× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d07965433e1bfe9502b2d392a8bccfbb15b3f62744a40453865f364b0737820e
File name: keaFfw.exe
Detection ratio: 20 / 65
Analysis date: 2018-11-09 17:05:19 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181109
AVG FileRepMalware 20181109
Bkav HW32.Packed. 20181109
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.578a31 20180225
Emsisoft Trojan.Emotet (A) 20181109
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMOJ 20181109
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b6a31 ) 20181109
K7GW Trojan ( 0053b6a31 ) 20181109
Kaspersky UDS:DangerousObject.Multi.Generic 20181109
McAfee GenericRXGO-TH!9FB885662B6C 20181109
Microsoft Trojan:Win32/Emotet.AC!bit 20181109
Palo Alto Networks (Known Signatures) generic.ml 20181109
Qihoo-360 HEUR/QVM20.1.1823.Malware.Gen 20181109
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazrxy+32k6E6ix9mkPriaOic) 20181109
Symantec ML.Attribute.HighConfidence 20181109
Webroot W32.Trojan.Emotet 20181109
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181109
Ad-Aware 20181109
AegisLab 20181109
AhnLab-V3 20181109
Alibaba 20180921
ALYac 20181109
Antiy-AVL 20181109
Arcabit 20181109
Avast-Mobile 20181109
Avira (no cloud) 20181109
Babable 20180918
Baidu 20181109
BitDefender 20181109
CAT-QuickHeal 20181108
ClamAV 20181109
CMC 20181109
Cylance 20181109
Cyren 20181109
DrWeb 20181109
F-Prot 20181109
F-Secure 20181109
Fortinet 20181109
GData 20181109
Ikarus 20181109
Jiangmin 20181109
Kingsoft 20181109
Malwarebytes 20181109
MAX 20181109
McAfee-GW-Edition 20181109
eScan 20181109
NANO-Antivirus 20181109
Panda 20181109
SentinelOne (Static ML) 20181011
Sophos AV 20181109
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181109
Tencent 20181109
TheHacker 20181108
TrendMicro 20181109
TrendMicro-HouseCall 20181109
Trustlook 20181109
VBA32 20181109
VIPRE 20181109
ViRobot 20181109
Yandex 20181109
Zillya 20181109
Zoner 20181109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Sola Plug-in
Original name msiltcfg.dl
Internal name Aban Plug-in
File version 1, 4, 2, 50
Description Window I Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-06-10 08:02:18
Entry Point 0x00001643
Number of sections 6
PE sections
PE imports
CryptSetProviderExW
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegOverridePredefKey
SetBkColor
SetTextAlign
GetKerningPairsA
SetViewportOrgEx
GetProcessId
GetCurrentConsoleFont
GetNativeSystemInfo
FindNextFileNameW
FindVolumeClose
GlobalAlloc
PurgeComm
GlobalMemoryStatusEx
GetCommandLineA
GetDynamicTimeZoneInformation
GetNamedPipeClientSessionId
VARIANT_UserMarshal
SafeArrayPtrOfIndex
VarI2FromDate
SetupDiInstallClassW
SHEnumerateUnreadMailAccountsW
StrToIntW
SetContextAttributesW
DdeUnaccessData
GetParent
EndMenu
IsDlgButtonChecked
DrawIcon
IsWindowVisible
GetRawInputDeviceList
UnloadKeyboardLayout
WindowFromDC
CryptCATAdminEnumCatalogFromHash
RegisterDragDrop
Number of PE resources by type
RT_DIALOG 20
RT_STRING 10
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ITALIAN NEUTRAL 3
SWEDISH NEUTRAL 3
CHINESE TRADITIONAL 3
SPANISH NEUTRAL 3
GERMAN NEUTRAL 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
FRENCH NEUTRAL 3
KOREAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
143360

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.2.50

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Window I Stub

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

EntryPoint
0x1643

OriginalFileName
msiltcfg.dl

MIMEType
application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.4|application/x-java-bean;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-bean;version=1.4.1

LegalCopyright
Microsoft

FileExtents
|||||

FileOpenName
Aban Applet|JavaBeans|Sola Applet|SolaBeans|Sola Applet|SolaBeans

FileVersion
1, 4, 2, 50

TimeStamp
1995:06:10 01:02:18-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Aban Plug-in

ProductVersion
1, 4, 2, 50

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AbanSoft / Sun Microsystems, Inc.

CodeSize
8192

ProductName
Sola Plug-in

ProductVersionNumber
1.4.2.50

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 9fb885662b6c0e96a13789f9bdacb36b
SHA1 e4181e7578a3177904a2e7568a970b961888faa4
SHA256 d07965433e1bfe9502b2d392a8bccfbb15b3f62744a40453865f364b0737820e
ssdeep
1536:+4U54C7DZLAsOWM2WDMgDLYj/wiPcjgz5Tgv7P4OpVxHnD/xSEQBfc2eJG9F0HNo:+4rkXM2FOYzqG6vZvkk3HE6uUE

authentihash 71ec6228744179b80e1ecdd2874399fe9ae64b2688bdbc1fe76991aa3814b46c
imphash 940109ec2bf607d8dd9f4a1765188e90
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 16:31:15 UTC ( 3 months, 1 week ago )
Last submission 2018-11-20 13:02:41 UTC ( 2 months, 4 weeks ago )
File names monjpnwebcam.exe
5fptzjAsp5.exe
xIkagnav.exe
r9Iap4CV6M.exe
RiI6wTzC(5)
nmtwv0LH0z.exe
XeJ2JSxuf5N.exe
j5M4DokjR04.exe
gytLuwYP5WtL.exe
zbetcheckin_tracker_Nl249zmBbv
rrIbbzUreap.exe
VDOuUZWX.exe
output.114490089.txt
msiltcfg.dl
output.114466495.txt
mCO1LfkOs.exe
output.114467906.txt
keaFfw.exe
oxNOOE2ZcIp0.exe
output.114490090.txt
9fb885662b6c0e96a13789f9bdacb36b
1MivFdnD.exe
NUutHvUZYPMZ.exe
Aban Plug-in
RiI6wTzC(2)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!