE Trojan.Win32.Generic!BT 20180504
ViRobot Trojan.Win32.Z.Kryptik.238592.HE 20180504
Webroot W32.Trojan.Emotet 20180504
Yandex Trojan.PWS.Emotet! 20180504
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.akcn 20180504
Alibaba 20180503
Avast-Mobile 20180504
AVware 20180428
Babable 20180406
CMC 20180504
Cybereason None
DrWeb 20180504
F-Secure 20180504
Kingsoft 20180504
nProtect 20180504
Rising 20180504
SUPERAntiSpyware 20180504
Symantec Mobile Insight 20180501
Tencent 20180504
TheHacker 20180504
TotalDefense 20180504
Trustlook 20180504
VBA32 20180504
Zillya 20180504
Zoner 20180503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product MediaShow
Original name MediaShow.exe
Internal name Media Shower
Description Helper On
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-01-24 09:38:41
Entry Point 0x00005357
Number of sections 10
PE sections
PE imports
SetSecurityDescriptorRMControl
JetEscrowUpdate
GetTextColor
UpdateColors
GetConsoleSelectionInfo
GetFileTime
GetCurrentProcess
GetPriorityClass
GetLargePageMinimum
Heap32First
HeapCreate
SetConsoleCP
GetProductInfo
GetTickCount
GetProcessTimes
LocalUnlock
GetVersion
StrCatBuffW
ShowCursor
DeferWindowPos
LockSetForegroundWindow
GetMenuState
TranslateMDISysAccel
CoRegisterMessageFilter
Number of PE resources by type
RT_ICON 6
RT_STRING 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
226816

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.10.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Helper On

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.9

EntryPoint
0x5357

OriginalFileName
MediaShow.exe

MIMEType
application/octet-stream

TimeStamp
1995:01:24 10:38:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Media Shower

ProductVersion
1.1.00.5-RELEASE-3261ab70162a15491f105139acb02100067d661b

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Helper On

CodeSize
14848

ProductName
MediaShow

ProductVersionNumber
1.2.10.6

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.1.00.5

File identification
MD5 c2b401f0740a35dc9a0f5a45a4c72949
SHA1 77a9d9bdffad4a52dbe97755f356312b2cc39c96
SHA256 c33681d042bcfb2ce20995647357c3e90ab399a0ec5609787cd83b846f338922
ssdeep
3072:Dt5FE2X0WGeFp1yfWMOtUoktDYj9WpDjjroV1YUHT2PbQIlS4FBRiM26jGzpD9bV:DfF3VFjWVckVjrH2T2PVlB26CtDiW6

authentihash 98e639919a6215baa5ba8c6ffa31cafd5c2909b54147e526e22a89503c8adb46
imphash ecfc7509fa1ef2cecb359988efdb40a3
File size 233.0 KB ( 238592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-29 16:46:11 UTC ( 9 months, 3 weeks ago )
Last submission 2018-11-20 12:13:03 UTC ( 2 months, 4 weeks ago )
File names MediaShow.exe
Media Shower
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!