× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da340610050a4bd1fd57c580cc119ff8676ffac922306ee8807a98fd272e4021
File name: Wtc.exe
Detection ratio: 15 / 68
Analysis date: 2018-11-16 11:49:14 UTC ( 6 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181116
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.9fdd86 20180225
Cylance Unsafe 20181116
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EBRT 20181116
Kaspersky UDS:DangerousObject.Multi.Generic 20181116
Microsoft TrojanSpy:Win32/Ursnif 20181116
Palo Alto Networks (Known Signatures) generic.ml 20181116
Qihoo-360 HEUR/QVM11.1.3E4C.Malware.Gen 20181116
Rising Malware.Ursnif!8.E941 (TFE:dGZlOgX3G6Ws6jZYFg) 20181116
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181116
Webroot W32.Malware.gen 20181116
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181116
Ad-Aware 20181116
AegisLab 20181116
AhnLab-V3 20181115
Alibaba 20180921
ALYac 20181116
Antiy-AVL 20181116
Arcabit 20181116
Avast 20181116
Avast-Mobile 20181116
Avira (no cloud) 20181116
Babable 20180918
Baidu 20181116
BitDefender 20181116
Bkav 20181116
CAT-QuickHeal 20181115
ClamAV 20181116
CMC 20181116
Cyren 20181116
DrWeb 20181116
eGambit 20181116
Emsisoft 20181116
F-Prot 20181116
F-Secure 20181116
Fortinet 20181116
GData 20181116
Ikarus 20181116
Sophos ML 20181108
Jiangmin 20181116
K7AntiVirus 20181116
K7GW 20181116
Kingsoft 20181116
Malwarebytes 20181116
MAX 20181116
McAfee 20181116
McAfee-GW-Edition 20181116
eScan 20181116
NANO-Antivirus 20181116
Panda 20181115
Sophos AV 20181116
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181116
Tencent 20181116
TheHacker 20181113
TotalDefense 20181116
TrendMicro 20181116
TrendMicro-HouseCall 20181116
Trustlook 20181116
VBA32 20181116
VIPRE 20181116
ViRobot 20181116
Yandex 20181115
Zillya 20181115
Zoner 20181116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-11 13:04:17
Entry Point 0x00056CD0
Number of sections 3
PE sections
Overlays
MD5 9a0b48ce28c53fd715085658f2a08659
File type data
Offset 71168
Size 138760
Entropy 7.20
PE imports
RevertToSelf
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetMessageW
CoMarshalInterface
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:11 05:04:17-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x56cd0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
249856

File identification
MD5 6140aa8d1529819350edd4da93d437b8
SHA1 01c0bcf9fdd8609585b826509f701bb47667b5a1
SHA256 da340610050a4bd1fd57c580cc119ff8676ffac922306ee8807a98fd272e4021
ssdeep
6144:Zes3HF+LGH2r/LHiSP2Re8J2ysPW9tDfiSP2Re8J2m:Ms3QiY2krktGkK

authentihash fdd429c9cbdf8b31a555e3afe53c3abd8cc3b7ba64b34550d3f1f3a7fb6515ce
imphash 0f42ce76612d1f279ffec4e894d29200
File size 205.0 KB ( 209928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-11-16 10:50:53 UTC ( 6 months ago )
Last submission 2018-11-16 11:49:14 UTC ( 6 months ago )
File names marb4.wos
Wtc.exe
marb2.wos
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs