× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8befab716830682a40f02977e6df923ed16fa1318e8a0697b7dc779b93c6a0b
File name: 2948359.exe
Detection ratio: 41 / 70
Analysis date: 2018-12-05 18:08:28 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40813066 20181205
AegisLab Trojan.Win32.Dridex.4!c 20181205
Arcabit Trojan.Generic.D26EC20A 20181205
Avast FileRepMalware 20181205
AVG FileRepMalware 20181205
BitDefender Trojan.GenericKD.40813066 20181205
Comodo Malware@#20lbsojeqfk5d 20181205
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cybereason malicious.621f13 20180225
Cylance Unsafe 20181205
Emsisoft Trojan.GenericKD.40813066 (B) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.U 20181205
F-Secure Trojan.GenericKD.40813066 20181205
Fortinet W32/PossibleThreat 20181205
GData Trojan.GenericKD.40813066 20181205
Ikarus Trojan.Win32.Dridex 20181205
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 004fe38d1 ) 20181205
K7GW Trojan ( 004fe38d1 ) 20181205
Kaspersky Backdoor.Win32.Dridex.alh 20181205
Malwarebytes Trojan.Emotet 20181205
MAX malware (ai score=68) 20181205
McAfee RDN/Generic BackDoor 20181205
McAfee-GW-Edition RDN/Generic BackDoor 20181205
Microsoft Trojan:Win32/Occamy.C 20181205
eScan Trojan.GenericKD.40813066 20181205
NANO-Antivirus Virus.Win32.Gen.ccmw 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181205
Panda Trj/GdSda.A 20181205
Qihoo-360 Win32/Backdoor.c21 20181205
Rising Downloader.Upatre!8.B5 (CLOUD) 20181205
Sophos AV Mal/Generic-S 20181205
Symantec Trojan.Cridex 20181205
Tencent Win32.Backdoor.Dridex.Ecli 20181205
Trapmine malicious.moderate.ml.score 20181128
TrendMicro TROJ_GEN.F0C2C00L418 20181205
TrendMicro-HouseCall TROJ_GEN.F0C2C00L418 20181205
VBA32 BScope.Trojan.Fuery 20181205
Webroot W32.Trojan.Dropper 20181205
ZoneAlarm by Check Point Backdoor.Win32.Dridex.alh 20181205
AhnLab-V3 20181205
Alibaba 20180921
ALYac 20181205
Antiy-AVL 20181205
Avast-Mobile 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
Bkav 20181203
CAT-QuickHeal 20181205
ClamAV 20181203
CMC 20181204
Cyren 20181205
DrWeb 20181205
eGambit 20181205
F-Prot 20181205
Jiangmin 20181205
Kingsoft 20181205
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
TheHacker 20181202
TotalDefense 20181205
Trustlook 20181205
VIPRE 20181205
ViRobot 20181205
Yandex 20181204
Zillya 20181204
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft® W
Original name WMsgAPI.DL
Internal name wmsgap
File version 6.2.9200.16492 (w
Description WinLogon IPC Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 07:51:16
Entry Point 0x00001019
Number of sections 10
PE sections
PE imports
RegDisableReflectionKey
GetBkMode
GetGraphicsMode
GetStockObject
AreFileApisANSI
SetConsoleCP
RaiseException
GetCurrentProcessId
GetModuleHandleA
LoadLibraryW
GetLastError
GlobalAlloc
GetDriveTypeA
LocalFree
InterlockedExchange
LoadLibraryA
GetProcAddress
LocalAlloc
FreeLibrary
GetPrinterDataW
Number of PE resources by type
RT_MESSAGETABLE 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
JAPANESE DEFAULT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.127

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.33711

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WinLogon IPC Client

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
405504

EntryPoint
0x1019

OriginalFileName
WMsgAPI.DL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All

FileVersion
6.2.9200.16492 (w

TimeStamp
2018:12:03 08:51:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmsgap

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
24576

ProductName
Microsoft W

ProductVersionNumber
9.0.0.33711

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1afe1fc621f13bf7905a8e1c2384bafe
SHA1 27a197de560d39be2c718b1dd616ecf5010dedac
SHA256 f8befab716830682a40f02977e6df923ed16fa1318e8a0697b7dc779b93c6a0b
ssdeep
3072:rR7HolBXKkzOqYl3ER164ePMnuFdvahShqIjjgd2t/ZVF1/cIt6UoL0ShO7v+aF8:17IHXJqqYNq63EIvaCqIvgKlDtk1O7J

authentihash f907d06ae39983a639d7abc1ecdcaa94a62bea131997121898d97279e959e508
imphash ac7a4e637b7d151d036956594ff7446f
File size 380.0 KB ( 389120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 15:34:50 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-03 15:34:50 UTC ( 4 months, 2 weeks ago )
File names 2948359.exe
WMsgAPI.DL
wmsgap
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!