× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c65ba197bd4af6cf717a92e2c50ae9b84538232604fd9b5c18a5c32d9651ba74
File name: tVjOvqtpugYC60d8.exe
Detection ratio: 35 / 65
Analysis date: 2018-11-10 22:09:39 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741275 20181110
AegisLab Trojan.Win32.Generic.4!c 20181110
ALYac Trojan.GenericKD.40741275 20181110
Arcabit Trojan.Generic.D26DA99B 20181110
Avast Win32:BankerX-gen [Trj] 20181110
AVG Win32:BankerX-gen [Trj] 20181110
BitDefender Trojan.GenericKD.40741275 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.087560 20180225
Cylance Unsafe 20181110
Cyren W32/Trojan.TXGQ-5296 20181110
Emsisoft Trojan.GenericKD.40741275 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQNZ 20181110
F-Secure Trojan.GenericKD.40741275 20181110
Fortinet W32/GenKryptik.CMYY!tr 20181110
GData Trojan.GenericKD.40741275 20181110
Sophos ML heuristic 20181108
K7AntiVirus Riskware ( 0040eff71 ) 20181110
Kaspersky HEUR:Trojan.Win32.Generic 20181110
Malwarebytes Trojan.Emotet 20181110
McAfee RDN/Generic.dx 20181110
McAfee-GW-Edition BehavesLike.Win32.Emotet.ft 20181110
Microsoft Trojan:Win32/Emotet.AC!bit 20181110
eScan Trojan.GenericKD.40741275 20181110
Palo Alto Networks (Known Signatures) generic.ml 20181110
Qihoo-360 HEUR/QVM20.1.16F2.Malware.Gen 20181110
Rising Trojan.Fuery!8.EAFB (TFE:2:eB1WhSAautE) 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-AJD 20181110
Symantec Trojan.Gen.2 20181110
TrendMicro TROJ_FRS.VSN09K18 20181110
TrendMicro-HouseCall TROJ_FRS.VSN09K18 20181110
Webroot W32.Trojan.Emotet 20181110
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181110
AhnLab-V3 20181110
Alibaba 20180921
Antiy-AVL 20181110
Avast-Mobile 20181110
Avira (no cloud) 20181110
Babable 20180918
Baidu 20181109
Bkav 20181110
CAT-QuickHeal 20181108
ClamAV 20181110
CMC 20181110
DrWeb 20181110
F-Prot 20181110
Ikarus 20181110
Jiangmin 20181110
K7GW 20181109
Kingsoft 20181110
MAX 20181110
NANO-Antivirus 20181110
Panda 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181110
Trustlook 20181110
VBA32 20181109
ViRobot 20181110
Zillya 20181109
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wcp.dll
Internal name WCPDll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Componentization Platform Servicing API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-09 11:46:50
Entry Point 0x00001E99
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
SetTextJustification
GetStockObject
EndPath
lstrcpynW
GetTimeFormatW
GetModuleHandleA
GetLongPathNameA
GetTimeZoneInformation
IsDialogMessageA
FindFirstUrlCacheGroup
GetColorProfileHeader
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294963199

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Componentization Platform Servicing API

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
366080

EntryPoint
0x1e99

OriginalFileName
wcp.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:11:09 12:46:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WCPDll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
8704

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0b09aa3087560807f8c2956ae9516b1e
SHA1 f2801dc8c5ac5936e81d4a30e6c8e5289e18a9c9
SHA256 c65ba197bd4af6cf717a92e2c50ae9b84538232604fd9b5c18a5c32d9651ba74
ssdeep
6144:LiKj1r5cgfqhwb+LMn3I7KqbQMGvMRO9bB:LiKJr5E2rn47KvEO

authentihash 79a6c3220f0f29eb50fd2b9c2da61efde93f5a1e1d522d5dc0c8cc3952a43bac
imphash f0ecf343c88f4d99dcb2e2d3a7c6c78a
File size 358.5 KB ( 367104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 11:50:55 UTC ( 3 months, 1 week ago )
Last submission 2018-11-09 11:50:55 UTC ( 3 months, 1 week ago )
File names tVjOvqtpugYC60d8.exe
59.exe
wcp.dll
WCPDll
18712781.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!