× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 1fe645fbd611d63be62a68c817183698da13131d6876e867574392b622428e26
파일 이름: 1670513852.exe
탐지 비율: 40 / 70
분석 날짜: 2018-12-07 00:22:32 UTC ( 5개월, 2주 전 ) 최신 보기
안티바이러스 결과 업데이트
Ad-Aware Trojan.GenericKD.40811074 20181206
AegisLab Trojan.Win32.Dridex.4!c 20181206
ALYac Trojan.GenericKD.40811074 20181206
Arcabit Trojan.Generic.D26EBA42 20181206
AVG FileRepMalware 20181206
BitDefender Trojan.GenericKD.40811074 20181206
Comodo Malware@#3g3rmqt198a9x 20181206
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cybereason malicious.569160 20180225
Cylance Unsafe 20181207
Emsisoft Trojan.GenericKD.40811074 (B) 20181206
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNKU 20181206
F-Secure Trojan.GenericKD.40811074 20181206
Fortinet W32/Kryptik.GNKU!tr 20181206
GData Trojan.GenericKD.40811074 20181206
Ikarus Trojan.Win32.Crypt 20181206
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542d521 ) 20181207
K7GW Trojan ( 00542d521 ) 20181207
Kaspersky Backdoor.Win32.Dridex.alg 20181207
Malwarebytes Trojan.Emotet 20181207
McAfee RDN/Generic.grp 20181207
McAfee-GW-Edition RDN/Generic.grp 20181207
Microsoft Program:Win32/Vigram.A 20181207
eScan Trojan.GenericKD.40811074 20181207
NANO-Antivirus Virus.Win32.Gen.ccmw 20181206
Palo Alto Networks (Known Signatures) generic.ml 20181207
Panda Trj/GdSda.A 20181206
Qihoo-360 Win32/Backdoor.c21 20181207
Rising Downloader.Upatre!8.B5 (CLOUD) 20181206
Sophos AV Mal/Generic-S 20181206
Symantec Trojan.Gen.2 20181206
Tencent Win32.Backdoor.Dridex.Pauv 20181207
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TROJ_GEN.R011C0PL618 20181206
TrendMicro-HouseCall TROJ_GEN.R011C0PL618 20181206
VBA32 BScope.Trojan.Fuery 20181206
Webroot W32.Trojan.Dropper 20181207
ZoneAlarm by Check Point Backdoor.Win32.Dridex.alg 20181206
AhnLab-V3 20181206
Alibaba 20180921
Antiy-AVL 20181205
Avast 20181206
Avast-Mobile 20181206
Avira (no cloud) 20181206
Babable 20180918
Baidu 20181206
Bkav 20181206
CAT-QuickHeal 20181206
ClamAV 20181206
CMC 20181206
Cyren 20181206
DrWeb 20181206
eGambit 20181207
F-Prot 20181206
Jiangmin 20181206
Kingsoft 20181207
MAX 20181207
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
TheHacker 20181202
TotalDefense 20181206
Trustlook 20181207
VIPRE 20181206
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft® W
Original name WMsgAPI.DL
Internal name wmsgap
File version 6.2.9200.16492 (w
Description WinLogon IPC Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 15:27:58
Entry Point 0x00001019
Number of sections 10
PE sections
PE imports
RegDisableReflectionKey
GetBkMode
GetStockObject
GetGraphicsMode
AreFileApisANSI
SetConsoleCP
RaiseException
GetCurrentProcessId
GetModuleHandleA
LoadLibraryW
GetLastError
GlobalAlloc
GetDriveTypeA
LocalFree
InterlockedExchange
LoadLibraryA
GetProcAddress
LocalAlloc
FreeLibrary
GetPrinterDataW
Number of PE resources by type
RT_MESSAGETABLE 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
JAPANESE DEFAULT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.127

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.33711

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WinLogon IPC Client

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
397312

EntryPoint
0x1019

OriginalFileName
WMsgAPI.DL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All

FileVersion
6.2.9200.16492 (w

TimeStamp
2018:12:03 16:27:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmsgap

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
20480

ProductName
Microsoft W

ProductVersionNumber
9.0.0.33711

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b015ebb56916012ffecebc54ba3e5571
SHA1 0ad6b08de438d7891de714a9b017bcf9ad090f9b
SHA256 1fe645fbd611d63be62a68c817183698da13131d6876e867574392b622428e26
ssdeep
3072:3fjLbUP7MCBoUCHnRDtUUoPdnvhFSMzEJjaymOuK:3bL0MCBruYtnZFnEJW

authentihash f6e60e095690c7026c422f67ffebaa7a3bddeefebd66d000ee106f01239bf152
imphash 455265847eac0bd88a66c3b763cc4c55
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 16:08:01 UTC ( 5개월, 2주 전 )
Last submission 2018-12-03 16:08:01 UTC ( 5개월, 2주 전 )
파일 이름 WMsgAPI.DL
1670513852.exe
wmsgap
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!