× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ceff171b580b5b34d416d20d06beaabd13c2e884654a13df8ebb57472a206503
File name: GsrntMwh1TstaT.exe
Detection ratio: 42 / 68
Analysis date: 2018-11-02 15:34:21 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ser.Razy.746 20181102
AhnLab-V3 Malware/RL.Generic.R241823 20181102
ALYac Gen:Variant.Ser.Razy.746 20181102
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181102
Arcabit Trojan.Ser.Razy.746 20181102
Avast Win32:BankerX-gen [Trj] 20181102
AVG Win32:BankerX-gen [Trj] 20181102
Avira (no cloud) TR/AD.Emotet.qzoyc 20181102
BitDefender Gen:Variant.Ser.Razy.746 20181102
CAT-QuickHeal Trojan.Emotet.X4 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181102
Cyren W32/Trojan.ZECX-7210 20181102
Emsisoft Gen:Variant.Ser.Razy.746 (B) 20181102
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMBF 20181102
F-Secure Gen:Variant.Ser.Razy.746 20181102
Fortinet W32/GenKryptik.CPGU!tr 20181102
GData Gen:Variant.Ser.Razy.746 20181102
Ikarus Trojan-Banker.Emotet 20181102
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053febd1 ) 20181102
K7GW Trojan ( 0053febd1 ) 20181102
Kaspersky Trojan-Banker.Win32.Emotet.blcn 20181102
Malwarebytes Trojan.Emotet.Generic 20181102
MAX malware (ai score=100) 20181102
McAfee GenericRXGN-ZE!4ADEC495FB30 20181102
McAfee-GW-Edition BehavesLike.Win32.Rimecud.gm 20181102
Microsoft Trojan:Win32/Emotet.AC!bit 20181102
eScan Gen:Variant.Ser.Razy.746 20181102
NANO-Antivirus Virus.Win32.Gen.ccmw 20181102
Palo Alto Networks (Known Signatures) generic.ml 20181102
Panda Trj/GdSda.A 20181102
Qihoo-360 HEUR/QVM19.1.D4E1.Malware.Gen 20181102
Rising Ransom.Locky!8.1CD4 (CLOUD) 20181102
Sophos AV Mal/EncPk-ANY 20181102
Symantec Trojan.Emotet 20181102
Tencent Win32.Trojan-banker.Emotet.Pgnm 20181102
TrendMicro TROJ_GEN.R011C0DJU18 20181102
TrendMicro-HouseCall TROJ_GEN.R011C0DJU18 20181102
Webroot W32.Trojan.Emotet 20181102
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.blcn 20181102
AegisLab 20181102
Alibaba 20180921
Avast-Mobile 20181102
Babable 20180918
Baidu 20181102
Bkav 20181102
ClamAV 20181102
CMC 20181102
Cybereason 20180225
DrWeb 20181102
eGambit 20181102
F-Prot 20181102
Jiangmin 20181102
Kingsoft 20181102
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181102
TheHacker 20181031
TotalDefense 20181102
Trustlook 20181102
VBA32 20181102
VIPRE 20181102
ViRobot 20181102
Yandex 20181101
Zillya 20181102
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows®
Original name wlstore.dl
Internal name wlstore.dl
File version 6.1.7600
Description Policy Storage dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-28 15:02:51
Entry Point 0x0005407C
Number of sections 4
PE sections
PE imports
GetBitmapDimensionEx
GetGraphicsMode
GetModuleHandleA
SetConsoleScreenBufferSize
HeapSize
ICSeqCompressFrame
NetShareCheck
SHCreateThreadRef
GetRawInputDeviceList
HGLOBAL_UserMarshal
Number of PE resources by type
RT_STRING 93
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 94
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.9951.0

LanguageCode
Japanese

FileFlagsMask
0x003f

FileDescription
Policy Storage dll

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
104448

EntryPoint
0x5407c

OriginalFileName
wlstore.dl

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7600

TimeStamp
2018:10:28 08:02:51-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
wlstore.dl

ProductVersion
6.1.7600

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
346112

ProductName
Microsoft Windows

ProductVersionNumber
7.0.9951.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4adec495fb3086fcee4170c061606f7a
SHA1 e7e8adcba96553bad6528359e59055a36cebda4f
SHA256 ceff171b580b5b34d416d20d06beaabd13c2e884654a13df8ebb57472a206503
ssdeep
3072:Fnx3NUYMuaBudz2U+5+LPo1RPqRBbTnoBjRYSOQgmYRtwzoFxWLWOvyyxTIP7ycd:FnxzMuaBKzHkQg1UPjkjyhQILsE

authentihash 5bffc191e9be3265410689fa6976e0e2d075f2e9e55b3150a6b267dcf9316f89
imphash f3f09978fd5b0b25c59e4f5539d807c0
File size 435.5 KB ( 445952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-28 15:06:07 UTC ( 3 months, 3 weeks ago )
Last submission 2018-10-28 15:06:07 UTC ( 3 months, 3 weeks ago )
File names wlstore.dl
GsrntMwh1TstaT.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!