× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffd6ec4d432090339f9d1384c0b92b0f9924872673b7fd5d29f5a707eee344d2
File name: rC8HneUC.exe
Detection ratio: 11 / 67
Analysis date: 2018-09-11 10:56:06 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180911
AVG FileRepMalware 20180911
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180910
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GINQ 20180911
McAfee Emotet-FHQ!405DF47621AA 20180911
Microsoft Trojan:Win32/Fuerboos.A!cl 20180911
Qihoo-360 HEUR/QVM20.1.CAD9.Malware.Gen 20180911
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgLI6c89weAUuQ) 20180911
SentinelOne (Static ML) static engine - malicious 20180830
Ad-Aware 20180911
AegisLab 20180911
AhnLab-V3 20180911
Alibaba 20180713
ALYac 20180911
Antiy-AVL 20180911
Arcabit 20180911
Avast-Mobile 20180911
Avira (no cloud) 20180911
AVware 20180911
Babable 20180907
BitDefender 20180911
Bkav 20180911
CAT-QuickHeal 20180909
ClamAV 20180911
CMC 20180911
Comodo 20180911
Cybereason 20180225
Cylance 20180911
Cyren 20180911
DrWeb 20180911
eGambit 20180911
Emsisoft 20180911
F-Prot 20180911
F-Secure 20180911
Fortinet 20180911
GData 20180911
Ikarus 20180911
Sophos ML 20180717
Jiangmin 20180911
K7AntiVirus 20180911
K7GW 20180911
Kaspersky 20180911
Kingsoft 20180911
Malwarebytes 20180911
MAX 20180911
McAfee-GW-Edition 20180910
eScan 20180911
NANO-Antivirus 20180911
Palo Alto Networks (Known Signatures) 20180911
Panda 20180910
Sophos AV 20180911
SUPERAntiSpyware 20180907
Symantec 20180911
Symantec Mobile Insight 20180905
TACHYON 20180911
Tencent 20180911
TheHacker 20180907
TotalDefense 20180911
TrendMicro 20180911
TrendMicro-HouseCall 20180911
Trustlook 20180911
VBA32 20180911
VIPRE 20180911
ViRobot 20180911
Webroot 20180911
Yandex 20180910
Zillya 20180910
ZoneAlarm by Check Point 20180911
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

Product Mozilla
Internal name uconv
File version Personal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-11 17:49:07
Entry Point 0x0001CFDA
Number of sections 5
PE sections
PE imports
RevertToSelf
GetSaveFileNameW
CryptMsgGetAndVerifySigner
GetBrushOrgEx
SetDIBits
GetDIBColorTable
OffsetRgn
SaveDC
SelectPalette
GetROP2
GetTextCharacterExtra
GetProcessId
GetSystemWindowsDirectoryA
FoldStringW
SetThreadIdealProcessor
GetModuleHandleA
WTSGetActiveConsoleSessionId
UnhandledExceptionFilter
LoadLibraryExW
GetFileType
SetVolumeLabelA
UnlockFileEx
OutputDebugStringA
VerifyScripts
SetLocalTime
VerifyVersionInfoW
FindCloseChangeNotification
LZSeek
MprConfigTransportSetInfo
MprAdminMIBServerDisconnect
ICOpenFunction
NetShareCheck
VarBoolFromDate
VariantTimeToSystemTime
VarParseNumFromStr
glEvalCoord1f
EnumPwrSchemes
RpcServerRegisterAuthInfoW
RpcMgmtWaitServerListen
SetupDiEnumDriverInfoW
SetupDiGetClassImageListExW
SHStrDupW
PathFindNextComponentW
EnumerateSecurityPackagesW
GetCaretBlinkTime
GetParent
DlgDirListA
CopyRect
LockSetForegroundWindow
GetClassLongA
InternetReadFile
InternetTimeToSystemTime
InternetGetConnectedState
InternetWriteFile
waveOutGetErrorTextW
waveInGetID
mixerGetControlDetailsW
EnumPrinterDriversW
CryptCATPutAttrInfo
SCardTransmit
GetHGlobalFromStream
OleRegGetUserType
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
0

UninitializedDataSize
1006425862

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
79872

EntryPoint
0x1cfda

MIMEType
application/octet-stream

LegalCopyright
License: MPL 1.1/GPL 2.0/LGPL 2.1

FileVersion
Personal

TimeStamp
2018:09:11 18:49:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uconv

ProductVersion
Personal

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 405df47621aabf5beb1b50fd26b57c64
SHA1 8f6b10127c40acac633954f7acb85ad7d3958336
SHA256 ffd6ec4d432090339f9d1384c0b92b0f9924872673b7fd5d29f5a707eee344d2
ssdeep
6144:7TJtSxz7g57mPXbdr8AvB0B/b0K0i+QUYA/S:3JAxz8tmPXZr8AA/b0iFUFK

authentihash d0ae3a8b04937041d250b9fb8b8443243b32f5d9fbf3965074e6029aa07632f2
imphash ebc80206663ec9088d3b9e508b6fa831
File size 289.0 KB ( 295936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-11 10:56:00 UTC ( 5 months, 1 week ago )
Last submission 2018-09-11 10:56:06 UTC ( 5 months, 1 week ago )
File names rC8HneUC.exe
uconv
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!