× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e177c813a01c1d6bdeede2438c61e643cc1a690ed6ddad028044eff7ba0546f3
File name: ZsP6hOoMfJ.exe
Detection ratio: 47 / 69
Analysis date: 2018-12-06 07:30:46 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.31391967 20181206
AegisLab Trojan.Win32.Emotet.4!c 20181206
AhnLab-V3 Trojan/Win32.Emotet.C2877942 20181206
ALYac Trojan.Autoruns.GenericKD.31391967 20181206
Arcabit Trojan.Autoruns.Generic.D1DF00DF 20181206
Avast Win32:MalwareX-gen [Trj] 20181206
AVG Win32:MalwareX-gen [Trj] 20181206
Avira (no cloud) TR/AD.Emotet.uxivm 20181206
BitDefender Trojan.Autoruns.GenericKD.31391967 20181206
Comodo Malware@#1p5zu0xm0a2vy 20181206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.213d1c 20180225
Cylance Unsafe 20181206
Cyren W32/Trojan.OSRI-6621 20181206
Emsisoft Trojan.Autoruns.GenericKD.31391967 (B) 20181206
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNJT 20181206
F-Prot W32/Emotet.KG.gen!Eldorado 20181206
F-Secure Trojan.Autoruns.GenericKD.31391967 20181206
Fortinet W32/GenKryptik.CSUV!tr 20181206
GData Trojan.Autoruns.GenericKD.31391967 20181206
Ikarus Trojan-Banker.Emotet 20181205
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542c7f1 ) 20181205
K7GW Trojan ( 00542c7f1 ) 20181205
Kaspersky Trojan-Banker.Win32.Emotet.btda 20181206
Malwarebytes Trojan.Emotet 20181206
MAX malware (ai score=100) 20181206
McAfee Emotet-FID!DC41A76213D1 20181206
McAfee-GW-Edition BehavesLike.Win32.Emotet.gt 20181206
Microsoft Trojan:Win32/Emotet.BT 20181205
eScan Trojan.Autoruns.GenericKD.31391967 20181206
NANO-Antivirus Trojan.Win32.Emotet.fktzrz 20181206
Palo Alto Networks (Known Signatures) generic.ml 20181206
Panda Trj/GdSda.A 20181205
Qihoo-360 Win32/Trojan.c84 20181206
Rising Trojan.Emotet!8.B95 (CLOUD) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181206
Symantec Trojan.Emotet 20181206
Tencent Win32.Trojan-banker.Emotet.Wsjp 20181206
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TSPY_EMOTET.THABOCAH 20181206
TrendMicro-HouseCall TSPY_EMOTET.THABOCAH 20181206
VBA32 BScope.TrojanBanker.Emotet 20181205
Webroot W32.Trojan.Emotet 20181206
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.btda 20181206
Alibaba 20180921
Antiy-AVL 20181205
Avast-Mobile 20181205
Babable 20180918
Baidu 20181205
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181206
CMC 20181205
DrWeb 20181206
eGambit 20181206
Jiangmin 20181206
Kingsoft 20181206
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
TheHacker 20181202
TotalDefense 20181206
Trustlook 20181206
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Micro
Internal name wups.
File version 7.6.7601.1
Description Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-02 05:56:24
Entry Point 0x000022C0
Number of sections 4
PE sections
PE imports
InitiateSystemShutdownA
ReportEventA
CryptAcquireContextA
AuthzInitializeContextFromToken
AnimatePalette
GetModuleHandleA
Sleep
IsDBCSLeadByteEx
GetSystemDirectoryW
GetNamedPipeClientComputerNameA
DsQuoteRdnValueW
RpcBindingSetAuthInfoW
RpcServerYield
RpcBindingSetAuthInfoExA
SetupDiOpenDeviceInterfaceW
PathRemoveFileSpecA
GetMenuItemRect
DefRawInputProc
PackDDElParam
CreateIconFromResource
GetFileVersionInfoW
midiInReset
Ord(30)
Ord(29)
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:01 21:56:24-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x22c0

InitializedDataSize
483328

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 dc41a76213d1c75540531b9cd248b153
SHA1 cf1419ee079391c17d83ef5ca7ec8b6a61ff791b
SHA256 e177c813a01c1d6bdeede2438c61e643cc1a690ed6ddad028044eff7ba0546f3
ssdeep
1536:P1v0rRX5PgHMu/rJZ2XV9h3+1aPcdqrMO7DFzvlQGHTZV1jcxwAbcRvNPZ+xgp0a:tERXLsj2lK1KbFRZVqVbKPMfKBToQ

authentihash 99fd2ce700cdf6d817c6adbfd37c97c3e714b0115c16eb4b185712c3cd068bb4
imphash 8224e9642807ee7d813afc8e8a7ed6c1
File size 488.0 KB ( 499712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-02 06:01:00 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-02 06:01:00 UTC ( 2 months, 3 weeks ago )
File names ZsP6hOoMfJ.exe
wups.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!