× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d96881ea0758d50e53417a59f79792eb1d787ce9812c6d4ed25f71c0d3c82cfc
File name: wmn36.exe
Detection ratio: 11 / 70
Analysis date: 2019-01-17 08:57:47 UTC ( 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
Cylance Unsafe 20190117
Endgame malicious (high confidence) 20181108
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dh 20190117
Microsoft Trojan:Win32/Fuerboos.C!cl 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Rising Malware.Heuristic.MLite(100%) (AI-LITE:pfYv4CcbdFS82mrAcDcPRg) 20190117
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.moderate.ml.score 20190103
VBA32 BScope.Trojan.Fuery 20190116
Webroot W32.Adware.Installcore 20190117
Acronis 20190117
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190116
Arcabit 20190117
Avast 20190117
Avast-Mobile 20190117
AVG 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190117
CMC 20190116
Comodo 20190117
Cybereason 20190109
Cyren 20190117
DrWeb 20190117
eGambit 20190117
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190116
Sophos ML 20181128
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190117
Malwarebytes 20190117
MAX 20190117
McAfee 20190117
eScan 20190117
NANO-Antivirus 20190117
Panda 20190116
Qihoo-360 20190117
SentinelOne (Static ML) 20181223
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VIPRE 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190116
ZoneAlarm by Check Point 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-21 04:56:36
Entry Point 0x00005072
Number of sections 5
PE sections
PE imports
LocalCompact
GetLastError
IsValidCodePage
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalGetAtomNameW
GetOEMCP
LCMapStringA
GlobalFindAtomA
IsDebuggerPresent
SetProcessShutdownParameters
SetFileApisToANSI
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
VirtualFree
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetCPInfoExW
GetLocaleInfoA
SetConsoleCtrlHandler
LocalAlloc
GetUserDefaultLCID
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
AddAtomW
HeapSize
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
LocalFree
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
RemoveVectoredExceptionHandler
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_STRING 15
RT_ICON 14
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
226816

EntryPoint
0x5072

MIMEType
application/octet-stream

FileVersion
3.2.4.84

TimeStamp
2018:06:21 05:56:36+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.4.84

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65536

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 4467d13fc43281c1767307860a9f7c17
SHA1 eb484be6afcf25c8b684df2935f0ec44e73b372c
SHA256 d96881ea0758d50e53417a59f79792eb1d787ce9812c6d4ed25f71c0d3c82cfc
ssdeep
3072:SSpzMyLajs/Jn5G+KKTpGHBTfFhTWkCvaTdmGlpbZSzDnL7hOtbj:Sk1LaoatKNIdfJC6BtZtb

authentihash e7fa4922f5e96da8a3278808efd016fee14917a1e6610542bac052deaabdc9db
imphash 0689955a8cd164ad3641a593f92dbdec
File size 283.0 KB ( 289792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-17 08:57:47 UTC ( 2 months ago )
Last submission 2019-01-17 08:57:47 UTC ( 2 months ago )
File names mcdonalds.exe
wmn36.exe
tempwmn36.exe
windrvmgr.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections