× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe1045246f4c584fec0c361931c8f7a478ea890d477e2e1569dba765f84685ef
Detection ratio: 30 / 67
Analysis date: 2018-05-08 05:31:27 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30744495 20180508
AegisLab Packer.Generic!c 20180508
Arcabit Trojan.Generic.D1D51FAF 20180508
Avast Win32:Malware-gen 20180508
AVG Win32:Malware-gen 20180508
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180508
BitDefender Trojan.GenericKD.30744495 20180508
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180508
Emsisoft Trojan.GenericKD.30744495 (B) 20180508
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/GenKryptik.BZBX 20180508
F-Secure Trojan.GenericKD.30744495 20180508
Fortinet W32/Kryptik.GGBJ!tr 20180508
GData Win32.Trojan.Agent.34YI7R 20180508
Sophos ML heuristic 20180503
Kaspersky Trojan-Banker.Win32.Emotet.ammt 20180508
McAfee Artemis!988AFB95AFD2 20180508
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180507
eScan Trojan.GenericKD.30744495 20180508
Palo Alto Networks (Known Signatures) generic.ml 20180508
Qihoo-360 HEUR/QVM20.1.01E7.Malware.Gen 20180508
Rising Trojan.Kryptik!8.8 (TFE:3:7LGxmuAn8HE) 20180508
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180508
Symantec Packed.Generic.517 20180508
TrendMicro-HouseCall TROJ_GEN.R020H05E718 20180508
Webroot W32.Trojan.Emotet 20180508
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ammt 20180508
AhnLab-V3 20180507
Alibaba 20180508
ALYac 20180508
Antiy-AVL 20180508
Avast-Mobile 20180507
Avira (no cloud) 20180508
AVware 20180428
Bkav 20180504
CAT-QuickHeal 20180507
ClamAV 20180508
CMC 20180507
Comodo 20180508
Cybereason None
Cyren 20180508
DrWeb 20180508
eGambit 20180508
F-Prot 20180508
Ikarus 20180507
Jiangmin 20180508
K7AntiVirus 20180508
K7GW 20180508
Kingsoft 20180508
Malwarebytes 20180508
MAX 20180508
Microsoft 20180508
NANO-Antivirus 20180508
nProtect 20180508
Panda 20180507
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
Tencent 20180508
TheHacker 20180504
TotalDefense 20180508
TrendMicro 20180508
Trustlook 20180508
VBA32 20180507
VIPRE 20180508
ViRobot 20180508
Yandex 20180506
Zillya 20180507
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-07 18:05:14
Entry Point 0x00001395
Number of sections 5
PE sections
PE imports
AreAllAccessesGranted
GetCurrentProcess
GetProcessIoCounters
InitAtomTable
GetSystemDefaultLCID
GetExitCodeThread
PostQueuedCompletionStatus
GetExitCodeProcess
ClearCommBreak
GetProductInfo
GetCommandLineA
AnimateWindow
GetLastInputInfo
CountClipboardFormats
SetParent
GetMessageExtraInfo
CreatePopupMenu
GetGUIThreadInfo
GetClipboardSequenceNumber
SCardEndTransaction
SCardTransmit
Number of PE resources by type
RT_STRING 11
RT_BITMAP 4
Number of PE resources by language
NEUTRAL 15
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:07 11:05:14-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1395

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 988afb95afd2f52ddd564bbdd0e3bb1d
SHA1 c3f85366dfb9975a8b83746664a576f96d1ed221
SHA256 fe1045246f4c584fec0c361931c8f7a478ea890d477e2e1569dba765f84685ef
ssdeep
3072:mSIPM0nFVVFQUe3/O+853K0Sx+q1C7JMTajawnCxEWYz:yPDF7FnS1OdSzgVMTajaw4En

authentihash 9a38353c19216a6e49e7174d718dcc80f83257c153ca08b00ab6490649203754
imphash 66865fbd2f431b344d37a75a2962c31b
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-07 18:32:43 UTC ( 9 months, 2 weeks ago )
Last submission 2019-01-03 08:39:38 UTC ( 1 month, 2 weeks ago )
File names uigwO.exe
a5Cdw.exe
96251.exe
39517216.exe
12440.exe
4870.exe
Z57V.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!