× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 000f2ebff50d80704f132a0acc5f7bfbde08c1c2ef7a89ee7b6d06c51e5ea1f4
File name: 9DA35B1B.exe
Detection ratio: 43 / 64
Analysis date: 2018-07-04 00:13:27 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31016287 20180703
AegisLab Ml.Attribute.Gen!c 20180703
AhnLab-V3 Win-Trojan/Emotet.Exp 20180703
ALYac Trojan.GenericKD.31016287 20180704
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180704
Arcabit Trojan.Generic.D1D9455F 20180704
Avast FileRepMalware 20180703
AVG FileRepMalware 20180703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180703
BitDefender Trojan.GenericKD.31016287 20180703
CAT-QuickHeal Trojan.IGENERIC 20180703
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.69f16d 20180225
Cyren W32/Trojan.BHYM-0579 20180704
Emsisoft Trojan.Emotet (A) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIEQ 20180704
F-Secure Trojan.GenericKD.31016287 20180704
Fortinet W32/Kryptik.GIDK!tr 20180704
GData Trojan.GenericKD.31016287 20180704
Ikarus Trojan-Banker.Emotet 20180703
Jiangmin Trojan.Banker.Emotet.beh 20180703
K7AntiVirus Trojan ( 00535e521 ) 20180703
K7GW Trojan ( 00535e521 ) 20180704
Kaspersky Trojan-Banker.Win32.Emotet.atub 20180704
Malwarebytes Spyware.Emotet 20180703
MAX malware (ai score=95) 20180704
McAfee Emotet-FHP!3F99D8D41B78 20180704
McAfee-GW-Edition BehavesLike.Win32.Rootkit.dt 20180703
Microsoft Trojan:Win32/Emotet.AC!bit 20180703
eScan Trojan.GenericKD.31016287 20180704
NANO-Antivirus Trojan.Win32.Emotet.ferxhq 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/CI.A 20180703
Qihoo-360 HEUR/QVM20.1.1B4C.Malware.Gen 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180704
Symantec ML.Attribute.HighConfidence 20180704
TotalDefense Win32/FakeMS.WOCR 20180703
VBA32 BScope.Malware-Cryptor.Emotet 20180629
Webroot W32.Trojan.Emotet 20180704
Yandex Trojan.PWS.Emotet! 20180703
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.atub 20180704
Avast-Mobile 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
Bkav 20180703
ClamAV 20180703
CMC 20180703
Comodo 20180703
DrWeb 20180704
eGambit 20180704
F-Prot 20180704
Sophos ML 20180601
Kingsoft 20180704
SUPERAntiSpyware 20180703
TACHYON 20180704
Tencent 20180704
TheHacker 20180628
Trustlook 20180704
VIPRE 20180703
ViRobot 20180703
Zillya 20180703
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Mic
File version 6.1.7601
Description TLS / SSL Secur
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-26 20:07:30
Entry Point 0x00001014
Number of sections 6
PE sections
PE imports
EnumServicesStatusExW
FreeEnvironmentStringsA
GetQueuedCompletionStatus
FindResourceExA
GetStartupInfoW
GetThreadId
DeleteFileA
GetProcessVersion
FindResourceExW
GetTickCount
EnumTimeFormatsA
GetThreadTimes
GetUserDefaultLCID
GetVersion
GetProfileIntA
EnumerateSecurityPackagesW
DefFrameProcA
GetWindowLongA
ModifyMenuA
GetMenuCheckMarkDimensions
FindNextUrlCacheEntryExW
GetPrinterDataW
strncmp
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
118784

ImageVersion
0.0

ProductName
Mic

FileVersionNumber
1.2.0.6

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
14.1

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
6.1.7601

TimeStamp
2018:06:26 21:07:30+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

FileDescription
Crypt file!!!!

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ddd R Semiconductor ealtek

CodeSize
98304

FileSubtype
0

ProductVersionNumber
1.2.0.6

EntryPoint
0x1014

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 3f99d8d41b78c8ef8f1bb2e540bee4a3
SHA1 102db9c69f16d29d750fa2df2521b2c5458ae441
SHA256 000f2ebff50d80704f132a0acc5f7bfbde08c1c2ef7a89ee7b6d06c51e5ea1f4
ssdeep
1536:kGvQwEniLrjjwWjsH8RiwOwH1k0hpJT7:uwfLrvDgUO10p7

authentihash 6c6d84261a4025901236a683fb6c19fbf8661059005af66034568f8e88373ef3
imphash ffa36a1b9a193923467886656d0e407a
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-26 20:13:16 UTC ( 7 months, 4 weeks ago )
Last submission 2018-06-26 20:13:16 UTC ( 7 months, 4 weeks ago )
File names 9DA35B1B.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!