× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e89ccee7416ec47309d2e702cc41b09adfe37e3c074fbd4dd2f065c139c9d695
File name: c1fb0efaac52d30301c3096f3fd10ba7
Detection ratio: 44 / 70
Analysis date: 2019-01-06 01:48:10 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20181227
Ad-Aware Trojan.GenericKD.31485964 20190106
AhnLab-V3 Trojan/Win32.Emotet.R250795 20190105
ALYac Trojan.GenericKD.31485964 20190106
Arcabit Trojan.Generic.D1E0700C 20190106
Avast Win32:BankerX-gen [Trj] 20190106
AVG Win32:BankerX-gen [Trj] 20190106
BitDefender Trojan.GenericKD.31485964 20190106
ClamAV Win.Malware.Emotet-6803404-0 20190106
Comodo Malware@#14imo1wfgw7zs 20190105
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.aac52d 20180225
Cylance Unsafe 20190106
Cyren W32/Trojan.BSKQ-5257 20190105
Emsisoft Trojan.GenericKD.31485964 (B) 20190105
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOHR 20190105
F-Secure Trojan.GenericKD.31485964 20190105
Fortinet W32/GenKryptik.CVQN!tr 20190105
GData Trojan.GenericKD.31485964 20190105
Ikarus Trojan-Spy.Win32.Emotet 20190105
Sophos ML heuristic 20181128
K7GW Trojan ( 00544efa1 ) 20190105
Kaspersky Trojan-Banker.Win32.Emotet.byby 20190105
Malwarebytes Trojan.Emotet 20190105
MAX malware (ai score=100) 20190106
McAfee Emotet-FLM!C1FB0EFAAC52 20190105
McAfee-GW-Edition Artemis!Trojan 20190105
Microsoft Trojan:Win32/Emotet.AC!bit 20190105
eScan Trojan.GenericKD.31485964 20190105
Palo Alto Networks (Known Signatures) generic.ml 20190106
Panda Trj/GdSda.A 20190105
Qihoo-360 HEUR/QVM20.1.4FE7.Malware.Gen 20190106
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190105
Symantec Trojan.Emotet 20190105
Tencent Win32.Trojan-banker.Emotet.Szlj 20190106
Trapmine malicious.high.ml.score 20190103
TrendMicro TROJ_FRS.VSN04A19 20190105
TrendMicro-HouseCall TROJ_FRS.VSN04A19 20190105
ViRobot Trojan.Win32.Emotet.192512 20190106
Webroot W32.Trojan.Emotet 20190106
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byby 20190106
AegisLab 20190105
Alibaba 20180921
Antiy-AVL 20190105
Avast-Mobile 20190105
Avira (no cloud) 20190106
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190105
CMC 20190105
DrWeb 20190105
eGambit 20190106
F-Prot 20190105
Jiangmin 20190105
K7AntiVirus 20190105
Kingsoft 20190106
NANO-Antivirus 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
TheHacker 20190104
TotalDefense 20190105
Trustlook 20190106
VBA32 20190104
Yandex 20181229
Zillya 20190105
Zoner 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved

