× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e55d66b75d125929e768fe381e26aec575b5aaaa2dcbb56b027c34769128df67
File name: stgZN7FXXMmg4i6.exe
Detection ratio: 16 / 67
Analysis date: 2018-06-19 05:25:02 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180619
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
Comodo TrojWare.Win32.Dovs.MO 20180619
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180619
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHXB 20180619
Fortinet W32/Kryptik.FVEZ!tr 20180619
Ikarus Trojan-Banker.Emotet 20180618
McAfee Emotet-FGR!09E177D90BCD 20180619
Microsoft Trojan:Win32/Cloxer.D!cl 20180619
Palo Alto Networks (Known Signatures) generic.ml 20180619
Qihoo-360 HEUR/QVM20.1.F11F.Malware.Gen 20180619
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180619
Webroot W32.Trojan.Emotet 20180619
Ad-Aware 20180619
AegisLab 20180619
AhnLab-V3 20180619
Alibaba 20180615
ALYac 20180619
Antiy-AVL 20180619
Arcabit 20180619
Avast 20180619
Avast-Mobile 20180619
AVware 20180618
Babable 20180406
BitDefender 20180619
Bkav 20180619
CAT-QuickHeal 20180619
ClamAV 20180619
CMC 20180619
Cybereason 20180225
Cyren 20180619
DrWeb 20180619
eGambit 20180619
Emsisoft 20180619
F-Prot 20180619
F-Secure 20180619
GData 20180619
Sophos ML 20180601
Jiangmin 20180619
K7AntiVirus 20180618
K7GW 20180619
Kaspersky 20180619
Kingsoft 20180619
Malwarebytes 20180619
MAX 20180619
McAfee-GW-Edition 20180619
eScan 20180619
NANO-Antivirus 20180619
Panda 20180618
Rising 20180619
Sophos AV 20180619
SUPERAntiSpyware 20180618
Symantec Mobile Insight 20180619
TACHYON 20180619
Tencent 20180619
TheHacker 20180613
TotalDefense 20180619
TrendMicro 20180619
TrendMicro-HouseCall 20180619
Trustlook 20180619
VBA32 20180618
VIPRE 20180619
ViRobot 20180618
Yandex 20180618
Zillya 20180618
ZoneAlarm by Check Point 20180619
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-19 12:14:13
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
EnumServicesStatusExW
EnumServicesStatusW
RegCloseKey
LookupPrivilegeNameA
GetCharWidthA
GetDIBits
GetTextExtentExPointI
GetAtomNameA
FindFirstChangeNotificationA
lstrcpynA
GetCurrencyFormatW
GetPrivateProfileSectionA
lstrcmpW
FlsFree
GetModuleFileNameA
GetBinaryTypeA
LZSeek
GetErrorInfo
InitializeSecurityContextW
DecryptMessage
wsprintfA
GetDlgCtrlID
GetMessagePos
GetClipCursor
GetInputState
LoadMenuA
GetDialogBaseUnits
GetMessageExtraInfo
LookupIconIdFromDirectoryEx
GetMenuContextHelpId
GetClassLongA
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
230400

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:19 14:14:13+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
99328

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 09e177d90bcd469020bf124edbdad0c3
SHA1 238b0870fe8aa1f3eac106ae62ce402623ec6885
SHA256 e55d66b75d125929e768fe381e26aec575b5aaaa2dcbb56b027c34769128df67
ssdeep
1536:M1SQ8vos+sxifffffffffffffffffffffffffffffffffffffffffffffffffZf7:M1Sgs+bmDMq+3TSs72P0dbMc7TXC

authentihash 22f29fa0d09c2570f3c08041c56648dd5f1e596229de030cf5f13522b7bfc5b6
imphash 89563dd186225945bfa0cf64789fd88a
File size 318.5 KB ( 326144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 05:25:02 UTC ( 8 months, 1 week ago )
Last submission 2018-09-10 07:05:18 UTC ( 5 months, 2 weeks ago )
File names 1429293936.exe
784653349771.exe
85349573.exe
865204373804.exe
98959357.exe
99284663488.exe
14897781.exe
95617298.exe
stgZN7FXXMmg4i6.exe
62330920.exe
585109811201.exe
17264072246.exe
0253203072.exe
670792187.exe
459393036670.exe
fonduewscapi.exe
048442032672.exe
16789053.exe
707361534324.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!