× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da7afe8669ad1fda5a41a28c1c1dedecc9159f83da91c2dbba1b9c5ebe7d6c87
File name: .
Detection ratio: 48 / 68
Analysis date: 2018-09-03 00:03:09 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40370027 20180902
AhnLab-V3 Trojan/Win32.Emotet.R233552 20180902
ALYac Trojan.Agent.Emotet 20180902
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180903
Arcabit Trojan.Generic.D267FF6B 20180902
Avast Win32:BankerX-gen [Trj] 20180902
AVG Win32:BankerX-gen [Trj] 20180902
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20180830
BitDefender Trojan.GenericKD.40370027 20180902
Bkav HW32.Packed. 20180831
CAT-QuickHeal Trojan.IGENERIC 20180902
ClamAV Win.Trojan.Agent-6637392-0 20180902
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.96d9ce 20180225
Cylance Unsafe 20180903
Cyren W32/Trojan.KYWR-0029 20180902
DrWeb Trojan.EmotetENT.260 20180902
Emsisoft Trojan.GenericKD.40370027 (B) 20180902
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJQT 20180902
F-Secure Trojan.GenericKD.40370027 20180902
Fortinet W32/GenKryptik.CHFZ!tr 20180902
GData Trojan.GenericKD.40370027 20180902
Ikarus Trojan.Win32.Krypt 20180902
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20180902
K7GW Riskware ( 0040eff71 ) 20180902
Kaspersky Trojan-Banker.Win32.Emotet.bafu 20180902
Malwarebytes Spyware.Emotet.Generic 20180902
MAX malware (ai score=100) 20180903
McAfee Generic.dwx 20180902
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180902
Microsoft Trojan:Win32/Emotet.AC!bit 20180903
eScan Trojan.GenericKD.40370027 20180902
Palo Alto Networks (Known Signatures) generic.ml 20180903
Panda Trj/Genetic.gen 20180902
Qihoo-360 Win32/Trojan.c84 20180903
Rising Trojan.Emotet!8.B95 (CLOUD) 20180902
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180902
Symantec Packed.Generic.517 20180902
Tencent Win32.Trojan-banker.Emotet.Eang 20180903
TrendMicro TROJ_GEN.R002C0DH718 20180902
TrendMicro-HouseCall TSPY_EMOTET.SMAL8A 20180903
VBA32 BScope.TrojanBanker.Emotet 20180831
Webroot W32.Trojan.Emotet 20180903
Zillya Trojan.GenericKD.Win32.140987 20180831
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bafu 20180902
AegisLab 20180902
Alibaba 20180713
Avast-Mobile 20180902
Avira (no cloud) 20180902
AVware 20180823
Babable 20180902
CMC 20180902
Comodo 20180902
eGambit 20180903
F-Prot 20180902
Jiangmin 20180902
Kingsoft 20180903
NANO-Antivirus 20180902
SUPERAntiSpyware 20180902
Symantec Mobile Insight 20180831
TACHYON 20180902
TheHacker 20180902
TotalDefense 20180902
Trustlook 20180903
VIPRE 20180902
ViRobot 20180902
Yandex 20180831
Zoner 20180903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name UXINIT.DLL
Internal name UXINIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows User Experience Session Initialization Dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001C3AC
Number of sections 6
PE sections
PE imports
CreateTimerQueue
lstrlenA
GetModuleHandleA
FlsFree
FlsGetValue
RasSetAutodialParamA
RpcBindingFromStringBindingA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows User Experience Session Initialization Dll

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
8704

EntryPoint
0x1c3ac

OriginalFileName
UXINIT.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:02:22 19:20:06-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
UXINIT

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
115712

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 80d8e04dce81d6091ef007573aa279f0
SHA1 1038bd296d9ce4fe14fc5ffff6482d31c733ebcd
SHA256 da7afe8669ad1fda5a41a28c1c1dedecc9159f83da91c2dbba1b9c5ebe7d6c87
ssdeep
3072:/qgwu0Fsk9Q/C6gQi5xnXqS9f3woG8n1msLDE:/qgwZFI6+iOmhG8lI

authentihash a79807dbc58dfec1a2d414c34a19739e13b2ba4a5e7c0711e6a04b2343947970
imphash 6150bf11f68189746c8aec1b45341163
File size 118.0 KB ( 120832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-05 12:54:00 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-05 17:10:22 UTC ( 6 months, 2 weeks ago )
File names UXINIT.DLL
3xIDZ3ERVtzevnR9.exe
.
UXINIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!