× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6dabe6d5a65f8350cfdb0fe3a01cae9d744f686ad4f968b48734eff0eeb8bba
File name: Temp.exe
Detection ratio: 30 / 56
Analysis date: 2016-08-24 08:47:03 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3485612 20160824
AegisLab Heur.Advml.Gen!c 20160824
AhnLab-V3 Trojan/Win32.Bublik.N2086800963 20160824
ALYac Trojan.GenericKD.3485612 20160824
Antiy-AVL Trojan/Win32.Bublik 20160824
Arcabit Trojan.Generic.D352FAC 20160824
Avast Win32:Malware-gen 20160824
AVG Generic_s.JIQ 20160824
Avira (no cloud) TR/AD.Nivdort.joos 20160824
Baidu Win32.Trojan.WisdomEyes.151026.9950.9976 20160824
BitDefender Trojan.GenericKD.3485612 20160824
Bkav HW32.Packed.A970 20160823
Cyren W32/Trojan.HTHO-1344 20160824
Emsisoft Trojan.GenericKD.3485612 (B) 20160824
ESET-NOD32 Win32/PSW.Papras.EJ 20160824
F-Prot W32/Vawtrak.AU 20160824
F-Secure Trojan.GenericKD.3485612 20160824
Fortinet W32/Kryptik.FEYA!tr 20160824
GData Trojan.GenericKD.3485612 20160824
Ikarus Trojan.Win32.PSW 20160823
Kaspersky Trojan.Win32.Bublik.eqfq 20160823
Malwarebytes Trojan.Crypt 20160824
McAfee RDN/Generic PWS.y 20160824
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20160824
Microsoft Backdoor:Win32/Vawtrak.E 20160824
eScan Trojan.GenericKD.3485612 20160824
Panda Generic Suspicious 20160823
Rising Malware.XPACK-HIE/Heur!1.9C48-0kvb6lwK5WI (Cloud) 20160824
Sophos AV Troj/Agent-ATHA 20160824
Symantec Heur.AdvML.B 20160824
Alibaba 20160824
AVware 20160824
CAT-QuickHeal 20160824
ClamAV 20160824
CMC 20160822
Comodo 20160823
DrWeb 20160824
Jiangmin 20160824
K7AntiVirus 20160824
K7GW 20160824
Kingsoft 20160824
NANO-Antivirus 20160824
nProtect 20160824
Qihoo-360 20160824
SUPERAntiSpyware 20160823
Tencent 20160824
TheHacker 20160824
TotalDefense 20160824
TrendMicro 20160824
TrendMicro-HouseCall 20160824
VBA32 20160823
VIPRE 20160824
ViRobot 20160824
Yandex 20160823
Zillya 20160820
Zoner 20160824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved.

Product EPSON Printer Driver
Original name ep0lvr1w.dll
Internal name ep0lvr1w.dll
File version 6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123)
Description EPSON Printer Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-21 07:02:43
Entry Point 0x00002785
Number of sections 6
PE sections
PE imports
GetStockObject
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
GetTempFileNameA
GetShortPathNameW
CopyFileExA
TerminateThread
LoadLibraryW
FreeLibrary
CreateTimerQueue
GetTimeFormatW
GetSystemWindowsDirectoryW
VirtualProtect
GetVersionExA
LoadLibraryA
GetDevicePowerState
CreateNamedPipeA
FoldStringA
GetCurrentProcess
GetVolumeInformationA
CommConfigDialogW
GetCurrentProcessId
AddAtomA
DebugActiveProcessStop
GetCalendarInfoW
GetSystemDefaultLCID
GetStartupInfoW
FoldStringW
GetFileInformationByHandle
DeleteFileW
CopyFileExW
GetCurrentThread
GetFileTime
CompareStringW
RaiseException
WideCharToMultiByte
GetSystemDirectoryW
MoveFileExW
lstrcmpA
GetDiskFreeSpaceW
DelayLoadFailureHook
InterlockedExchange
GetTempPathW
CloseHandle
GetComputerNameExW
LocalAlloc
GetProcAddress
MoveFileA
GlobalMemoryStatus
CreateProcessW
AllocConsole
CreateJobObjectW
DeleteVolumeMountPointW
DebugBreak
GetVersion
CloseConsoleHandle
GetNumberFormatW
acmStreamClose
acmFormatEnumW
acmFilterTagDetailsA
acmMetrics
acmStreamConvert
acmFilterTagDetailsW
acmDriverMessage
acmDriverEnum
acmStreamUnprepareHeader
acmDriverClose
acmStreamMessage
acmFormatTagEnumW
acmDriverAddW
acmDriverDetailsW
acmStreamPrepareHeader
acmFormatChooseA
acmStreamOpen
acmDriverDetailsA
acmDriverAddA
acmFilterEnumA
acmGetVersion
acmDriverRemove
acmFormatEnumA
acmFormatSuggest
acmFilterChooseA
acmDriverOpen
GetForegroundWindow
GetInputState
FindWindowA
InflateRect
IsWindowEnabled
GetWindow
GetMenu
GetQueueStatus
GetWindowModuleFileNameW
RegisterClassA
GetMenuItemCount
GetWindowLongA
GetWindowTextLengthA
LoadIconA
GetActiveWindow
GetTopWindow
CopyRect
GetDesktopWindow
LoadCursorW
GetFocus
GetWindowRgnBox
IsChild
ScriptGetFontProperties
ScriptApplyDigitSubstitution
ScriptGetLogicalWidths
ScriptBreak
ScriptString_pcOutChars
ScriptStringFree
ScriptItemize
ScriptStringOut
ScriptString_pSize
ScriptStringXtoCP
ScriptTextOut
ScriptCacheGetHeight
ScriptShape
ScriptLayout
ScriptStringValidate
ScriptStringAnalyse
ScriptGetProperties
Number of PE resources by type
Struct(100) 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
1

FileVersionNumber
6.1.6914.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
217088

EntryPoint
0x2785

OriginalFileName
ep0lvr1w.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) SEIKO EPSON CORPORATION 2003-2004. All rights reserved.

FileVersion
6.1.6914.0 (fbl_dox_dev_ihvs.081001-2123)

TimeStamp
2014:09:21 08:02:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ep0lvr1w.dll

ProductVersion
6.1.6914.0

FileDescription
EPSON Printer Driver

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SEIKO EPSON CORPORATION

CodeSize
77824

ProductName
EPSON Printer Driver

ProductVersionNumber
6.1.6914.0

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 9be737d78d1c235627d105cd27af60e4
SHA1 2d07b416bd694062706ba9bb048e446d9b2181e0
SHA256 f6dabe6d5a65f8350cfdb0fe3a01cae9d744f686ad4f968b48734eff0eeb8bba
ssdeep
6144:WehCIUynDE7ebaH3BQ8//y8zNAEAhyF+vK9j:WMvTnIMh8//y8ZR

authentihash 4680862c7efbdcf788587bff70ddcf41eab7ed330e17bb6508c21960f9cedd77
imphash 77bfde9ea390bc7d6f8b418aeea15379
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-22 20:23:54 UTC ( 2 years, 7 months ago )
Last submission 2016-08-23 09:44:06 UTC ( 2 years, 7 months ago )
File names Temp.exe
20160822_temp.exe
ep0lvr1w.dll
23.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!