× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f66ebe26bba3db663ec62641452beaedd7447037ba40d4682df0b7a1de7e4126
File name: 239.bin
Detection ratio: 41 / 68
Analysis date: 2018-11-15 07:05:28 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Ransom.Lukitos.1 20181115
AegisLab Trojan.Win32.Lukitos.4!c 20181115
AhnLab-V3 Trojan/Win32.Emotet.R243328 20181114
ALYac Gen:Heur.Ransom.Lukitos.1 20181115
Arcabit Trojan.Ransom.Lukitos.1 20181115
Avast Win32:Malware-gen 20181115
AVG Win32:Malware-gen 20181115
Avira (no cloud) TR/Kryptik.njkgz 20181115
BitDefender Gen:Heur.Ransom.Lukitos.1 20181115
CAT-QuickHeal Trojan.IGENERIC 20181114
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.da77ee 20180225
Cylance Unsafe 20181115
Cyren W32/Trojan.AUAP-9072 20181115
Emsisoft Trojan.Emotet (A) 20181115
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMMN 20181115
F-Secure Gen:Heur.Ransom.Lukitos.1 20181115
Fortinet W32/GenKryptik.CQCP!tr 20181115
GData Gen:Heur.Ransom.Lukitos.1 20181115
Ikarus Trojan.Win32.Krypt 20181114
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00540ad51 ) 20181113
K7GW Trojan ( 00540ad51 ) 20181115
Kaspersky Trojan-Banker.Win32.Emotet.bods 20181115
Malwarebytes Trojan.Dropper 20181115
MAX malware (ai score=80) 20181115
McAfee RDN/Generic.grp 20181115
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181115
Microsoft Trojan:Win32/Emotet.AC!bit 20181115
eScan Gen:Heur.Ransom.Lukitos.1 20181115
Palo Alto Networks (Known Signatures) generic.ml 20181115
Panda Trj/GdSda.A 20181114
Qihoo-360 Win32/Trojan.Ransom.248 20181115
Rising Trojan.GenKryptik!8.AA55 (TFE:3:Eqs4DiyE9cJ) 20181115
Sophos AV Mal/Generic-S 20181115
Symantec Trojan.Emotet 20181115
TrendMicro TROJ_GEN.R011C0CK818 20181115
TrendMicro-HouseCall TROJ_GEN.R011C0CK818 20181115
VBA32 BScope.Trojan.Refinka 20181114
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bods 20181115
Alibaba 20180921
Antiy-AVL 20181115
Avast-Mobile 20181114
Babable 20180918
Baidu 20181115
Bkav 20181114
ClamAV 20181115
CMC 20181115
DrWeb 20181115
eGambit 20181115
F-Prot 20181115
Jiangmin 20181115
Kingsoft 20181115
NANO-Antivirus 20181115
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TotalDefense 20181115
Trustlook 20181115
VIPRE 20181114
ViRobot 20181115
Webroot 20181115
Yandex 20181113
Zillya 20181114
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name wmvde
File version 6.
Description Windows M
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 21:58:56
Entry Point 0x00003B70
Number of sections 6
PE sections
PE imports
GetOldestEventLogRecord
RegEnumValueW
CryptEncrypt
RegSaveKeyA
AllocateLocallyUniqueId
ImageList_Draw
PlayMetaFileRecord
GetSystemPaletteEntries
FrameRgn
SetViewportOrgEx
GetPaletteEntries
EndPath
PlayMetaFile
CreateRoundRectRgn
GetFontLanguageInfo
RoundRect
GetBkColor
HeapSetInformation
NotifyUILanguageChange
GetPrivateProfileStructA
GetNumaAvailableMemoryNode
GetCurrentProcessId
GetCommandLineW
ChangeTimerQueueTimer
TerminateJobObject
GetCurrentThreadId
SetSystemTimeAdjustment
acmDriverOpen
DrawDibEnd
NetLocalGroupSetInfo
VarBstrCat
SysFreeString
RasGetProjectionInfoA
GetCursorPos
GetWindowThreadProcessId
CreateMenu
GetLastInputInfo
ScrollWindowEx
IsCharLowerW
LockSetForegroundWindow
midiOutLongMsg
midiStreamStop
AbortPrinter
ReadClassStg
CoGetCurrentLogicalThreadId
CoFreeUnusedLibraries
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows M

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x3b70

MIMEType
application/octet-stream

FileVersion
6.

TimeStamp
1996:06:16 14:58:56-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmvde

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micro

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
151552

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ea469f4da77ee93fe20102bcadab75b9
SHA1 88bb94dd0fe1b093ea7cf9a9bf886638dff94304
SHA256 f66ebe26bba3db663ec62641452beaedd7447037ba40d4682df0b7a1de7e4126
ssdeep
3072:9+VSAIsiBOyqK+pgh4tn0zEraTzBoJVjMyKm:USxvqpgh4t0zEraTzsu

authentihash d040768c8ebb4b77f492426ef20dee101a7580ddf27af8b704ae09b032a20e07
imphash b08dce4961b19b6be734e7024f85bcec
File size 111.0 KB ( 113664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 11:34:28 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-06 11:34:28 UTC ( 3 months, 2 weeks ago )
File names 239.bin
wmvde
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!