× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcc0978e57ef33836a115b98157d998deb998b7f7609335909dc6d88d3c9588d
File name: hXZVigJkSJtOl.exe
Detection ratio: 46 / 68
Analysis date: 2018-07-14 06:28:58 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31059949 20180714
AegisLab Tspy.Emotet.Smal8A!c 20180714
ALYac Trojan.GenericKD.31059949 20180714
Antiy-AVL Trojan/Win32.TSGeneric 20180714
Arcabit Trojan.Generic.D1D9EFED 20180714
Avast Win32:GenMalicious-NYM [Trj] 20180714
AVG Win32:GenMalicious-NYM [Trj] 20180714
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180712
BitDefender Trojan.GenericKD.31059949 20180714
CAT-QuickHeal Trojan.Emotet 20180713
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.451ff0 20180225
Cylance Unsafe 20180714
Cyren W32/Trojan.FFEI-4038 20180714
Emsisoft Trojan.GenericKD.31059949 (B) 20180714
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIOJ 20180714
F-Prot W32/S-2b190a4e!Eldorado 20180714
Fortinet W32/EMOTET.SMAL8A!tr 20180714
GData Trojan.GenericKD.31059949 20180714
Ikarus Trojan.SuspectCRC 20180713
Sophos ML heuristic 20180601
K7AntiVirus Riskware ( 0040eff71 ) 20180714
K7GW Riskware ( 0040eff71 ) 20180714
Kaspersky Trojan-Banker.Win32.Emotet.awgc 20180714
Malwarebytes Trojan.Emotet 20180714
MAX malware (ai score=95) 20180714
McAfee Emotet-FHS!2D4C06443193 20180714
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180714
Microsoft Trojan:Win32/Emotet.AC!bit 20180714
eScan Trojan.GenericKD.31059949 20180714
NANO-Antivirus Trojan.Win32.Emotet.fffcdk 20180714
Palo Alto Networks (Known Signatures) generic.ml 20180714
Panda Trj/CI.A 20180713
Qihoo-360 Win32/Trojan.c84 20180714
Rising Trojan.Emotet!8.B95 (CLOUD) 20180714
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180714
Symantec Trojan.Gen.2 20180713
TrendMicro TSPY_EMOTET.SMAL8A 20180714
TrendMicro-HouseCall TSPY_EMOTET.SMAL8A 20180714
VBA32 BScope.Trojan.Dovs 20180713
ViRobot Trojan.Win32.Z.Emotet.118272.A 20180714
Webroot W32.Trojan.Emotet 20180714
Yandex Trojan.PWS.Emotet! 20180713
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.awgc 20180714
AhnLab-V3 20180713
Alibaba 20180713
Avast-Mobile 20180714
Avira (no cloud) 20180712
AVware 20180714
Babable 20180406
Bkav 20180713
ClamAV 20180714
CMC 20180713
Comodo 20180714
DrWeb 20180714
eGambit 20180714
F-Secure 20180714
Jiangmin 20180714
Kingsoft 20180714
SUPERAntiSpyware 20180714
TACHYON 20180714
Tencent 20180714
TheHacker 20180712
TotalDefense 20180714
Trustlook 20180714
VIPRE 20180714
Zillya 20180713
Zoner 20180713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name wscnotify.dll
Internal name wscnotify.dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000018A6
Number of sections 6
PE sections
PE imports
DeleteService
SetDCPenColor
GetFontUnicodeRanges
GetThreadId
FlushProcessWriteBuffers
lstrlenA
SetCommState
SHDeleteKeyA
LoadImageW
AddPrintProvidorW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x18a6

OriginalFileName
wscnotify.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 08:40:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
wscnotify.dll

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
113152

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 2d4c06443193ea4c3ca0570fbc48908b
SHA1 e571088451ff0d2781ceb40da430a30905b20b58
SHA256 fcc0978e57ef33836a115b98157d998deb998b7f7609335909dc6d88d3c9588d
ssdeep
1536:Fko4LAeZ2A8pSwR1/QEQh4sFIwugzhaja7Sz6X0mvFo02iBJ+rh7f/:qo4LLZ2Mh46Iwbaja7S+PQiBJ+rh7f/

authentihash 68c38f75995f3c322b8270d31ab7d6ab71caf3a327c656ed26147a174d3aa132
imphash 474625dea5588423a9bfd2454e7936b1
File size 115.5 KB ( 118272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-07 01:12:28 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-27 10:40:35 UTC ( 3 months, 3 weeks ago )
File names 2d4c06443193ea4c3ca0570fbc48908b.vir
wscnotify.dll
hXZVigJkSJtOl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!