× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1d04becf743f654ab81930e6c4408d103170bd340a04621e5a140e5bf2796a3
File name: 0b9fnC7gYQ0LjImQJ1e.exe
Detection ratio: 18 / 69
Analysis date: 2018-09-25 12:40:05 UTC ( 4 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180925
AVG FileRepMalware 20180925
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180925
Endgame malicious (high confidence) 20180730
Ikarus Win32.Outbreak 20180925
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180925
Malwarebytes Trojan.Emotet 20180925
McAfee Emotet-FJG!B8F4663C1294 20180925
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180925
Microsoft Trojan:Win32/Emotet.AC!bit 20180925
Palo Alto Networks (Known Signatures) generic.ml 20180925
Qihoo-360 HEUR/QVM20.1.196B.Malware.Gen 20180925
Rising Malware.Heuristic!ET#85% (RDM+:cmRtazr7r8RACoHE+/GYDIws/gQa) 20180925
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180925
Webroot W32.Trojan.Emotet 20180925
Ad-Aware 20180925
AegisLab 20180925
AhnLab-V3 20180925
Alibaba 20180921
ALYac 20180925
Antiy-AVL 20180925
Arcabit 20180925
Avast-Mobile 20180925
Avira (no cloud) 20180925
AVware 20180925
Babable 20180918
Baidu 20180925
BitDefender 20180925
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180924
CMC 20180925
Comodo 20180925
Cybereason 20180225
Cyren 20180925
DrWeb 20180925
eGambit 20180925
Emsisoft 20180925
ESET-NOD32 20180925
F-Prot 20180925
F-Secure 20180925
Fortinet 20180925
GData 20180925
Jiangmin 20180925
K7AntiVirus 20180925
K7GW 20180925
Kingsoft 20180925
MAX 20180925
eScan 20180925
NANO-Antivirus 20180925
Panda 20180925
Sophos AV 20180925
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180925
Tencent 20180925
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180925
TrendMicro-HouseCall 20180925
Trustlook 20180925
VBA32 20180925
VIPRE 20180925
ViRobot 20180925
Yandex 20180924
Zillya 20180924
ZoneAlarm by Check Point 20180925
Zoner 20180924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name uconv
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-25 09:16:18
Entry Point 0x00004920
Number of sections 5
PE sections
PE imports
EnumServicesStatusExW
InitiateSystemShutdownA
LookupAccountSidW
GetTextCharset
GetUserDefaultUILanguage
FormatMessageW
FindResourceExA
LocalLock
GetBinaryTypeW
GetFileSize
DeleteVolumeMountPointW
FindFirstVolumeMountPointW
GetLargestConsoleWindowSize
LocalHandle
lstrcmpW
GetCommConfig
IsThreadAFiber
FreeContextBuffer
GetClipboardViewer
GetLastInputInfo
GetKeyboardLayoutList
GetMenuBarInfo
DrawTextExA
IsCharLowerW
GetTabbedTextExtentW
DeletePrinterDriverExW
SCardGetProviderIdA
fwprintf
ungetwc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
159744

UninitializedDataSize
0

LinkerVersion
16.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x4920

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2018:09:25 10:16:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uconv

ProductVersion
Personal

SubsystemVersion
4.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b8f4663c1294c9bc55e8f45c04895238
SHA1 a4cf157a4d3e97584ff3feac50a9f5c7a986d502
SHA256 e1d04becf743f654ab81930e6c4408d103170bd340a04621e5a140e5bf2796a3
ssdeep
3072:ojewZJkJLjF+c7l6KYW+aTl/7vPtdG12JxI9N7qHkhjAMnKk2:oywxcaWnJ7HtM2o9N2khXKk

authentihash 557583aa30ebc7e3c1fcfb0bf5fbfb522b64a7bc9b5193b9a09f73dd048f678f
imphash 81cbab9803b56afe5b101fe6332b4c2b
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-25 09:20:10 UTC ( 4 months ago )
Last submission 2018-11-16 18:39:54 UTC ( 2 months, 1 week ago )
File names 8848446.exe
0b9fnC7gYQ0LjImQJ1e.exe
FV3IOD9M.EXE
uconv
6506.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!