Product WinZip
Original name WZ32.DLL
Internal name WZ32.DLL
File version 18.0 (32-bit)
Description WinZip DLL
Comments StringFileInfo: U.S. English
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-04 10:00:12
Entry Point 0x00006020
Number of sections 5
PE sections
PE imports
IsValidAcl
SetUserFileEncryptionKey
LookupPrivilegeValueA
RegConnectRegistryA
CM_Disable_DevNode
GetNodeClusterState
ExcludeClipRect
GetCurrentObject
PolylineTo
SetDCPenColor
EqualRgn
GetBoundsRect
GetStretchBltMode
IntersectClipRect
EnumFontsA
ImmSimulateHotKey
GetIpErrorString
IsBadStringPtrW
GetSystemTime
SetProcessShutdownParameters
AreFileApisANSI
GetCPInfo
WritePrivateProfileStringA
TlsFree
GetSystemDefaultLocaleName
GetOverlappedResult
ReadFile
GetCommandLineW
GetUserDefaultUILanguage
FlsGetValue
IsProcessorFeaturePresent
CancelSynchronousIo
FindActCtxSectionStringW
SetHandleInformation
CopyFileExW
Process32FirstW
GetCurrentThread
MprConfigServerConnect
NetGroupAdd
NetApiBufferSize
NetLocalGroupAddMember
NetGetDCName
VarBoolFromDate
VarCyFromI4
LHashValOfNameSys
VarR8FromI4
VarDateFromCy
RpcEpUnregister
NdrPointerMarshall
RpcStringBindingComposeA
RpcMgmtIsServerListening
RpcMgmtEnableIdleCleanup
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsA
SetupDiClassNameFromGuidExA
SetupDiGetClassImageIndex
SetupDiChangeState
SHParseDisplayName
StrDupA
StrNCatW
AcceptSecurityContext
GetMouseMovePointsEx
IsCharAlphaW
GetClassInfoExW
GrayStringW
GetKeyNameTextA
EnumDisplayDevicesA
GetDialogBaseUnits
MonitorFromWindow
GetDlgItemTextA
SetDlgItemInt
DlgDirSelectExW
GetInputState
GetClipboardOwner
GetMenuItemCount
ToAsciiEx
SendInput
DefDlgProcW
InSendMessage
IsDialogMessageA
waveInGetPosition
waveOutUnprepareHeader
mmioAscend
WTHelperGetProvCertFromChain
SCardStatusW
DisassociateColorProfileFromDeviceW
ungetc
calloc
strcspn
OleNoteObjectVisible
STGMEDIUM_UserSize
HPALETTE_UserSize
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_STRING 46
RT_VERSION 1
Number of PE resources by language
ENGLISH US 47
PE resources
ExifTool file metadata
WZZIPEXE
18,999

CodeSize
24576

WZUNZIPEXE
18,999

Comments
StringFileInfo: U.S. English

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
18.0.6028.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

WZSEPE32EXE
5,999

FileDescription
WinZip DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
167936

EntryPoint
0x6020

OriginalFileName
WZ32.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved

WZOUFOCOEXE
18,999

FileVersion
18.0 (32-bit)

TimeStamp
2019:01:04 11:00:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WZ32.DLL

SubsystemVersion
6.0

WZCLINEDLL
18,999

UninitializedDataSize
0

OSVersion
6.0

WZOUTLOKDLL
18,999

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WinZip Computing, Inc.

LegalTrademarks
WinZip is a registered trademark of WinZip Computing, Inc

ProductName
WinZip

ProductVersionNumber
9.0.0.0

WZIPSE32EXE
5,999

WINZIP32EXE
18,999

FileTypeExtension
exe

ObjectFileType
Dynamic link library

WZZPMAILDLL
18,999

WZEUDORADLL
18,999

ProductVersion
9.0 (6028)

File identification
MD5 c1fb0efaac52d30301c3096f3fd10ba7
SHA1 f6dd73bd26654f2133439734c6f45eb72e17c118
SHA256 e89ccee7416ec47309d2e702cc41b09adfe37e3c074fbd4dd2f065c139c9d695
ssdeep
3072:HB4bzA/lQcWKCGJxW7lxgEcHAKh1WrAvCTVR0GsR7BJUaEfWP2YOwDx6USZvCaVQ:+beQcXJxW7lxgEEdh1WVsE90

authentihash 4ed52b04e37b2c95d3b3a381bb75628ad8e6e7e06bb12962d0e025f9d37f3940
imphash 5cc64572aff7abaa2dedae0d442b5c0d
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-04 02:08:40 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-05 23:15:34 UTC ( 1 month, 2 weeks ago )
File names SQCQOi.exe
WZ32.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!