× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db04c89d578d8796007591e2f9c5c0b306fdbf13351232bad8c9fa2acd08e050
File name: Vu0z5x.exe
Detection ratio: 38 / 67
Analysis date: 2018-11-10 22:09:38 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741308 20181110
AegisLab Trojan.Win32.Generic.4!c 20181110
ALYac Trojan.GenericKD.40741308 20181110
Arcabit Trojan.Generic.D26DA9BC 20181110
Avast Win32:BankerX-gen [Trj] 20181110
AVG Win32:BankerX-gen [Trj] 20181110
Avira (no cloud) HEUR/AGEN.1018103 20181110
BitDefender Trojan.GenericKD.40741308 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.61e3e9 20180225
Cylance Unsafe 20181110
Cyren W32/Trojan.DPXB-2211 20181110
Emsisoft Trojan.GenericKD.40741308 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQNZ 20181110
F-Secure Trojan.GenericKD.40741308 20181110
Fortinet W32/Generic!tr 20181110
GData Trojan.GenericKD.40741308 20181110
Sophos ML heuristic 20181108
K7AntiVirus Riskware ( 0040eff71 ) 20181110
Kaspersky HEUR:Trojan.Win32.Generic 20181110
Malwarebytes Trojan.Emotet 20181110
McAfee RDN/Generic.grp 20181110
McAfee-GW-Edition BehavesLike.Win32.Emotet.ft 20181110
Microsoft Trojan:Win32/Emotet.AC!bit 20181110
eScan Trojan.GenericKD.40741308 20181110
Palo Alto Networks (Known Signatures) generic.ml 20181110
Panda Trj/CI.A 20181110
Qihoo-360 HEUR/QVM20.1.16F2.Malware.Gen 20181110
Rising Trojan.Fuery!8.EAFB (CLOUD) 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181110
Symantec Trojan.Gen.2 20181110
TrendMicro TROJ_GEN.USK918 20181110
TrendMicro-HouseCall TROJ_GEN.USK918 20181110
ViRobot Trojan.Win32.Z.Agent.366080.EY 20181110
Webroot W32.Trojan.Emotet 20181110
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181110
AhnLab-V3 20181110
Alibaba 20180921
Antiy-AVL 20181110
Avast-Mobile 20181110
Babable 20180918
Baidu 20181109
Bkav 20181110
CAT-QuickHeal 20181108
ClamAV 20181110
CMC 20181110
DrWeb 20181110
F-Prot 20181110
Ikarus 20181110
Jiangmin 20181110
K7GW 20181109
Kingsoft 20181110
MAX 20181110
NANO-Antivirus 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181110
Trustlook 20181110
VBA32 20181109
VIPRE 20181110
Yandex 20181109
Zillya 20181109
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wcp.dll
Internal name WCPDll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Componentization Platform Servicing API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-09 12:02:58
Entry Point 0x00001EB8
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
SetTextJustification
GetStockObject
EndPath
GetModuleHandleA
lstrcpynW
GetTimeFormatW
GetLongPathNameA
GetTimeZoneInformation
IsDialogMessageA
FindFirstUrlCacheGroup
GetColorProfileHeader
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294963199

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Componentization Platform Servicing API

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
365056

EntryPoint
0x1eb8

OriginalFileName
wcp.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:11:09 13:02:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WCPDll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
8704

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3b9289661e3e928b05ebca80d42035ff
SHA1 d511736818a9a01fc6e3764170813a79e63db92b
SHA256 db04c89d578d8796007591e2f9c5c0b306fdbf13351232bad8c9fa2acd08e050
ssdeep
3072:8rkQ9HXOdT8QgUC4Z3BAw5M/0tnv2nYyjLf8OGgrgvvaQOnoWar:8rk2OlNC4Z3BAf/0Z2nYywgrgvCi

authentihash 3aeddb9a58ff2becdeda8841d6839358cde0e6d8cdd666b490efc68776addb1b
imphash b5f18f0aa4d5c67de7de5e2bf1280ec3
File size 357.5 KB ( 366080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 12:04:21 UTC ( 3 months, 1 week ago )
Last submission 2018-11-09 12:04:21 UTC ( 3 months, 1 week ago )
File names m3Hux3J8T6.exe
wcp.dll
WCPDll
Vu0z5x.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!