× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7e462f0187b14133cdca38f148c05f174d74ca183a00228c539c9b2fdc7b845
File name: SOFTWAREUPDATEMONITOR.EXE
Detection ratio: 50 / 71
Analysis date: 2019-05-21 13:40:33 UTC ( 22 hours, 59 minutes ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.191292 20190521
AegisLab Trojan.Multi.Generic.4!c 20190521
AhnLab-V3 Malware/Win32.Trojanspy.C3165804 20190521
Alibaba TrojanPSW:Win32/Azorult.8f4c0822 20190513
ALYac Gen:Variant.Strictor.191292 20190521
Antiy-AVL Trojan[PSW]/Win32.Azorult 20190521
APEX Malicious 20190520
Arcabit Trojan.Strictor.D2EB3C 20190521
Avast Win32:Trojan-gen 20190521
AVG Win32:Trojan-gen 20190521
Avira (no cloud) TR/AD.MoksSteal.jwcom 20190521
BitDefender Gen:Variant.Strictor.191292 20190521
CAT-QuickHeal Trojanpws.Azorult 20190521
ClamAV Win.Malware.Loki-6957087-0 20190521
Comodo Malware@#3osf8surz6by0 20190521
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cylance Unsafe 20190521
Cyren W32/Trojan.BDDN-1516 20190521
DrWeb Trojan.DownLoader27.60159 20190521
Emsisoft Gen:Variant.Strictor.191292 (B) 20190521
Endgame malicious (high confidence) 20190521
ESET-NOD32 a variant of Win32/Injector.EFAO 20190521
F-Secure Trojan.TR/AD.MoksSteal.jwcom 20190521
FireEye Generic.mg.b46a3d9f4dff6528 20190521
Fortinet W32/Injector.EESQ!tr 20190521
GData Win32.Trojan.Agent.COI7B4 20190521
Ikarus Trojan.SuspectCRC 20190521
Jiangmin Trojan.PSW.Azorult.bdc 20190521
K7AntiVirus Trojan ( 0054c7ba1 ) 20190521
K7GW Trojan ( 0054c7ba1 ) 20190521
Kaspersky Trojan-PSW.Win32.Azorult.ntn 20190521
MaxSecure Trojan.Malware.73741539.susgen 20190521
McAfee Artemis!B46A3D9F4DFF 20190521
McAfee-GW-Edition Trojan-FQIO!1239C154A235 20190520
Microsoft Trojan:Win32/Occamy.C 20190521
eScan Gen:Variant.Strictor.191292 20190521
NANO-Antivirus Trojan.Win32.Azorult.fpgtey 20190521
Palo Alto Networks (Known Signatures) generic.ml 20190521
Panda Trj/GdSda.A 20190521
Qihoo-360 Win32/Trojan.246 20190521
SentinelOne (Static ML) DFI - Suspicious PE 20190511
Sophos AV Mal/Generic-S 20190521
Symantec Trojan.Gen.2 20190521
Tencent Win32.Trojan-qqpass.Qqrob.Pefq 20190521
Trapmine malicious.high.ml.score 20190325
TrendMicro TrojanSpy.Win32.LOKI.SMD1.hp 20190521
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMD1.hp 20190521
VBA32 TrojanPSW.Azorult 20190521
Webroot W32.Malware.Gen 20190521
ZoneAlarm by Check Point Trojan-PSW.Win32.Azorult.ntn 20190521
Acronis 20190521
Avast-Mobile 20190521
Babable 20190424
Baidu 20190318
Bkav 20190521
CMC 20190321
Cybereason 20190417
eGambit 20190521
F-Prot 20190521
Sophos ML 20190313
Kingsoft 20190521
Malwarebytes 20190521
MAX 20190521
Rising 20190521
SUPERAntiSpyware 20190521
Symantec Mobile Insight 20190516
TACHYON 20190521
TheHacker 20190521
TotalDefense 20190521
Trustlook 20190521
ViRobot 20190521
Zillya 20190520
Zoner 20190521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-03-05 21:52:51
Entry Point 0x000FA001
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
CoTaskMemFree
CreateErrorInfo
SysFreeString
SafeArrayPtrOfIndex
WindowFromPoint
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_CURSOR 44
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_RCDATA 2
RT_ICON 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_DLGINCLUDE 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 30
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:03:05 22:52:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
670720

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xfa001

InitializedDataSize
328192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b46a3d9f4dff65281395ff4c127eac9a
SHA1 220c9ad1aee81c59001ebac318a062c087cc41e1
SHA256 f7e462f0187b14133cdca38f148c05f174d74ca183a00228c539c9b2fdc7b845
ssdeep
6144:9jVJ7s8/H5/nmznubrIwBTUSch9jvuBE77jWyq4kjuXf+djjs1iE6zQi37FFO:xVdrW6Gnl2XekqXf+N1zQu7FF

authentihash bbf219e76019398badcfadd743756755a129729b46d7a768d385383c840a8689
imphash 4813dcadf574be1804f6966c62605222
File size 443.0 KB ( 453632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe aspack

VirusTotal metadata
First submission 2019-04-19 20:56:57 UTC ( 1 month ago )
Last submission 2019-04-19 20:56:57 UTC ( 1 month ago )
File names SOFTWAREUPDATEMONITOR.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Code injections in the following processes
Runtime DLLs