× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5e3ec6c1aef778b3783e7699d45adc53268aee9f0523dc06e3be8866d13fc71
File name: 6YNzfj.exe
Detection ratio: 44 / 67
Analysis date: 2018-11-20 07:03:56 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31321760 20181120
AhnLab-V3 Malware/RL.Generic.R241823 20181120
ALYac Trojan.GenericKD.31321760 20181120
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181120
Arcabit Trojan.Generic.D1DDEEA0 20181120
Avast Win32:BankerX-gen [Trj] 20181120
AVG Win32:BankerX-gen [Trj] 20181120
Avira (no cloud) TR/AD.Emotet.lhumj 20181120
BitDefender Trojan.GenericKD.31321760 20181120
CAT-QuickHeal Trojan.Emotet.X4 20181120
ClamAV Win.Trojan.Emotet-6707392-0 20181119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181120
Cyren W32/Trojan.VRPG-0572 20181120
Emsisoft Trojan.GenericKD.31321760 (B) 20181120
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMBF 20181120
F-Secure Trojan.GenericKD.31321760 20181120
Fortinet W32/GenKryptik.CPGU!tr 20181120
GData Trojan.GenericKD.31321760 20181120
Ikarus Trojan-Banker.Emotet 20181119
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053febd1 ) 20181120
K7GW Trojan ( 0053febd1 ) 20181120
Kaspersky Trojan-Banker.Win32.Emotet.blby 20181120
Malwarebytes Trojan.Emotet.Generic 20181120
MAX malware (ai score=100) 20181120
McAfee RDN/Generic.hbg 20181120
McAfee-GW-Edition BehavesLike.Win32.Generic.gm 20181120
Microsoft Trojan:Win32/Emotet.AC!bit 20181120
eScan Trojan.GenericKD.31321760 20181120
NANO-Antivirus Virus.Win32.Gen.ccmw 20181120
Palo Alto Networks (Known Signatures) generic.ml 20181120
Panda Trj/Genetic.gen 20181119
Qihoo-360 Win32/Trojan.88c 20181120
Rising Trojan.Kryptik!1.B4A3 (CLASSIC) 20181120
Sophos AV Mal/EncPk-ANY 20181120
Symantec Trojan.Emotet 20181120
Tencent Win32.Trojan-banker.Emotet.Pcsp 20181120
TrendMicro TROJ_GEN.R002C0CJU18 20181120
TrendMicro-HouseCall TROJ_GEN.R002C0CJU18 20181120
Webroot W32.Trojan.Emotet 20181120
Zillya Trojan.Emotet.Win32.6811 20181119
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.blby 20181120
AegisLab 20181120
Alibaba 20180921
Avast-Mobile 20181119
Babable 20180918
Baidu 20181120
Bkav 20181119
CMC 20181119
Cybereason 20180225
DrWeb 20181120
eGambit 20181120
F-Prot 20181120
Jiangmin 20181120
Kingsoft 20181120
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181120
TheHacker 20181118
TotalDefense 20181118
Trustlook 20181120
VBA32 20181119
ViRobot 20181120
Yandex 20181119
Zoner 20181120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows®
Original name wlstore.dl
Internal name wlstore.dl
File version 6.1.7600
Description Policy Storage dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-28 11:33:14
Entry Point 0x0005411F
Number of sections 4
PE sections
PE imports
GetBitmapDimensionEx
GetGraphicsMode
GetModuleHandleA
SetConsoleScreenBufferSize
HeapSize
ICSeqCompressFrame
NetShareCheck
SHCreateThreadRef
GetRawInputDeviceList
HGLOBAL_UserMarshal
Number of PE resources by type
RT_STRING 93
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 94
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.9951.0

LanguageCode
Japanese

FileFlagsMask
0x003f

FileDescription
Policy Storage dll

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
104448

EntryPoint
0x5411f

OriginalFileName
wlstore.dl

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7600

TimeStamp
2018:10:28 12:33:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wlstore.dl

ProductVersion
6.1.7600

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
345600

ProductName
Microsoft Windows

ProductVersionNumber
7.0.9951.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 43a3078bf32e14530832f867f0a24146
SHA1 e31c613fc15ec51ce14ef126ea2cd8960194d6c0
SHA256 e5e3ec6c1aef778b3783e7699d45adc53268aee9f0523dc06e3be8866d13fc71
ssdeep
3072:9dgptUHWYCJrSr+oXnl1EYS/HU23kIfoRtwzoFxWLWOvyyxTIP7ycJ0QLOkM6mXM:9eptUHWdJr/oXnEYSU2UaILsE

authentihash e99a554bb3addc7e319494a591f0d4b35f7b134424e6169a0db32e0cf8b79438
imphash f99b27b2595f885c464fc7f4c7ad70de
File size 434.5 KB ( 444928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-28 11:35:36 UTC ( 3 months, 3 weeks ago )
Last submission 2018-10-28 11:35:36 UTC ( 3 months, 3 weeks ago )
File names wlstore.dl
6YNzfj.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!