× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c713596ba25af804c5500d1b39dbd11d2f1be7901c15ca7713f72c92d16ad69b
File name: devrew.exe
Detection ratio: 22 / 66
Analysis date: 2018-08-01 18:16:45 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Shelma.R233008 20180801
Antiy-AVL Trojan/Win32.GenKryptik 20180801
Avast Win32:Malware-gen 20180801
AVG Win32:Malware-gen 20180801
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180801
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180801
DrWeb Trojan.MulDrop8.30716 20180801
ESET-NOD32 a variant of Win32/GenKryptik.CEXW 20180801
Fortinet W32/Kryptik.GIRA!tr 20180801
K7AntiVirus Trojan ( 00537a6b1 ) 20180801
K7GW Trojan ( 00537a6b1 ) 20180801
Kaspersky Trojan.Win32.Shelma.acbs 20180801
Malwarebytes Backdoor.Bot 20180801
McAfee GenericRXGF-QP!DAD99BFE1147 20180801
McAfee-GW-Edition GenericRXGF-QP!DAD99BFE1147 20180801
Microsoft Trojan:Win32/Fuerboos.E!cl 20180801
Qihoo-360 HEUR/QVM10.1.E5A1.Malware.Gen 20180801
Rising Trojan.GenKryptik!8.AA55 (C64:YzY0OqhXo8jhD1hU) 20180801
ViRobot Trojan.Win32.Agent.218112.U 20180801
Webroot W32.Malware.gen 20180801
ZoneAlarm by Check Point Trojan.Win32.Shelma.acbs 20180801
Ad-Aware 20180801
AegisLab 20180801
Alibaba 20180713
ALYac 20180801
Arcabit 20180801
Avast-Mobile 20180801
Avira (no cloud) 20180801
AVware 20180727
Babable 20180725
BitDefender 20180801
Bkav 20180801
CAT-QuickHeal 20180801
ClamAV 20180801
CMC 20180801
Comodo 20180801
Cybereason 20180225
Cyren 20180801
eGambit 20180801
Emsisoft 20180801
Endgame 20180730
F-Prot 20180801
F-Secure 20180801
GData 20180801
Ikarus 20180801
Sophos ML 20180717
Jiangmin 20180801
Kingsoft 20180801
MAX 20180801
eScan 20180801
NANO-Antivirus 20180801
Palo Alto Networks (Known Signatures) 20180801
Panda 20180801
SentinelOne (Static ML) 20180701
Sophos AV 20180801
SUPERAntiSpyware 20180801
Symantec 20180801
Symantec Mobile Insight 20180801
TACHYON 20180801
Tencent 20180801
TheHacker 20180730
TrendMicro 20180801
TrendMicro-HouseCall 20180801
Trustlook 20180801
VBA32 20180801
VIPRE 20180801
Yandex 20180731
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WAB.EXE
Internal name WAB.EXE
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Contacts
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-09 10:53:05
Entry Point 0x00001270
Number of sections 5
PE sections
PE imports
GetSystemTimeAsFileTime
InterlockedPopEntrySList
HeapDestroy
EncodePointer
GetStdHandle
MapUserPhysicalPages
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
HeapWalk
GetAtomNameW
EnumResourceLanguagesW
GetCPInfo
FindResourceExW
SetStdHandle
HeapReAlloc
GetStringTypeW
GetOEMCP
HeapLock
AddVectoredExceptionHandler
InitAtomTable
InterlockedPushEntrySList
BeginUpdateResourceW
LoadResource
TlsGetValue
SetLastError
GlobalFindAtomW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GlobalAddAtomW
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
FindAtomW
CreateSemaphoreW
AllocateUserPhysicalPages
FreeUserPhysicalPages
GetModuleHandleExW
RtlCaptureContext
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
EndUpdateResourceW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
LCMapStringW
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
AddAtomW
GetProcessHeap
QueryDepthSList
EnumResourceNamesW
GetTimeFormatW
WriteFile
HeapValidate
MapUserPhysicalPagesScatter
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
GetLocaleInfoW
RemoveVectoredExceptionHandler
LeaveCriticalSection
GlobalGetAtomNameW
GlobalDeleteAtom
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
HeapCompact
GetLastError
SizeofResource
GetCurrentProcessId
LockResource
GetProcessHeaps
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
GetSystemDEPPolicy
GetCurrentThread
TlsFree
HeapUnlock
DeleteAtom
CloseHandle
EnumResourceTypesW
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
Sleep
TerminateProcess
VirtualAlloc
MapWindowPoints
GetCaretBlinkTime
EnumDesktopsA
GetClipboardOwner
SetLayeredWindowAttributes
DlgDirListComboBoxW
SetCaretPos
CheckRadioButton
CreateCaret
ClipCursor
SetProcessDefaultLayout
SetClipboardViewer
GetOpenClipboardWindow
GetCaretPos
LockSetForegroundWindow
GetClipboardData
GetSysColorBrush
GetClipboardViewer
MessageBoxW
SetWindowPlacement
DlgDirSelectComboBoxExW
GetClipboardFormatNameW
RegisterShellHookWindow
SendDlgItemMessageW
GetProcessWindowStation
GetClipboardSequenceNumber
CheckDlgButton
CreateCursor
ChangeClipboardChain
LoadBitmapW
LockWorkStation
RealGetWindowClassW
MessageBoxExW
SetClipboardData
SetCaretBlinkTime
SetWindowTextW
SetWindowPos
GetNextDlgTabItem
ScreenToClient
MessageBoxIndirectW
GetPriorityClipboardFormat
IsClipboardFormatAvailable
CountClipboardFormats
DialogBoxIndirectParamW
SwitchToThisWindow
SetParent
RegisterClipboardFormatW
SetDlgItemInt
EnumClipboardFormats
RealChildWindowFromPoint
SetForegroundWindow
DefDlgProcW
ExitWindowsEx
OpenClipboard
Number of PE resources by type
RT_RCDATA 81
RT_STRING 21
RT_GROUP_ICON 12
RT_ICON 11
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 83
ENGLISH US 44
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Contacts

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
5120512

EntryPoint
0x1270

OriginalFileName
WAB.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:07:09 11:53:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WAB.EXE

ProductVersion
6.1.7601.17514

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
96768

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dad99bfe1147ad527a888b16735c6b02
SHA1 01ba19e7d51b50b55101d7e6bf71d0ac1f9fa49b
SHA256 c713596ba25af804c5500d1b39dbd11d2f1be7901c15ca7713f72c92d16ad69b
ssdeep
3072:wyolZKDX34SYVRY1Uf0I10MSVdMK79O3oiNFgb6p7YKh6poHNURj7U:wyolZKjIbQMGMK7x6p7YKOENq

authentihash 5dd892721a300ee111834d64e3c0e8b537a76af49b60cd8b4d1273f776c6e0c6
imphash 59b99ca863a20426b0d67f6a575e7f18
File size 5.0 MB ( 5218304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-01 18:16:45 UTC ( 5 months, 2 weeks ago )
Last submission 2018-08-01 18:16:45 UTC ( 5 months, 2 weeks ago )
File names WAB.EXE
devrew.exe
devrew.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs