× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04c02187dcafe582eed726e804901683dec8c14d7e6d79cca453872104cf52b9
File name: emotet_e1_04c02187dcafe582eed726e804901683dec8c14d7e6d79cca453872...
Detection ratio: 40 / 70
Analysis date: 2019-02-16 03:15:34 UTC ( 2 months ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.31696304 20190215
AhnLab-V3 Trojan/Win32.Emotet.R255530 20190215
ALYac Trojan.Agent.Emotet 20190215
Arcabit Trojan.Generic.D1E3A5B0 20190215
Avast Win32:MalwareX-gen [Trj] 20190215
AVG Win32:MalwareX-gen [Trj] 20190215
BitDefender Trojan.GenericKD.31696304 20190215
Bkav HW32.Packed. 20190214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190215
Cyren W32/Emotet.OP.gen!Eldorado 20190215
Emsisoft Trojan.Emotet (A) 20190215
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPTC 20190215
F-Prot W32/Emotet.OP.gen!Eldorado 20190215
Fortinet W32/GenKryptik.CZNO!tr 20190215
GData Trojan.GenericKD.31696304 20190215
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00547c4f1 ) 20190215
K7GW Trojan ( 00547c4f1 ) 20190215
Kaspersky Trojan-Banker.Win32.Emotet.cgma 20190215
Malwarebytes Trojan.Emotet 20190215
McAfee Emotet-FLY!DBE07DB05B8A 20190215
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20190215
Microsoft Trojan:Win32/Emotet.AC!bit 20190215
eScan Trojan.GenericKD.31696304 20190215
Palo Alto Networks (Known Signatures) generic.ml 20190215
Panda Trj/Genetic.gen 20190215
Qihoo-360 Win32/Trojan.825 20190215
Rising Trojan.Emotet!8.B95 (CLOUD) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190215
Symantec Trojan.Emotet 20190215
Trapmine malicious.high.ml.score 20190123
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTREM.hp 20190215
VBA32 BScope.Trojan.Refinka 20190215
ViRobot Trojan.Win32.Z.Emotet.151552.CK 20190215
Webroot W32.Trojan.Emotet 20190215
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cgma 20190215
AegisLab 20190215
Alibaba 20180921
Antiy-AVL 20190215
Avast-Mobile 20190215
Avira (no cloud) 20190215
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190215
ClamAV 20190215
CMC 20190215
Comodo 20190215
Cybereason 20190109
DrWeb 20190215
eGambit 20190215
F-Secure 20190215
Jiangmin 20190215
Kingsoft 20190215
MAX 20190218
NANO-Antivirus 20190215
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TACHYON 20190215
Tencent 20190215
TheHacker 20190215
TotalDefense 20190215
TrendMicro 20190215
Trustlook 20190215
VIPRE 20190215
Yandex 20190215
Zillya 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017 America Online, Inc.

Original name jgm1GEN.dll
Internal name pgadoEN.exe
File version 024
Description PG ADO DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-15 03:00:13
Entry Point 0x00003710
Number of sections 10
PE sections
PE imports
IsTokenRestricted
GetUserDefaultUILanguage
GetCurrentProcess
GetThreadPriority
GetNamedPipeInfo
TerminateThread
IsValidLocaleName
SetFileApisToOEM
GetProcessPriorityBoost
GetTickCount
CloseHandle
GetVersion
InterlockedIncrement
GetCurrentThread
GetMessagePos
TranslateAcceleratorA
AnyPopup
MapVirtualKeyExW
LoadStringW
ChangeClipboardChain
GetForegroundWindow
AddMonitorA
PdhCollectQueryDataWithTime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
15.2

ImageVersion
0.0

FileVersionNumber
24.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PG ADO DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
139264

EntryPoint
0x3710

OriginalFileName
jgm1GEN.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 America Online, Inc.

FileVersion
024

TimeStamp
2019:02:14 19:00:13-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
pgadoEN.exe

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
America Online

CodeSize
0

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dbe07db05b8ad3d04fdec90d2a82ae6c
SHA1 f58379dea92fee97161daf96bd76e5e62966ba86
SHA256 04c02187dcafe582eed726e804901683dec8c14d7e6d79cca453872104cf52b9
ssdeep
3072:BiriYTUV+9YpLLLLLO93NLLLLL8KLLLLLLLlLGZK2ypEvAQ/Vpq/qWSm5u9ZtZQo:BqdUV+9YpLLLLLO93NLLLLLZLLLLLLLc

authentihash 38b4ac181608686d6d95b05d9b0862a407b7f7aa02d0213f2a4b4abee5833ebd
imphash 1aa84caf40d92acf5d96033b76e9de2f
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-15 03:04:20 UTC ( 2 months ago )
Last submission 2019-02-16 03:15:34 UTC ( 2 months ago )
File names emotet_e1_04c02187dcafe582eed726e804901683dec8c14d7e6d79cca453872104cf52b9_2019-02-15__030501.exe_
jgm1GEN.dll
pgadoEN.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!