× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd475a28731aa3f798659bce6000888e53e6bb783eb091f7d9915593fdccce7c
File name: wjutiwn.exe
Detection ratio: 5 / 70
Analysis date: 2018-12-19 17:49:50 UTC ( 2 months ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181219
Endgame malicious (moderate confidence) 20181108
McAfee Packed-FPI!0BF7564EE0CF 20181219
Trapmine malicious.moderate.ml.score 20181205
VBA32 BScope.Trojan.Chapak 20181219
Acronis 20180726
Ad-Aware 20181219
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Arcabit 20181219
Avast 20181219
Avast-Mobile 20181219
AVG 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181219
CAT-QuickHeal 20181219
ClamAV 20181219
CMC 20181218
Comodo 20181219
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181219
DrWeb 20181219
eGambit 20181219
Emsisoft 20181219
ESET-NOD32 20181219
F-Prot 20181219
F-Secure 20181219
Fortinet 20181219
GData 20181219
Ikarus 20181219
Sophos ML 20181128
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kaspersky 20181219
Kingsoft 20181219
Malwarebytes 20181219
MAX 20181219
McAfee-GW-Edition 20181219
Microsoft 20181219
eScan 20181219
NANO-Antivirus 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181219
Qihoo-360 20181219
Rising 20181219
SentinelOne (Static ML) 20181011
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec 20181219
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
ViRobot 20181219
Webroot 20181219
Yandex 20181219
Zillya 20181219
ZoneAlarm by Check Point 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-26 14:34:56
Entry Point 0x00003836
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
LCMapStringA
HeapReAlloc
IsDebuggerPresent
GetTickCount
SetConsoleTextAttribute
TlsAlloc
GetCommMask
GetHandleInformation
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
GetACP
HeapAlloc
GetCurrentProcess
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetFileInformationByHandle
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
SetFilePointer
lstrcpyW
RaiseException
GetCPInfo
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetCommConfig
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
WriteConsoleW
InterlockedIncrement
Number of PE resources by type
RT_ICON 15
RT_STRING 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
206336

EntryPoint
0x3836

MIMEType
application/octet-stream

TimeStamp
2017:08:26 16:34:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
pazayolepi.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
44032

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0bf7564ee0cfcce4d99730fab1d6532b
SHA1 83b72f23ed473259bc06b3a15127dcd3bcd048ba
SHA256 fd475a28731aa3f798659bce6000888e53e6bb783eb091f7d9915593fdccce7c
ssdeep
3072:iSc0VLiZ3IEcfx2t5luRD8x9075uOVA1JOj5oYe1mLso5Zk:JVLiZ3IEk2FuR4js5ub1m5be1moCa

authentihash a19086fa6a78455a010e09b1724d95741485acba3099b727c794e462df910079
imphash 2c7dacf880793aebe4e8a7d44324864d
File size 238.0 KB ( 243712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 17:49:50 UTC ( 2 months ago )
Last submission 2018-12-22 06:37:46 UTC ( 2 months ago )
File names 0bf7564ee0cfcce4d99730fab1d6532b
lev.exe
wjutiwn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications