× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d160f0546067f503c7bb55ff8ac45c97b05a93e495156536be210036d1298357
File name: 214a50e1cc2c98810fce371278d5d7d883d39684
Detection ratio: 24 / 56
Analysis date: 2016-10-02 13:40:01 UTC ( 2 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Yakes.N2119423633 20161001
Antiy-AVL Trojan/Win32.Yakes 20161002
Avast Win32:Malware-gen 20161002
AVG Generic_r.NUK 20161002
Avira (no cloud) TR/Crypt.ZPACK.nadea 20161002
AVware Trojan.Win32.Reveton.a (v) 20161002
Baidu Win32.Trojan.Kryptik.alb 20161001
Bkav W32.eHeur.Malware09 20161001
Comodo Application.Win32.Loadmoney.ERJ 20161002
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win32/Kryptik.FHBM 20161002
Fortinet W32/Yakes.FHBM!tr 20161002
GData Win32.Trojan.Agent.IK3BJ8 20161002
Ikarus Trojan.Win32.Crypt 20161002
Sophos ML generic.a 20160928
Kaspersky Trojan.Win32.Yakes.qyey 20161002
McAfee-GW-Edition BehavesLike.Win32.Generic.nh 20161002
Microsoft Trojan:Win32/Dynamer!ac 20161002
Panda Generic Suspicious 20161002
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161002
Rising Trojan.Kryptik!8.8-NlQwaZFosOQ (cloud) 20161002
Symantec Trojan.Gen.2 20161002
TrendMicro-HouseCall TROJ_GEN.R0C1H0CIU16 20161002
VIPRE Trojan.Win32.Reveton.a (v) 20161002
Ad-Aware 20161002
AegisLab 20161002
Alibaba 20160930
ALYac 20160930
Arcabit 20161002
BitDefender 20161002
CAT-QuickHeal 20161001
ClamAV 20161002
CMC 20160930
Cyren 20161002
DrWeb 20161002
Emsisoft 20161002
F-Prot 20160926
Jiangmin 20161002
K7AntiVirus 20161002
K7GW 20161002
Kingsoft 20161002
Malwarebytes 20161002
McAfee 20161002
eScan 20161002
NANO-Antivirus 20161002
nProtect 20161002
Sophos AV 20161002
SUPERAntiSpyware 20161002
Tencent 20161002
TheHacker 20161001
TrendMicro 20161002
VBA32 20161001
ViRobot 20161002
Yandex 20161001
Zillya 20161001
Zoner 20161002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Internal name dwtrig20.exe
File version 12.0.6606.1000
Description Watson Subscriber for SENS Network Notifications
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-28 18:51:52
Entry Point 0x00001910
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
PolyPolyline
SetColorSpace
SaveDC
SetDCBrushColor
SetICMMode
AddFontResourceW
GetCharABCWidthsI
CreateMetaFileW
PaintRgn
GetMetaFileW
DeleteDC
RectInRegion
QueryFontAssocStatus
XFORMOBJ_iGetXform
GetLayout
StretchDIBits
SetTextColor
EnumFontsW
CreateFontA
GdiEntry10
EngPlgBlt
GetTextFaceA
FlattenPath
GdiEntry7
GetEnhMetaFilePixelFormat
Pie
SetDIBColorTable
CreateSolidBrush
FontIsLinked
DeleteObject
SetSystemPaletteUse
CreateToolhelp32Snapshot
GetSystemTime
InitializeCriticalSection
EnterCriticalSection
UpdateResourceW
TerminateThread
LoadLibraryW
WaitForSingleObject
SetEvent
GetFileAttributesW
DeleteFileA
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetVolumeInformationA
_lwrite
GetDriveTypeA
BuildCommDCBAndTimeoutsA
GetFileSize
GetCommandLineW
VirtualAllocEx
GetModuleFileNameA
GetProcAddress
VirtualProtectEx
SetStdHandle
HeapUnlock
GetModuleHandleA
lstrcmpA
GetExitCodeThread
lstrcpyA
CloseHandle
Thread32Next
GetFileAttributesExW
GetDiskFreeSpaceExA
ResumeThread
RemoveDirectoryA
SetCommConfig
ReadConsoleOutputW
FreeLibraryAndExitThread
SetCurrentDirectoryW
WriteFile
GlobalAlloc
CreateEventA
ReadFileEx
CreateFileA
SleepEx
WriteConsoleW
LeaveCriticalSection
DragQueryFileW
CheckEscapesW
ShellAboutW
SHGetSpecialFolderPathA
SHGetDiskFreeSpaceA
FindExecutableW
SHQueryRecycleBinA
SHGetFolderPathA
SHGetDiskFreeSpaceExW
DragQueryFileAorW
CommandLineToArgvW
StrCmpNIW
StrChrA
StrRChrW
StrChrIW
SetFocus
SendNotifyMessageA
GetMessagePos
GetParent
UpdateWindow
GetInputState
LoadBitmapW
SetClassLongW
GetFocus
GetCapture
keybd_event
KillTimer
GetMonitorInfoA
EnumChildWindows
LoadBitmapA
SetClipboardViewer
DlgDirListW
GetClipboardViewer
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
GetWindowLongA
PostMessageA
ShowWindowAsync
PeekMessageA
CharLowerW
SetWindowLongA
TranslateMessage
GetWindow
GetSysColor
GetDC
GetKeyState
InsertMenuA
GetWindowModuleFileNameA
UnregisterClassA
EndMenu
EnumDisplayDevicesA
DdeQueryNextServer
AnyPopup
GetSystemMetrics
TileWindows
GetWindowModuleFileNameW
DrawMenuBar
DrawTextW
GetSystemMenu
TabbedTextOutA
SendMessageA
SetTimer
GetClientRect
LoadIconA
SwitchToThisWindow
CharNextA
DdeConnectList
SetDlgItemInt
CreateIconFromResource
LoadIconW
RedrawWindow
MsgWaitForMultipleObjects
DragObject
SetForegroundWindow
PtInRect
GetKeyboardType
DestroyWindow
__p__fmode
_acmdln
_ftol
__dllonexit
_except_handler3
_mbsrchr
_chdir
_mbscmp
_onexit
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
sprintf
__CxxFrameHandler
__p__commode
ceil
__getmainargs
_controlfp
_setmbcp
memmove
_initterm
_exit
vsprintf
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
33280

ImageVersion
0.0

FileVersionNumber
12.0.6606.1000

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0.6606.1000

TimeStamp
2016:09:28 19:51:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dwtrig20.exe

FileDescription
Watson Subscriber for SENS Network Notifications

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
5120

FileSubtype
0

ProductVersionNumber
12.0.6606.0

EntryPoint
0x1910

ObjectFileType
Executable application

File identification
MD5 9ad8a3c653b398e90a940028dd110648
SHA1 214a50e1cc2c98810fce371278d5d7d883d39684
SHA256 d160f0546067f503c7bb55ff8ac45c97b05a93e495156536be210036d1298357
ssdeep
768:o5jZ2lQnUjU3A/LcyB6pZ2lLZ9jSkoGAGtuxSRM24coKa:gFUow/vMpaYP2xa

authentihash aaf96bf0e86082d3851413957c8a9195c76a72482e1a757d5a32722b50ec2229
imphash 50db659027ed10ab8cef0c47cf48e68f
File size 38.5 KB ( 39424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-02 13:40:01 UTC ( 2 years, 5 months ago )
Last submission 2016-10-02 13:40:01 UTC ( 2 years, 5 months ago )
File names dwtrig20.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs