× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e91521d943f52758465830bc704ec89f79162b942300f9ac664226dd5c11dd30
File name: worker2.exe
Detection ratio: 51 / 65
Analysis date: 2018-05-24 19:02:33 UTC ( 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.Gen.3 20180524
AegisLab Uds.Dangerousobject.Multi!c 20180524
AhnLab-V3 Trojan/Win32.Magniber.R221643 20180524
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180524
Arcabit Trojan.Emotet.Gen.3 20180524
Avast Win32:Malware-gen 20180524
AVG Win32:Malware-gen 20180524
Avira (no cloud) TR/AD.LockyLoader.yntew 20180524
AVware Trojan.Win32.Generic!BT 20180524
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20180524
BitDefender Trojan.Emotet.Gen.3 20180524
CAT-QuickHeal Trojan.Multi 20180524
ClamAV Win.Trojan.Emotet-6527645-0 20180521
Comodo TrojWare.Win32.Troldesh.A 20180524
Cylance Unsafe 20180524
Cyren W32/S-15f730e0!Eldorado 20180524
DrWeb BackDoor.IRC.Bot.3984 20180524
Emsisoft Trojan.Emotet.Gen.3 (B) 20180524
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GDVJ 20180524
F-Prot W32/S-15f730e0!Eldorado 20180524
F-Secure Trojan.Emotet.Gen.3 20180524
Fortinet W32/Kryptik.GDOV!tr 20180524
GData Trojan.Emotet.Gen.3 20180524
Ikarus Trojan.Win32.Crypt 20180524
Sophos ML heuristic 20180503
Jiangmin Backdoor.Androm.xfl 20180524
K7AntiVirus Trojan ( 0052908c1 ) 20180524
K7GW Trojan ( 0052908c1 ) 20180524
Kaspersky Trojan.Win32.Chapak.awq 20180524
Malwarebytes Ransom.Crysis 20180524
MAX malware (ai score=99) 20180524
McAfee Generic.dqa 20180524
McAfee-GW-Edition BehavesLike.Win32.Cryptlore.dh 20180524
Microsoft Trojan:Win32/Pliskal.A!bit 20180524
eScan Trojan.Emotet.Gen.3 20180524
NANO-Antivirus Trojan.Win32.Mucc.eynqqj 20180524
Palo Alto Networks (Known Signatures) generic.ml 20180524
Panda Trj/CI.A 20180524
Qihoo-360 HEUR/QVM10.1.BA03.Malware.Gen 20180524
Sophos AV Mal/GandCrab-A 20180524
Symantec Trojan.Gen.2 20180524
Tencent Win32.Trojan.Chapak.Aoiz 20180524
TrendMicro TROJ_GEN.R011C0DCB18 20180524
TrendMicro-HouseCall TROJ_GEN.R011C0DCB18 20180524
VBA32 Trojan.Chapak 20180524
VIPRE Trojan.Win32.Generic!BT 20180524
Webroot W32.Trojan.Gen 20180524
Yandex Backdoor.Androm!FBaIbBky1+4 20180524
Zillya Trojan.Kryptik.Win32.1375863 20180524
ZoneAlarm by Check Point Trojan.Win32.Chapak.awq 20180524
Alibaba 20180524
ALYac 20180524
Avast-Mobile 20180524
Babable 20180406
Bkav 20180524
CMC 20180524
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180524
Kingsoft 20180524
nProtect 20180524
Rising 20180524
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180524
Symantec Mobile Insight 20180522
TheHacker 20180524
Trustlook 20180524
ViRobot 20180524
Zoner 20180524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-02 08:07:58
Entry Point 0x000062D4
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
ChangeServiceConfigA
RegQueryInfoKeyA
AddAccessAllowedAce
ColorMatchToTarget
CreateEllipticRgn
FillPath
CloseFigure
SetPolyFillMode
CopyMetaFileW
CreateCompatibleBitmap
EndPath
CombineRgn
BitBlt
SetWinMetaFileBits
StretchBlt
GetPrivateProfileSectionNamesA
GetStdHandle
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
OutputDebugStringA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetFirmwareEnvironmentVariableA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimes
DecodePointer
FindAtomW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
AddAtomA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
TerminateProcess
GetProcessVersion
TransparentBlt
AlphaBlend
DragAcceptFiles
DragQueryPoint
CharPrevA
CreateWindowExA
LoadIconA
GetRawInputDeviceInfoW
LoadStringW
DispatchMessageA
LoadMenuA
OpenClipboard
GetDialogBaseUnits
AdjustWindowRect
SetWindowContextHelpId
CreateIconFromResource
CreateCaret
PeekMessageA
LoadKeyboardLayoutA
GetNextDlgTabItem
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
HNEKGAH 1
RT_MANIFEST 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH UK 3
ITALIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
15152640

ImageVersion
0.0

FileVersionNumber
1.0.0.1

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

LinkerVersion
10.0

EntryPoint
0x62d4

MIMEType
application/octet-stream

TimeStamp
2018:03:02 09:07:58+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
101888

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 eae17082ded2153c4b9c7dc7ad7f6b7e
SHA1 2c5e75e8b8ebdcaae8cf6326ef95fbc96e05590d
SHA256 e91521d943f52758465830bc704ec89f79162b942300f9ac664226dd5c11dd30
ssdeep
3072:jcCcvj1wwyfyZQeg1KBxmgPPH/BNh6rLy3Y8sAHri95Dr3:QhjKXeWKBxmi5SP9X3

authentihash 7e0d4a406ce15f14d35873130686da4310f999cd697569ac45223cd48ef1af88
imphash 9c201ecf739a0dbdfcc31f2869f9b9de
File size 239.0 KB ( 244736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-10 16:07:38 UTC ( 1 year, 2 months ago )
Last submission 2018-08-31 00:09:37 UTC ( 8 months, 3 weeks ago )
File names dwm.exe
muie.exe
dwm.exe
worker2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections