× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffb687de64f7f7449037a402840dca5671d0c4dac7e7b3cdc48eba5601a0f5b8
File name: iwe.exe
Detection ratio: 10 / 52
Analysis date: 2016-10-28 11:27:14 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161028
CAT-QuickHeal (Suspicious) - DNAScan 20161028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML generic.a 20161018
K7GW Trojan ( 700001211 ) 20161028
Kaspersky UDS:DangerousObject.Multi.Generic 20161028
Malwarebytes Trojan.Dridex 20161028
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161028
Rising Malware.Generic!dri7fhXtOiD@2 (thunder) 20161028
Symantec Heur.AdvML.B 20161028
Ad-Aware 20161028
AegisLab 20161028
AhnLab-V3 20161027
Alibaba 20161028
ALYac 20161028
Antiy-AVL 20161028
Arcabit 20161028
Avast 20161028
AVG 20161028
Avira (no cloud) 20161028
AVware 20161028
BitDefender 20161028
Bkav 20161028
ClamAV 20161027
CMC 20161028
Comodo 20161028
Cyren 20161028
DrWeb 20161028
Emsisoft 20161028
ESET-NOD32 20161028
F-Prot 20161028
F-Secure 20161028
Fortinet 20161028
GData 20161028
Ikarus 20161028
Jiangmin 20161028
K7AntiVirus 20161025
Kingsoft 20161028
McAfee 20161028
McAfee-GW-Edition 20161028
Microsoft 20161028
eScan 20161028
NANO-Antivirus 20161028
nProtect 20161028
Panda 20161027
Sophos AV 20161028
SUPERAntiSpyware 20161028
Tencent 20161028
TheHacker 20161028
TrendMicro 20161028
TrendMicro-HouseCall 20161028
VBA32 20161027
VIPRE 20161028
ViRobot 20161028
Yandex 20161027
Zillya 20161027
Zoner 20161028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name MSHTMLED.DLL
Internal name MSHTMLED.DLL
File version 11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)
Description Microsoft® HTML Editing Component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1985-07-08 07:03:02
Entry Point 0x0001A030
Number of sections 18
PE sections
PE imports
SetBkColor
VirtualAllocEx
DeactivateActCtx
LoadLibraryA
GetUserGeoID
WriteConsoleA
GlobalSize
SetSystemTime
BuildCommDCBAndTimeoutsA
AddAtomA
Process32First
HeapSize
LoadModule
GetProcAddress
GetPrivateProfileIntW
GetComputerNameExA
GetVolumePathNamesForVolumeNameW
FindResourceExA
SetFileAttributesA
EnumCalendarInfoExW
SetNamedPipeHandleState
Process32NextW
OpenMutexW
SetThreadIdealProcessor
EnumDateFormatsW
MoveFileA
ConvertThreadToFiber
CompareFileTime
GlobalAlloc
DnsHostnameToComputerNameW
ChangeTimerQueueTimer
GetCurrentThreadId
DnsHostnameToComputerNameA
SafeArraySetRecordInfo
VarBoolFromI1
ExtractIconA
ReleaseDC
ToAsciiEx
ScreenToClient
rewind
mblen
iswascii
wcscmp
isprint
wcsncat
sprintf
asctime
fflush
FindMediaTypeClass
Number of PE resources by type
REGISTRY 3
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
11.0.9600.18427

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1a030

OriginalFileName
MSHTMLED.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)

TimeStamp
1985:07:08 08:03:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSHTMLED.DLL

ProductVersion
11.00.9600.18427

FileDescription
Microsoft HTML Editing Component

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22016

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.18427

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f5dcb7c84705e4014ad992c6e0bf13f5
SHA1 6b95a98f158b2d6be44cfdc4109fa0d9a552724c
SHA256 ffb687de64f7f7449037a402840dca5671d0c4dac7e7b3cdc48eba5601a0f5b8
ssdeep
1536:dju51fKcheENdm2RA+4BAZciryf5rvxavgwKui0ncscmtvv3:Sf2a1RAgSiryf5LfP0nMml3

authentihash c16ebbc29b6f912bac9e6d09f6007d2d3a0821a1d2f29008fc44ff143b4f8c25
imphash d730a62f8a42cf095677048e5dc55001
File size 107.3 KB ( 109900 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-28 10:21:36 UTC ( 2 years, 4 months ago )
Last submission 2017-02-16 11:52:56 UTC ( 2 years, 1 month ago )
File names MSHTMLED.DLL
picadilly.jpeg.exe
42f87fc56601721a4185e123cb1ae5a8b5e5614b
picadilly.jpeg.exe
f5dcb7c84705e4014ad992c6e0bf13f5.exe
iwe.exe
ffb687de64f7f7449037a402840dca5671d0c4dac7e7b3cdc48eba5601a0f5b8.exe
picadilly.jpeg
picadilly.jpeg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications