× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 019e6dc11da2944c5097d7627c1917cbf9ad60dd153411f8d1f10046eeebce9a
File name: dz9b4DHtNEIFtTVSXU.exe
Detection ratio: 23 / 69
Analysis date: 2018-10-03 04:50:34 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181003
CMC Trojan.Win32.Obfuscated.en!O 20181002
Comodo CloudScanner.Trojan.Gen 20181003
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.6fce9b 20180225
Cylance Unsafe 20181003
Emsisoft Trojan.Emotet (A) 20181003
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLHG 20181003
GData Win32.Trojan-Spy.Emotet.S6YS2Q 20181003
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181003
McAfee Artemis!104FFFE6FCE9 20181003
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181003
Microsoft Trojan:Win32/Fuerboos.C!cl 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181003
Panda Trj/Genetic.gen 20181002
Qihoo-360 HEUR/QVM20.1.4481.Malware.Gen 20181003
Rising Trojan.Kryptik!8.8 (CLOUD) 20181003
SentinelOne (Static ML) static engine - malicious 20180926
Symantec Packed.Generic.517 20181003
TrendMicro-HouseCall TROJ_FRS.VSN03J18 20181003
Webroot W32.Trojan.Emotet 20181003
Ad-Aware 20181003
AegisLab 20181003
AhnLab-V3 20181002
Alibaba 20180921
ALYac 20181003
Antiy-AVL 20181003
Arcabit 20181003
Avast 20181003
Avast-Mobile 20181002
Avira (no cloud) 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181003
Bkav 20181002
CAT-QuickHeal 20181001
ClamAV 20181002
Cyren 20181003
DrWeb 20181003
eGambit 20181003
F-Prot 20181003
F-Secure 20181003
Fortinet 20181003
Ikarus 20181002
Jiangmin 20181003
K7AntiVirus 20181002
K7GW 20181001
Kingsoft 20181003
Malwarebytes 20181003
MAX 20181003
eScan 20181003
NANO-Antivirus 20181003
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181002
TrendMicro 20181003
Trustlook 20181003
VBA32 20181002
VIPRE 20181003
ViRobot 20181002
Yandex 20180927
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20181002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Micros
Internal name DDODiag
File version 6.1.7601.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-02 23:02:56
Entry Point 0x000059AF
Number of sections 4
PE sections
PE imports
AccessCheckAndAuditAlarmW
CryptImportKey
CertCreateCTLContext
SetMiterLimit
GetDCOrgEx
GdiSetBatchLimit
MaskBlt
EnumFontFamiliesExA
GetNetworkParams
GetInterfaceInfo
GetStdHandle
SystemTimeToFileTime
GetBinaryTypeW
lstrcmpiA
GetFileSize
GetModuleHandleA
lstrcatA
FindFirstFileExA
GetDefaultCommConfigW
GetDateFormatW
CloseHandle
IsBadHugeReadPtr
WaitForMultipleObjects
IsThreadAFiber
SetMailslotInfo
GetLocalTime
MprConfigInterfaceCreate
NetLocalGroupDelMembers
SafeArrayRedim
glMultMatrixf
RpcMgmtInqComTimeout
RpcBindingSetAuthInfoExA
SetupQueryInfOriginalFileInformationW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceAlias
SetupDiDeleteDeviceInfo
SHRegSetUSValueW
StrCatBuffW
GetCursorPos
GetLastInputInfo
DefFrameProcW
FlashWindow
SetMenu
GetUpdateRgn
LoadCursorW
IsCharLowerW
CreateDesktopW
RealGetWindowClassA
InternetSetStatusCallbackW
InternetSetOptionA
ReadPrinter
AddFormW
WTHelperCertIsSelfSigned
CryptCATStoreFromHandle
FindCertsByIssuer
Ord(29)
fgetc
memset
wcstod
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:03 00:02:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x59af

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4294967295

File identification
MD5 104fffe6fce9b04f86d7faf90cb61b92
SHA1 89395ac6cbb775407f27dc70e024b70af269783f
SHA256 019e6dc11da2944c5097d7627c1917cbf9ad60dd153411f8d1f10046eeebce9a
ssdeep
3072:nia2xjf4+GvZp8MxfPDHzslBjZLy6Bp1/nrK3QxRu2U5qIjMq:7+S/zFPDHuBjRR1/m34Ru3nM

authentihash 28aab762986d2c8dba1ec4f4d81e058ea84633db281768d591703ab458db7f24
imphash 33fbb340a910a6e90475c9bd29282c79
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-02 23:06:22 UTC ( 1 month, 2 weeks ago )
Last submission 2018-11-16 18:27:26 UTC ( 1 day, 15 hours ago )
File names 9675.exe
44.exe
5729279.exe
21.exe
8960606.exe
74762.exe
160690.exe
80246428.exe
003835.exe
866053.exe
3493.exe
347000.exe
80477944.exe
01833.exe
4FDME0MTLPTI.EXE
870143.exe
3.exe
25553368.EXE
536172.exe
774534.exe
74138333.exe
06774.exe
9218.exe
648.exe
dz9b4DHtNEIFtTVSXU.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!