× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f444c14b11dedc892a07bf237f5b85a0372aebe43b940cf825b248da406a6029
File name: f569e7cae2f4dd59d9b13535df2cbbc2
Detection ratio: 45 / 66
Analysis date: 2017-10-18 15:04:01 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12498584 20171018
AegisLab Tspy.Hpemotet.Sml3!c 20171018
AhnLab-V3 Trojan/Win32.Dovs.R210715 20171018
Antiy-AVL Trojan/Win32.TSGeneric 20171018
Arcabit Trojan.Generic.DBEB698 20171018
Avast FileRepMalware 20171018
AVG FileRepMalware 20171018
Avira (no cloud) TR/AD.Emotet.jlgtn 20171018
AVware Trojan.Win32.Generic!BT 20171018
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171018
BitDefender Trojan.GenericKD.12498584 20171018
ClamAV Win.Trojan.Emotet-6349370-0 20171018
Comodo UnclassifiedMalware 20171018
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170804
Cylance Unsafe 20171018
Cyren W32/Trojan.QIYX-7525 20171018
eGambit malicious_confidence_100% 20171018
Emsisoft Trojan.GenericKD.12498584 (B) 20171018
Endgame malicious (high confidence) 20171016
ESET-NOD32 Win32/Emotet.AZ 20171018
F-Secure Trojan.GenericKD.12498584 20171018
Fortinet W32/GenKryptik.AZRU!tr 20171018
GData Win32.Trojan-Spy.Emotet.DV 20171018
Ikarus Trojan.Win32.Emotet 20171018
Sophos ML heuristic 20170914
Jiangmin Trojan/Win32.Emotet.a 20171018
Kaspersky Trojan.Win32.Dovs.alq 20171018
Malwarebytes Trojan.Emotet 20171018
MAX malware (ai score=100) 20171018
McAfee RDN/Generic PWS.y 20171018
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nh 20171018
Microsoft Trojan:Win32/Emotet.P 20171018
eScan Trojan.GenericKD.12498584 20171018
Palo Alto Networks (Known Signatures) generic.ml 20171018
Panda Trj/RnkBend.A 20171018
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171018
Symantec Ransom.Kovter 20171018
Tencent Win32.Trojan.Dovs.Ecjx 20171018
TrendMicro TSPY_HPEMOTET.SML3 20171018
TrendMicro-HouseCall TSPY_HPEMOTET.SML3 20171018
VIPRE Trojan.Win32.Generic!BT 20171018
ViRobot Trojan.Win32.Emotet.98304 20171018
Webroot W32.Trojan.Emotet 20171018
ZoneAlarm by Check Point Trojan.Win32.Dovs.alq 20171018
Alibaba 20170911
ALYac 20171018
Avast-Mobile 20171018
Bkav 20171018
CAT-QuickHeal 20171018
CMC 20171018
F-Prot 20171018
K7AntiVirus 20171017
K7GW 20171016
Kingsoft 20171018
NANO-Antivirus 20171018
nProtect 20171018
Qihoo-360 20171018
Rising 20171018
SUPERAntiSpyware 20171018
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171018
Trustlook 20171018
VBA32 20171018
WhiteArmor 20171016
Yandex 20171017
Zillya 20171018
Zoner 20171018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Twain Thunker
Original name Twunk_32.exe
Internal name Twunk_32
File version 1,7,1,0
Description Twain.dll Client's 32-Bit Thunking Server
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-17 17:00:45
Entry Point 0x000016C0
Number of sections 6
PE sections
PE imports
AccessCheckAndAuditAlarmA
PageSetupDlgA
SetROP2
EndPath
CloseFigure
FreeLibrary
GetLastError
RaiseException
LocalAlloc
LocalFree
InterlockedExchange
lstrcpyA
GetTickCount
ReadProcessMemory
CreateFileA
LoadLibraryA
GetDefaultCommConfigA
GetProcAddress
WritePrivateProfileStringW
VarUI8FromStr
I_RpcServerUseProtseqEp2W
SetupDiEnumDriverInfoA
SetupDiCreateDeviceInfoList
TranslateNameW
setsockopt
fputc
fopen
fclose
_localtime64
_time64
MonikerCommonPrefixWith
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.7.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unknown (04B4)

InitializedDataSize
77824

EntryPoint
0x16c0

OriginalFileName
Twunk_32.exe

MIMEType
application/octet-stream

FileVersion
1,7,1,0

TimeStamp
2017:10:17 18:00:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Twunk_32

ProductVersion
1,7,1,0

FileDescription
Twain.dll Client's 32-Bit Thunking Server

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

CodeSize
16384

ProductName
Twain Thunker

ProductVersionNumber
1.7.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f569e7cae2f4dd59d9b13535df2cbbc2
SHA1 1409190963661b7a67dcf1603c3ae5c6bf37cc32
SHA256 f444c14b11dedc892a07bf237f5b85a0372aebe43b940cf825b248da406a6029
ssdeep
1536:q9WJxuZVlcnEGDNyOsIRPCcDWs5gn0CvT77/2wz:FJs8nDNygKcysKnhvOwz

authentihash c8f30f285d501df367eb8c566bc8c624ab90105ac6a2e5e70f1a0cf97ac4ed88
imphash 9163a329ce5a8023b5d21fed367246ff
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-17 08:03:50 UTC ( 1 year ago )
Last submission 2018-07-21 20:24:55 UTC ( 3 months ago )
File names rpcsearch
Twunk_32.exe
MPAyJH91WyiS.exe
hUpdTQNiel.exe
videotime.exe
12642960.exe
24176488.exe
f569e7cae2f4dd59d9b13535df2cbbc2.vir
ZdrLmAXzFtDRCvt.exe
f569e7cae2f4dd59d9b13535df2cbbc2.vir
f569e7cae2f4dd59d9b13535df2cbbc2.vir
32893064.exe
carddefrag.exe
Twunk_32
29091272.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
UDP communications