× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f794bb48d1ce138d81296e9c5ea0ec2964ef81de1babf3e95d90f3fcc273f2d7
File name: FayPHQfbfCx.exe
Detection ratio: 48 / 70
Analysis date: 2019-01-17 18:15:29 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Trojan.Emotet.RE 20190117
AhnLab-V3 Malware/Gen.Generic.C2924538 20190117
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190117
Arcabit Trojan.Emotet.RE 20190117
Avast Win32:BankerX-gen [Trj] 20190117
AVG Win32:BankerX-gen [Trj] 20190117
Avira (no cloud) TR/AD.Emotet.zaxan 20190117
BitDefender Trojan.Emotet.RE 20190117
Comodo Malware@#20ov97go5l7a 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.4dbdfb 20190109
Cylance Unsafe 20190117
Cyren W32/Trojan.RLRU-4169 20190117
DrWeb Trojan.EmotetENT.344 20190117
eGambit Unsafe.AI_Score_96% 20190117
Emsisoft Trojan.Emotet.RE (B) 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190117
F-Prot W32/Emotet.MC.gen!Eldorado 20190117
F-Secure Trojan.Emotet.RE 20190117
Fortinet W32/Kryptik.GOPP!tr 20190117
GData Trojan.Emotet.RE 20190117
Ikarus Trojan-Banker.Emotet 20190117
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c4bc1 ) 20190117
K7GW Trojan ( 0053c4bc1 ) 20190117
Kaspersky Trojan-Banker.Win32.Emotet.bzjn 20190117
Malwarebytes Trojan.Emotet 20190117
McAfee RDN/Generic.grp 20190117
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190117
Microsoft Trojan:Win32/Emotet.DF 20190117
eScan Trojan.Emotet.RE 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Panda Trj/RnkBend.A 20190117
Qihoo-360 HEUR/QVM20.1.8B29.Malware.Gen 20190117
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/Emotet-AUA 20190117
Symantec Trojan.Emotet 20190117
Tencent Win32.Trojan-banker.Emotet.Szbo 20190117
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAEAI 20190117
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAEAI 20190117
VBA32 BScope.Trojan.Refinka 20190117
VIPRE Trojan.Win32.Generic!BT 20190117
ViRobot Trojan.Win32.Z.Agent.135168.BJC 20190117
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bzjn 20190117
AegisLab 20190117
Alibaba 20180921
Avast-Mobile 20190117
Babable 20180918
Baidu 20190117
Bkav 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Jiangmin 20190117
Kingsoft 20190117
MAX 20190117
NANO-Antivirus 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
TheHacker 20190115
TotalDefense 20190117
Trustlook 20190117
Webroot 20190118
Yandex 20190117
Zillya 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corpo

Product Microsoft® Windows® Operat
Internal name MSOGL
File version 6.1.76
Description MSOGL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-14 14:37:11
Entry Point 0x00003C70
Number of sections 10
PE sections
PE imports
CertGetEnhancedKeyUsage
SetTextColor
GetLastError
SetHandleCount
GetCurrentProcessId
ReadFile
GetTapeStatus
GetTickCount
TlsAlloc
GetCommandLineA
SetVolumeMountPointW
CompareStringOrdinal
CancelSynchronousIo
FindActCtxSectionGuid
TlsFree
I_RpcServerSetAddressChangeFn
PathIsRelativeA
SetClassWord
GetParent
GetMenuItemRect
ExcludeUpdateRgn
GetSystemMenu
GetLastInputInfo
GetKeyboardType
InternetOpenUrlW
CryptCATAdminAddCatalog
SCardDisconnect
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KANNADA DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MSOGL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
122880

EntryPoint
0x3c70

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corpo

FileVersion
6.1.76

TimeStamp
2019:01:14 15:37:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSOGL

ProductVersion
6.1.76

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
12288

ProductName
Microsoft Windows Operat

ProductVersionNumber
1.0.33.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 c4bc6979341ac6a1f154b3d3ff31f308
SHA1 e436e9d4dbdfb0a48dc71d79ed59aed53b360ff0
SHA256 f794bb48d1ce138d81296e9c5ea0ec2964ef81de1babf3e95d90f3fcc273f2d7
ssdeep
3072:6arlkC6i1b/+vDMPMl5BcgPBoibJs2iCvT:6arXHXk/BxJR9pv

authentihash 7eacc1b9bec315a481cf13ffd278b1baabe4c4dde4ed4314908f47dcd3e216f5
imphash 9437663448d4509d55352ab050a2799e
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-14 14:42:17 UTC ( 1 month, 1 week ago )
Last submission 2019-01-14 15:22:34 UTC ( 1 month, 1 week ago )
File names FayPHQfbfCx.exe
idoTg_f_skCXbqtJX.exe
jg_wuZNcm.exe
6U_xBuj9nENM_CZVf3.exe
3KUtdXv_7YaQos_n3QjGh.exe
xRTLhIFA_jVSS8To0_qNG55LvCD.exe
NWX4_m_XBCbCsMsn.exe
gs_bDydeY.exe
Vk7E_AYdL_deeAs.exe
1TpDEWC_w.exe
X0V7_ZZ.exe
CO_VBoHy3_bO9.exe
PY7b7_ZMH63KNZI_F5sBuk06.exe
69.exe
kysXC_bBV0.exe
i2Oqv_bO_5daQG4.exe
2pyOE0Ei_dyd_RSUxQ.exe
W6TTAs_zCtnMk9c_U8oqiIVUJ.exe
uq21V_nJi.exe
7h5QEAfN_Icp4Ccio_A.exe
44K8aD4X_E_p.exe
21576138
MSOGL
BErqyqf_vKr35d_y.exe
LyKQMc_JOQb.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!