× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 012b6af1171875d1572f8ee83ea03908b29c86a679f4e306fcc014683ba177eb
File name: 012b6af1171875d1572f8ee83ea03908b29c86a679f4e306fcc014683ba177eb
Detection ratio: 40 / 66
Analysis date: 2018-11-13 02:15:47 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40747918 20181112
AhnLab-V3 Trojan/Win32.Emotet.R243856 20181112
ALYac Trojan.Agent.Emotet 20181113
Arcabit Trojan.Generic.D26DC38E 20181112
Avast Win32:BankerX-gen [Trj] 20181113
AVG Win32:BankerX-gen [Trj] 20181113
Avira (no cloud) HEUR/AGEN.1018103 20181113
BitDefender Trojan.GenericKD.40747918 20181113
Bkav HW32.Packed. 20181110
CAT-QuickHeal Trojan.Drixed.100341 20181112
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.7ee532 20180225
Cylance Unsafe 20181113
Cyren W32/Trojan.ONWG-7766 20181113
Emsisoft Trojan.GenericKD.40747918 (B) 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQRJ 20181113
F-Secure Trojan.GenericKD.40747918 20181112
Fortinet W32/GenKryptik.CQRJ!tr 20181113
GData Trojan.GenericKD.40747918 20181112
Sophos ML heuristic 20181108
Kaspersky Trojan-Banker.Win32.Emotet.bpln 20181112
Malwarebytes Trojan.Emotet 20181113
MAX malware (ai score=100) 20181113
McAfee RDN/Generic.grp 20181113
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181112
Microsoft Trojan:Win32/Emotet.AC!bit 20181113
eScan Trojan.GenericKD.40747918 20181113
NANO-Antivirus Virus.Win32.Gen.ccmw 20181113
Palo Alto Networks (Known Signatures) generic.ml 20181113
Panda Trj/GdSda.A 20181112
Qihoo-360 HEUR/QVM20.1.21C7.Malware.Gen 20181113
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181112
Symantec Trojan.Gen.2 20181112
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMDS.hp 20181113
VBA32 BScope.Malware-Cryptor.Emotet 20181112
ViRobot Trojan.Win32.Z.Emotet.135168.DS 20181112
Webroot W32.Trojan.Emotet 20181113
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpln 20181113
AegisLab 20181113
Alibaba 20180921
Antiy-AVL 20181113
Avast-Mobile 20181112
Babable 20180918
Baidu 20181112
ClamAV 20181112
CMC 20181112
DrWeb 20181112
F-Prot 20181113
Jiangmin 20181112
K7AntiVirus 20181112
K7GW 20181112
Kingsoft 20181113
Rising 20181113
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TotalDefense 20181112
TrendMicro 20181112
Trustlook 20181113
VIPRE 20181112
Yandex 20181112
Zillya 20181112
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name sims
Description Poomare
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 22:07:08
Entry Point 0x000039B0
Number of sections 6
PE sections
PE imports
RegGetKeySecurity
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetDeviceCaps
SwapBuffers
Chord
SetColorSpace
CloseMetaFile
Arc
EndPath
GetFontLanguageInfo
GetIfTable
SetConsoleCP
SetCurrentConsoleFontEx
GetTimeZoneInformation
GetLastError
GetCommandLineW
GetLogicalProcessorInformation
GetConsoleDisplayMode
GetSystemTimeAsFileTime
GetSystemTimes
GetCurrentThreadId
GetProcessIdOfThread
VerifyScripts
GetEnvironmentVariableW
FindCloseChangeNotification
NdrUserMarshalBufferSize
SetupDiOpenClassRegKey
StrCmpLogicalW
SHSetValueA
StrRChrIW
GetCursorPos
GetCaretBlinkTime
DdeUninitialize
GetCursorInfo
ShowOwnedPopups
MoveWindow
DeferWindowPos
GetClientRect
IsGUIThread
GetAncestor
InternetAutodialHangup
InternetConfirmZoneCrossing
iswlower
CoDisconnectContext
OleFlushClipboard
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
15.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Poomare

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x39b0

MIMEType
application/octet-stream

TimeStamp
1996:06:17 00:07:08+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
sims

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4ab315a7ee53290d5687e93160ad784c
SHA1 6cb9e99ca41963f82265b812b0233f4557af0ad3
SHA256 012b6af1171875d1572f8ee83ea03908b29c86a679f4e306fcc014683ba177eb
ssdeep
3072:NObvBxoKSS0doMJPzg7j4ZlNmAJvZCPr3onWr:NOLALS0qoPzgAZlxvZCPr3on

authentihash 72790430496c8c2ae89013ea7b601e97cf3246b8ad1a74c757e353839a1d9779
imphash aeda8ceccfb4f216674eb74ea87d77b9
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-11 07:19:00 UTC ( 3 months, 1 week ago )
Last submission 2018-11-11 07:19:00 UTC ( 3 months, 1 week ago )
File names sims
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!