× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eae1e637253c839f179b6dfe9dd21a45f13e8f1f9aec4268883b393955880deb
File name: payload_1.exe
Detection ratio: 10 / 68
Analysis date: 2018-07-14 22:08:52 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180712
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180714
Endgame malicious (high confidence) 20180711
Sophos ML heuristic 20180601
Qihoo-360 HEUR/QVM20.1.8199.Malware.Gen 20180714
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgTLYFRAh8IbQA) 20180714
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180714
Webroot W32.Trojan.Emotet 20180714
Ad-Aware 20180714
AegisLab 20180714
AhnLab-V3 20180714
Alibaba 20180713
ALYac 20180714
Antiy-AVL 20180714
Arcabit 20180714
Avast 20180714
Avast-Mobile 20180714
AVG 20180714
Avira (no cloud) 20180714
AVware 20180714
Babable 20180406
BitDefender 20180714
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180714
CMC 20180714
Comodo 20180714
Cybereason 20180225
Cyren 20180714
DrWeb 20180714
eGambit 20180714
Emsisoft 20180714
ESET-NOD32 20180714
F-Prot 20180714
F-Secure 20180714
Fortinet 20180714
GData 20180714
Ikarus 20180714
Jiangmin 20180714
K7AntiVirus 20180714
K7GW 20180714
Kaspersky 20180714
Kingsoft 20180714
Malwarebytes 20180714
MAX 20180714
McAfee 20180714
McAfee-GW-Edition 20180714
Microsoft 20180714
eScan 20180714
NANO-Antivirus 20180714
Palo Alto Networks (Known Signatures) 20180714
Panda 20180714
Sophos AV 20180714
SUPERAntiSpyware 20180714
TACHYON 20180714
Tencent 20180714
TheHacker 20180712
TotalDefense 20180714
TrendMicro 20180714
TrendMicro-HouseCall 20180714
Trustlook 20180714
VBA32 20180713
VIPRE 20180714
ViRobot 20180714
Yandex 20180713
Zillya 20180713
ZoneAlarm by Check Point 20180714
Zoner 20180713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wfw.fwf
Internal name вввы (03.2)
Description Windows Cryptographic
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x000019F1
Number of sections 6
PE sections
PE imports
SetBitmapBits
lstrlenA
FlsFree
SystemTimeToTzSpecificLocalTime
DdeDisconnectList
ShowCursor
GetClipboardOwner
CryptCATCDFEnumMembers
UninstallColorProfileW
isleadbyte
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Cryptographic

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
10240

EntryPoint
0x19f1

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
(03.2)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ddfdgf dgdsger

CodeSize
100864

ProductName
Microsoft Windows Operating S

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ea1ee30e5e2e55522af8cf863265de5e
SHA1 8f6ec4ccd2619b049095c9025f84e0c6f0a5c0c1
SHA256 eae1e637253c839f179b6dfe9dd21a45f13e8f1f9aec4268883b393955880deb
ssdeep
1536:aWrR2MCavC4gJ1XJ7NCeYK5hmKw4glw9clPSNQey:awR2panqJgeEKqw9clPzb

authentihash 5acbefe59b6c1c5ddf46c241fb91ab0667355e16b370fefae13c229f3b630f29
imphash 983c4ad45ae3836461ae5f5b5685845b
File size 105.5 KB ( 108032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-14 22:08:52 UTC ( 7 months, 2 weeks ago )
Last submission 2018-07-15 19:31:05 UTC ( 7 months, 1 week ago )
File names 665680901.exe
wfw.fwf
971221415535.exe
вввы (03.2)
payload_1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!