× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc305c7984be9923412937a4eb9e48528407759ce3edbf3132d62de2b91cf4b9
File name: M(4).exe
Detection ratio: 15 / 64
Analysis date: 2018-05-30 11:17:19 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20180530
DrWeb Trojan.EmotetENT.222 20180530
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHER 20180530
Sophos ML heuristic 20180503
K7AntiVirus Spyware ( 004c76c01 ) 20180530
K7GW Spyware ( 004c76c01 ) 20180530
Kaspersky UDS:DangerousObject.Multi.Generic 20180530
Microsoft Trojan:Win32/Fuerboos.A!cl 20180530
Qihoo-360 HEUR/QVM20.1.81ED.Malware.Gen 20180530
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180530
VBA32 BScope.Trojan.Emotet 20180529
Webroot W32.Trojan.Gen 20180530
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180530
Ad-Aware 20180530
AegisLab 20180530
AhnLab-V3 20180530
Alibaba 20180530
ALYac 20180530
Antiy-AVL 20180530
Arcabit 20180530
Avast 20180530
Avast-Mobile 20180530
AVG 20180530
Avira (no cloud) 20180530
AVware 20180530
Babable 20180406
Baidu 20180530
BitDefender 20180530
Bkav 20180530
CAT-QuickHeal 20180530
ClamAV 20180530
CMC 20180529
Comodo 20180530
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180530
eGambit 20180530
Emsisoft 20180530
F-Prot 20180530
F-Secure 20180530
Fortinet 20180530
GData 20180530
Jiangmin 20180530
Kingsoft 20180530
Malwarebytes 20180530
MAX 20180530
McAfee 20180530
McAfee-GW-Edition 20180530
eScan 20180530
NANO-Antivirus 20180530
nProtect 20180530
Palo Alto Networks (Known Signatures) 20180530
Panda 20180529
Rising 20180530
Sophos AV 20180530
SUPERAntiSpyware 20180530
Symantec Mobile Insight 20180525
Tencent 20180530
TheHacker 20180524
TrendMicro 20180530
TrendMicro-HouseCall 20180530
Trustlook 20180530
VIPRE 20180530
ViRobot 20180530
Yandex 20180529
Zillya 20180530
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2015
Original name MFC140DEU.DLL
Internal name MFC140DEU.DLL
File version 14.0.23026.0 built by: WCSETUP
Description MFC Language Specific Resources
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00028AFB
Number of sections 5
PE sections
Overlays
MD5 af69d18216daba4f18b95c66f043ffea
File type data
Offset 200704
Size 1074
Entropy 2.82
PE imports
CreateWaitableTimerW
GetCurrentProcess
ApplicationRecoveryFinished
GetNumberFormatA
GetConsoleCP
ClearCommBreak
FlsGetValue
FreeConsole
FlsFree
SetDynamicTimeZoneInformation
FindFirstVolumeW
LZSeek
VarCyFix
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
StrCpyNW
SHSetValueW
SHCopyKeyW
GetSysColor
GetAncestor
GetUpdatedClipboardFormats
SetScrollInfo
waveOutGetErrorTextW
GetPrinterDataExW
SCardForgetCardTypeW
SCardDisconnect
tolower
toupper
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
GERMAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2015

FileVersionNumber
14.0.23026.0

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
MFC Language Specific Resources

CharacterSet
Unicode

LinkerVersion
12.165

FileTypeExtension
exe

OriginalFileName
MFC140DEU.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
14.0.23026.0 built by: WCSETUP

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MFC140DEU.DLL

ProductVersion
14.0.23026.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
14.0.23026.0

EntryPoint
0x28afb

ObjectFileType
Dynamic link library

File identification
MD5 5fcc93d51549581c5e5bce308951cd30
SHA1 1902fc993c0d9f2434a92d942a231bbc01e98ca4
SHA256 dc305c7984be9923412937a4eb9e48528407759ce3edbf3132d62de2b91cf4b9
ssdeep
3072:0OojwD/upajdzH8IcbhROdWFsgoMM7yQ3FsN:n3NcIuOusgoMM7a

authentihash cc03e06184683f3ec5636fac6f95373ebb5971f4c16ed44aa4a8a197a07bd102
imphash 9607537a73bad38078b4058ba85d99ea
File size 197.0 KB ( 201778 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-05-30 11:17:19 UTC ( 8 months, 3 weeks ago )
Last submission 2018-06-18 11:22:36 UTC ( 8 months ago )
File names M(4).exe
5fcc93d51549581c5e5bce308951cd30.virobj
MFC140DEU.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!