× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2576992de5c7d853c5f695c00bece99e913d253cd84ebec0f858903aa088972
File name: 548339212039a73f848d82353694247e
Detection ratio: 15 / 68
Analysis date: 2018-09-19 22:39:22 UTC ( 6 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180919
AVG FileRepMalware 20180919
Avira (no cloud) TR/Crypt.XPACK.Gen 20180919
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180919
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Phorpiex.G 20180919
Sophos ML heuristic 20180717
Kaspersky HEUR:Worm.Win32.Generic 20180919
Microsoft Trojan:Win32/Fuerboos.E!cl 20180919
Qihoo-360 HEUR/QVM07.1.FA71.Malware.Gen 20180919
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazr+xKlJXKJfUGFmYfDbWDSd) 20180919
Symantec ML.Attribute.HighConfidence 20180919
VBA32 BScope.Trojan.Zonidel 20180919
ZoneAlarm by Check Point HEUR:Worm.Win32.Generic 20180919
Ad-Aware 20180919
AegisLab 20180919
AhnLab-V3 20180919
Alibaba 20180713
ALYac 20180919
Antiy-AVL 20180919
Arcabit 20180919
Avast-Mobile 20180919
AVware 20180919
Babable 20180918
Baidu 20180914
BitDefender 20180919
Bkav 20180919
CAT-QuickHeal 20180918
ClamAV 20180919
CMC 20180919
Comodo 20180919
Cybereason 20180225
Cyren 20180919
DrWeb 20180919
eGambit 20180919
Emsisoft 20180919
F-Prot 20180919
F-Secure 20180919
Fortinet 20180919
GData 20180919
Ikarus 20180919
Jiangmin 20180919
K7AntiVirus 20180919
K7GW 20180919
Kingsoft 20180919
Malwarebytes 20180919
MAX 20180919
McAfee 20180919
McAfee-GW-Edition 20180919
eScan 20180919
NANO-Antivirus 20180919
Palo Alto Networks (Known Signatures) 20180919
Panda 20180919
SentinelOne (Static ML) 20180830
Sophos AV 20180919
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180919
Tencent 20180919
TheHacker 20180918
TotalDefense 20180919
TrendMicro 20180919
TrendMicro-HouseCall 20180919
Trustlook 20180919
VIPRE 20180919
ViRobot 20180919
Webroot 20180919
Yandex 20180919
Zillya 20180919
Zoner 20180919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 22:29:31
Entry Point 0x0000103C
Number of sections 5
PE sections
Overlays
MD5 a98d94ca61239f68bb6a7de5898bf1c0
File type ASCII text
Offset 22016
Size 67983
Entropy 3.31
PE imports
RegSetValueExW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
GetLastError
GetStartupInfoA
CopyFileW
CreateThread
GetModuleHandleA
GetModuleFileNameW
CreateMutexA
CreateProcessW
ExitProcess
GetTickCount
ExpandEnvironmentStringsW
SetFileAttributesW
CreateDirectoryW
DeleteFileW
ExitThread
Sleep
_except_handler3
__p__fmode
memset
strstr
rand
_acmdln
_exit
__p__commode
__setusermatherr
_snwprintf
sprintf
exit
_XcptFilter
sscanf
__getmainargs
_initterm
_controlfp
srand
_adjust_fdiv
strncpy
__set_app_type
SHGetFolderPathW
ShellExecuteW
PathFileExistsW
socket
recv
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
connect
shutdown
htons
closesocket
select
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:20 00:29:31+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11776

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x103c

InitializedDataSize
9216

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 548339212039a73f848d82353694247e
SHA1 754ebe6ee985486e617610a65207ec636e5978f2
SHA256 d2576992de5c7d853c5f695c00bece99e913d253cd84ebec0f858903aa088972
ssdeep
384:f3Ut2b2j3nxzmssy4T3xo3Pr2XO79mCQ1GM9Nf:stsK3nksD+hAr2XO78rrLf

authentihash 9263aff8b5980992caf0639b97bd498bdc20b2e9a641eb71f93a51ceb15eeafe
imphash 561c114f424cb6e520fb39cc18f62f75
File size 87.9 KB ( 89999 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-19 22:39:22 UTC ( 6 months ago )
Last submission 2018-10-27 18:04:46 UTC ( 4 months, 3 weeks ago )
File names 548339212039a73f848d82353694247e
winsupd32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs