× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4dbbe04e5084bc880c7bdcb55aaa5457b023f60d7aa55f0de1e60d917b78913
File name: b97cc7da0bfdac0887d33633be2cd3f0.virus
Detection ratio: 31 / 71
Analysis date: 2019-03-20 10:26:25 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Emotet.VF 20190320
AegisLab Hacktool.Win32.Krap.lKMc 20190320
AhnLab-V3 Trojan/Win32.Emotet.R259609 20190320
Arcabit Trojan.Emotet.VF 20190320
Avast Win32:Malware-gen 20190320
AVG Win32:Malware-gen 20190320
BitDefender Trojan.GenericKD.41128669 20190320
ClamAV Win.Malware.Emotet-6900425-0 20190320
CrowdStrike Falcon (ML) win/malicious_confidence_90% (D) 20190212
Cylance Unsafe 20190320
Emsisoft Trojan.Emotet.VF (B) 20190320
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.EVLC 20190320
Fortinet W32/Kryptik.GQEV!tr 20190320
GData Trojan.Emotet.VF 20190320
Ikarus Trojan-Banker.Emotet 20190320
Sophos ML heuristic 20190313
Malwarebytes Trojan.Emotet 20190320
MAX malware (ai score=80) 20190320
McAfee Emotet-FMI!B97CC7DA0BFD 20190320
Microsoft Trojan:Win32/Emotet.LK!ml 20190320
eScan Trojan.Emotet.VF 20190320
Panda Trj/GdSda.A 20190319
Qihoo-360 HEUR/QVM20.1.F796.Malware.Gen 20190320
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazoRFATFyn+3hR0dBCn+U4gE) 20190320
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Emotet-Q 20190320
Symantec Packed.Generic.459 20190320
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTH 20190320
VBA32 BScope.Malware-Cryptor.Emotet 20190320
Webroot W32.Trojan.Emotet 20190320
Acronis 20190320
Alibaba 20190306
ALYac 20190320
Antiy-AVL 20190320
Avast-Mobile 20190320
Avira (no cloud) 20190320
Babable 20180918
Baidu 20190318
Bkav 20190320
CAT-QuickHeal 20190319
CMC 20190320
Comodo 20190320
Cybereason 20190109
Cyren 20190320
DrWeb 20190320
eGambit 20190320
F-Prot 20190320
F-Secure 20190320
Jiangmin 20190320
K7AntiVirus 20190320
K7GW 20190320
Kaspersky 20190320
Kingsoft 20190320
McAfee-GW-Edition 20190320
NANO-Antivirus 20190320
Palo Alto Networks (Known Signatures) 20190320
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190320
Tencent 20190320
TheHacker 20190319
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190320
Trustlook 20190320
VIPRE None
ViRobot 20190320
Yandex 20190320
Zillya 20190319
ZoneAlarm by Check Point 20190320
Zoner 20190320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name OneClickMaintenance.exe
Internal name OneClickMaintenance.exe
File version 5, 0, 0, 6
Description OneClickMaintenance
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:22 AM 3/20/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-19 23:00:03
Entry Point 0x000012C0
Number of sections 4
PE sections
Overlays
MD5 7423636863d14c937b2d69ec0168f86d
File type data
Offset 352256
Size 3336
Entropy 7.32
PE imports
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegEnumKeyW
RegFlushKey
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
Ord(17)
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_Remove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Create
ImageList_Read
ImageList_Copy
ImageList_EndDrag
GetSaveFileNameW
GetOpenFileNameW
EngGradientFill
GdiFixUpHandle
PlayEnhMetaFileRecord
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
GdiGetBatchLimit
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
AngleArc
CopyEnhMetaFileA
GetTextExtentPointW
GdiEntry16
CreatePalette
CreateDIBitmap
GdiEntry10
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
GetFontData
SetWinMetaFileBits
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCurrentPositionEx
EnumFontsA
GetBitmapBits
GetOutlineTextMetricsA
GetBrushOrgEx
ExcludeClipRect
GdiGetDevmodeForPage
SetBkMode
BitBlt
GdiGetPageHandle
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetBkColor
SetDIBits
SetROP2
EndPage
GetNearestPaletteIndex
CLIPOBJ_ppoGetPath
SetPixelV
DeleteObject
CreatePenIndirect
GetTextFaceAliasW
PatBlt
GetMetaRgn
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetEnhMetaFileBits
GetSystemPaletteEntries
SetDIBColorTable
StartPage
GetObjectW
CreateDCW
XFORMOBJ_iGetXform
GetEnhMetaFileDescriptionW
ExtTextOutW
SetPaletteEntries
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
AddFontResourceExA
SelectClipRgn
RoundRect
GdiGetCodePage
GetWinMetaFileBits
RealizePalette
GetEnhMetaFileHeader
SetWindowOrgEx
SelectObject
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
SetDIBitsToDevice
CreateDIBSection
GdiSetBatchLimit
SetTextColor
ExtFloodFill
GetCurrentObject
EngAcquireSemaphore
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateCompatibleDC
PolyBezierTo
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
EudcLoadLinkW
GetEnhMetaFilePixelFormat
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
CreateTimerQueue
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
lstrcatW
GetLocaleInfoW
GetTimeZoneInformation
FindResourceExA
GetCPInfo
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
_lopen
GetThreadPriority
EnumDateFormatsW
SetEvent
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
EnumCalendarInfoW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
InterlockedDecrement
CopyFileW
lstrcpynW
LoadResource
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
SwitchToThread
GetModuleFileNameA
LoadLibraryA
GlobalAddAtomW
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
DeleteTimerQueueTimer
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetExitCodeThread
MulDiv
ExitThread
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
SearchPathW
GetVersion
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetFileSize
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
lstrcmpiW
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
GetWindowsDirectoryW
GetConsoleAliasesW
OpenProcess
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetProfileStringW
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTempPathW
CreateEventW
CreateFileW
TlsSetValue
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
GetConsoleAliasesLengthW
GetThreadLocale
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
GetAtomNameA
GetCPInfoExW
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
InterlockedCompareExchange
GetCurrentThread
SuspendThread
RaiseException
SetFilePointer
ReadFile
ReadConsoleOutputCharacterW
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetFileAttributesExW
SetCommConfig
GetLocalTime
FindResourceExW
VirtualFree
GetConsoleAliasExesLengthW
Sleep
VirtualAlloc
DragQueryFileW
SHBrowseForFolderW
SHBindToParent
SHChangeNotify
Shell_NotifyIconW
ExtractAssociatedIconExA
SHBrowseForFolderA
SHQueryRecycleBinA
Shell_NotifyIcon
Ord(18)
SHLoadNonloadedIconOverlayIdentifiers
Ord(24)
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHGetPathFromIDListW
ExtractIconEx
SHCreateDirectoryExA
ShellExecuteExW
SHEmptyRecycleBinA
SHGetFileInfoW
SHFileOperationW
WOWShellExecute
SHGetMalloc
SHGetIconOverlayIndexW
DragQueryFile
SHFormatDrive
DragAcceptFiles
SHGetDesktopFolder
Ord(153)
SHGetSpecialFolderPathA
ShellExecuteExA
SHCreateProcessAsUserW
Ord(680)
ShellAboutW
Ord(25)
SHGetDataFromIDListW
DragFinish
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderLocation
Ord(16)
SHGetDataFromIDListA
SHGetPathFromIDList
SHGetFolderPathA
CommandLineToArgvW
DoEnvironmentSubstW
StrCmpNIW
StrStrIW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
CountClipboardFormats
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
SendMessageA
UnregisterClassW
GetClientRect
DefWindowProcW
GetDlgItemTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
LoadImageW
TrackPopupMenu
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
DrawTextW
GetMenuItemID
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
CharPrevW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
DefMDIChildProcW
IsCharAlphaW
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CharUpperW
PeekMessageA
ChildWindowFromPoint
CopyImage
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
SetClipboardData
GetIconInfo
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
OpenClipboard
IsDialogMessageW
FillRect
EnumThreadWindows
MonitorFromPoint
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
EmptyClipboard
SystemParametersInfoW
OffsetRect
SetFocus
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
SetTimer
GetClipboardData
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
PostMessageW
InvalidateRect
EndDialog
CreateDialogParamW
DrawTextExW
WaitMessage
CreatePopupMenu
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
CreateIconIndirect
ScreenToClient
SetKeyboardState
CreateIcon
GetKeyboardState
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
GetKeyboardLayout
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
ExitWindowsEx
GetMenuStringW
GetAsyncKeyState
CharLowerBuffW
IntersectRect
GetScrollInfo
GetTopWindow
HideCaret
FindWindowW
GetCapture
BeginPaint
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
SendMessageW
UnhookWindowsHookEx
LoadIconW
DialogBoxParamW
LoadKeyboardLayoutW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
MessageBoxIndirectW
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
wvsprintfW
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
wsprintfW
DefFrameProcW
IsWindowVisible
SetCursorPos
IsCharAlphaNumericW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
wsprintfA
CharNextW
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
CheckMenuItem
SetMenu
SetCursor
CoInitializeEx
OleUninitialize
CoUninitialize
IsEqualGUID
OleInitialize
RevokeDragDrop
ReleaseStgMedium
CLSIDFromString
RegisterDragDrop
CoCreateInstance
DoDragDrop
StringFromCLSID
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 21
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
54272

ImageVersion
0.0

ProductName
Glary Utilities

FileVersionNumber
5.0.0.6

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
OneClickMaintenance.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5, 0, 0, 6

TimeStamp
2019:03:20 00:00:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OneClickMaintenance.exe

ProductVersion
5.0.0.0

FileDescription
OneClickMaintenance

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
296960

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x12c0

ObjectFileType
Executable application

File identification
MD5 b97cc7da0bfdac0887d33633be2cd3f0
SHA1 a19f4c8308ed839612ac181e17308d6e82d2fb1b
SHA256 c4dbbe04e5084bc880c7bdcb55aaa5457b023f60d7aa55f0de1e60d917b78913
ssdeep
6144:iBf46wO7HK3Uwo5VUg+4sEjoKnun1Knun1Knun1Knun1Knun1Knun1Knun1Knuna:mf9oWVp2WOWOWOWOWOWOWOWOWyoPx9Z

authentihash 516632f36ab8a81014616704de6462d092ac77e42a67132761f86adedb257773
imphash 4d277ae00bf90ab388fd40acbaff29c1
File size 347.3 KB ( 355592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-20 10:26:25 UTC ( 2 months ago )
Last submission 2019-03-20 10:26:25 UTC ( 2 months ago )
File names OneClickMaintenance.exe
b97cc7da0bfdac0887d33633be2cd3f0.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs