× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9b3afb45536cc536592d5024cd017f11686889f025be45609b07057e92db9b1
File name: output.113072581.txt
Detection ratio: 21 / 67
Analysis date: 2018-04-05 15:21:17 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab W32.Troj.Spy!c 20180405
Avast FileRepMalware 20180405
AVG FileRepMalware 20180405
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9940 20180404
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.8afff0 20180225
Cylance Unsafe 20180405
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFFN 20180405
GData Win32.Trojan-Spy.Emotet.OE 20180405
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180405
McAfee Emotet-FEC!6611F978AFFF 20180405
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180405
Palo Alto Networks (Known Signatures) generic.ml 20180405
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180405
Symantec Trojan.Gen.2 20180405
TrendMicro-HouseCall Suspicious_GEN.F47V0405 20180405
WhiteArmor Malware.HighConfidence 20180405
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180405
Ad-Aware 20180405
AhnLab-V3 20180405
Alibaba 20180404
ALYac 20180405
Antiy-AVL 20180405
Arcabit 20180405
Avast-Mobile 20180405
Avira (no cloud) 20180405
AVware 20180405
BitDefender 20180405
Bkav 20180405
CAT-QuickHeal 20180405
ClamAV 20180405
CMC 20180405
Comodo 20180405
Cyren 20180405
DrWeb 20180405
eGambit 20180405
Emsisoft 20180405
F-Prot 20180405
F-Secure 20180405
Fortinet 20180405
Ikarus 20180405
Jiangmin 20180405
K7AntiVirus 20180404
K7GW 20180405
Kingsoft 20180405
Malwarebytes 20180405
MAX 20180405
Microsoft 20180405
eScan 20180405
NANO-Antivirus 20180405
nProtect 20180405
Panda 20180405
Qihoo-360 20180405
Rising 20180405
SUPERAntiSpyware 20180405
Symantec Mobile Insight 20180401
Tencent 20180405
TheHacker 20180404
TotalDefense 20180405
TrendMicro 20180405
Trustlook 20180405
VBA32 20180405
VIPRE 20180405
ViRobot 20180405
Yandex 20180405
Zillya 20180405
Zoner 20180405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
Internal name CompiledComposition.Microsoft.PowerShell.GPowerShell
File version 0.0.0.0
Description
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000026C0
Number of sections 7
PE sections
PE imports
CryptSetProviderA
CryptDestroyHash
GetSecurityDescriptorLength
CM_Get_Next_Res_Des_Ex
CertVerifyRevocation
CertSetCTLContextProperty
SelectObject
CreateEnhMetaFileA
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
DosDateTimeToFileTime
SetCriticalSectionSpinCount
LocalSize
GetModuleHandleA
lstrcmpA
GetConsoleCP
GetConsoleWindow
SetDefaultCommConfigA
GetConsoleOutputCP
GetModuleFileNameA
SetFileApisToOEM
FlsFree
GetBinaryTypeA
GetCurrentThread
NetShareDelSticky
CreateDispTypeInfo
RasSetSubEntryPropertiesW
RpcServerRegisterIfEx
I_RpcSessionStrictContextHandle
RpcAsyncCancelCall
SetupPromptForDiskA
SHOpenFolderAndSelectItems
SHBrowseForFolderW
FreeContextBuffer
BlockInput
GetInputState
OemKeyScan
DdeKeepStringHandle
GetWindowTextA
GetShellWindow
OemToCharW
GetRawInputDeviceList
CloseClipboard
ChangeDisplaySettingsExA
SetRect
InternetGetConnectedStateExW
ntohl
inet_addr
Ord(30)
_mktime64
OleQueryLinkFromData
PdhAddCounterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1070112495

LinkerVersion
0.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Invariant

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
107008

EntryPoint
0x26c0

OriginalFileName
CompiledComposition.Microsoft.PowerShell.GPowerShell.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
0.0.0.0

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
CompiledComposition.Microsoft.PowerShell.GPowerShell

ProductVersion
6.1.7045.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
99669494

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7045.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6611f978afff09b6c56bf2b583b54ef6
SHA1 ad063b4c789b7afe0ab07a60303a928952f5ef9c
SHA256 f9b3afb45536cc536592d5024cd017f11686889f025be45609b07057e92db9b1
ssdeep
1536:2Ll6su/i48BAcc35Rp056OWdn/LCI5A5Jcd/HZhxQGSI4WoFi+KqpSsjAAWEdY8/:v94BnWoFiJsMAWE2vRao7i

authentihash 65d9d1bde862f387004f64b0544066d6a690a6c0993ef781587ada8575134615
imphash 3d6696af06381bdd621883806eb78055
File size 114.0 KB ( 116736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-05 11:55:05 UTC ( 10 months, 2 weeks ago )
Last submission 2018-05-11 00:07:51 UTC ( 9 months, 1 week ago )
File names LnN3QmDoi0W.exe
CompiledComposition.Microsoft.PowerShell.GPowerShell
CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
75477.exe
89926.exe
output.113072581.txt
1732.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!