× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9e0158d37835149d21c303a2b026244cdb9e7525bf13f8396c6f0533a5ed742
File name: RRdQ4FjJpgCRY0Hp.exe
Detection ratio: 10 / 65
Analysis date: 2018-11-11 13:49:27 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181111
CAT-QuickHeal Trojan.Emotet.X4 20181108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
Microsoft Program:Win32/Unwaders.C!ml 20181111
Qihoo-360 HEUR/QVM20.1.22BB.Malware.Gen 20181111
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:vgQBJccSRxU) 20181111
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181110
Ad-Aware 20181111
AegisLab 20181111
AhnLab-V3 20181111
Alibaba 20180921
ALYac 20181111
Antiy-AVL 20181111
Arcabit 20181111
Avast 20181111
Avast-Mobile 20181111
Avira (no cloud) 20181111
Babable 20180918
Baidu 20181109
BitDefender 20181111
Bkav 20181110
ClamAV 20181111
CMC 20181111
Cybereason 20180225
Cylance 20181111
Cyren 20181111
DrWeb 20181111
Emsisoft 20181111
ESET-NOD32 20181111
F-Prot 20181111
F-Secure 20181111
Fortinet 20181111
GData 20181111
Ikarus 20181111
Jiangmin 20181111
K7AntiVirus 20181111
K7GW 20181109
Kaspersky 20181111
Kingsoft 20181111
Malwarebytes 20181111
MAX 20181111
McAfee 20181111
McAfee-GW-Edition 20181111
eScan 20181111
NANO-Antivirus 20181111
Palo Alto Networks (Known Signatures) 20181111
Panda 20181111
Sophos AV 20181111
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181111
Tencent 20181111
TheHacker 20181108
TotalDefense 20181111
TrendMicro 20181111
TrendMicro-HouseCall 20181111
Trustlook 20181111
VBA32 20181109
ViRobot 20181111
Webroot 20181111
Yandex 20181109
Zillya 20181109
ZoneAlarm by Check Point 20181111
Zoner 20181111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Internal name OLESVR32
File version 6.1.7600.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-11 13:45:50
Entry Point 0x0000D27C
Number of sections 5
PE sections
PE imports
GetCPInfo
GetSystemRegistryQuota
GetModuleHandleA
GetProcessTimes
BstrFromVector
VarParseNumFromStr
SHGetInverseCMAP
SHAutoComplete
CreateCaret
GetScrollInfo
midiOutCachePatches
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
CodeSize
57344

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
409600

EntryPoint
0xd27c

MIMEType
application/octet-stream

LegalCopyright
Microsoft

FileVersion
6.1.7600.1

TimeStamp
2018:11:11 14:45:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OLESVR32

ProductVersion
6.1.7600.16

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micro

LegalTrademarks
QQQQQqA, Netscape

FileSubtype
0

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0b95a67921d0d98c24ca00794bc30ccb
SHA1 e30dee441640443124ad5e6818228e604947c6f5
SHA256 f9e0158d37835149d21c303a2b026244cdb9e7525bf13f8396c6f0533a5ed742
ssdeep
3072:AeF5RFWUGclXT0Fq/1OCiYOiFdZGpKbgDV0/eabb37I+zpQYzoABtzW5B:DbWUGcZ0FEOcP4WmVIXroktzWv

authentihash 7e007fe1df0222a68efaf378c6a04d2270e9a4a287309949decbe1a3a5858c60
imphash d8b97c7a70203204584f933782b4dd5e
File size 452.0 KB ( 462848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-11 13:49:27 UTC ( 3 months, 1 week ago )
Last submission 2018-11-27 01:52:10 UTC ( 2 months, 3 weeks ago )
File names 60418336.EXE
RRdQ4FjJpgCRY0Hp.exe
1WRMORTEDJYTJ.EXE
OLESVR32
QS2H7DYTIKAV.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs