× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4b5c57ac040c6b320d501a3bf88b6ed357431e5806a7631224e780d947342a0
File name: {D5F0F819-4F27-E9CC-C761-853C608A2403}.exe
Detection ratio: 22 / 57
Analysis date: 2015-04-15 02:35:08 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2296576 20150415
Avast Win32:Malware-gen 20150415
AVG Atros.RHQ 20150415
Avira (no cloud) TR/Emotet.186621 20150415
BitDefender Trojan.GenericKD.2296576 20150415
ByteHero Virus.Win32.Heur.p 20150415
CMC Heur.Win32.VBKrypt.3!O 20150413
Emsisoft Trojan.GenericKD.2296576 (B) 20150415
ESET-NOD32 Win32/Emotet.AD 20150415
GData Trojan.GenericKD.2296576 20150415
Ikarus Trojan.Win32.Emotet 20150415
Kaspersky Trojan-Ransom.Win32.Blocker.gxyn 20150415
Malwarebytes Trojan.Ransom.RV 20150415
McAfee Artemis!0D18BCB427D7 20150415
Microsoft Trojan:Win32/Emotet.G 20150414
eScan Trojan.GenericKD.2296576 20150415
Panda Trj/Chgt.O 20150414
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150415
Sophos AV Mal/Generic-S 20150415
Symantec Trojan.Zbot 20150415
Tencent Trojan.Win32.Qudamah.Gen.17 20150415
TrendMicro-HouseCall Suspicious_GEN.F47V0414 20150415
AegisLab 20150415
Yandex 20150414
AhnLab-V3 20150414
Alibaba 20150415
ALYac 20150415
Antiy-AVL 20150414
AVware 20150415
Baidu-International 20150414
Bkav 20150414
CAT-QuickHeal 20150415
ClamAV 20150415
Comodo 20150415
Cyren 20150415
DrWeb 20150415
F-Prot 20150415
F-Secure 20150415
Fortinet 20150415
Jiangmin 20150414
K7AntiVirus 20150414
K7GW 20150414
Kingsoft 20150415
McAfee-GW-Edition 20150414
NANO-Antivirus 20150415
Norman 20150414
nProtect 20150414
Rising 20150414
SUPERAntiSpyware 20150415
TheHacker 20150414
TotalDefense 20150414
TrendMicro 20150415
VBA32 20150414
VIPRE 20150415
ViRobot 20150414
Zillya 20150414
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
REW is room acoustics analysis software for measuring

Product REW is room acoustics analysis software for measuring
Original name TextConv.exe
Internal name TextConv
File version 1.00.0027
Description REW is room acoustics analysis software for measuring
Comments REW is room acoustics analysis software for measuring
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-13 17:30:08
Entry Point 0x0000110C
Number of sections 3
PE sections
Overlays
MD5 2f9d7723d2f16da9f2764216598e2034
File type data
Offset 135168
Size 51453
Entropy 7.95
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(516)
Ord(685)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(608)
Ord(570)
Ord(571)
ProcCallEngine
Ord(711)
EVENT_SINK_Release
Ord(595)
Ord(593)
Ord(306)
Ord(631)
Ord(563)
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
CEROL 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
THAI DEFAULT 2
PE resources
ExifTool file metadata
LegalTrademarks
REW is room acoustics analysis software for measuring

SubsystemVersion
4.0

Comments
REW is room acoustics analysis software for measuring

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.27

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
REW is room acoustics analysis software for measuring

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x110c

OriginalFileName
TextConv.exe

MIMEType
application/octet-stream

LegalCopyright
REW is room acoustics analysis software for measuring

FileVersion
1.00.0027

TimeStamp
2015:04:13 18:30:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TextConv

ProductVersion
1.00.0027

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
REW is room acoustics analysis software for measuring

CodeSize
90112

ProductName
REW is room acoustics analysis software for measuring

ProductVersionNumber
1.0.0.27

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0d18bcb427d7ef0c7b6a0218c3afb02b
SHA1 2172e26836d529442f79a0349c2a15d1c6a3b414
SHA256 e4b5c57ac040c6b320d501a3bf88b6ed357431e5806a7631224e780d947342a0
ssdeep
3072:SOQhZOOQhZOOQhZ+TlpXAq0OQhZOOQhZOOQhZe7+mKQDtouWI:1n+mroRI

authentihash 807ef40358b5bdf459c18ded533ccabb661c6771b901e83ecd1d19e186213be8
imphash 765a776d6496da100cc1c74c8460b38a
File size 182.2 KB ( 186621 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-04-14 13:41:14 UTC ( 4 years, 1 month ago )
Last submission 2015-04-14 18:55:32 UTC ( 4 years, 1 month ago )
File names TextConv.exe
TextConv
{D5F0F819-4F27-E9CC-C761-853C608A2403}.exe
E.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!