× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06067592df4ae5a50ecd993504dc7beab4a9fd721a4c6f65363e195f8e77ef2a
File name: 31bef7e2fbc292c91535f9b339968706
Detection ratio: 39 / 68
Analysis date: 2018-09-18 06:19:17 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31219975 20180917
ALYac Trojan.GenericKD.31219975 20180918
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180918
Arcabit Trojan.Generic.D1DC6107 20180918
Avast Win32:Malware-gen 20180918
AVG Win32:Malware-gen 20180918
BitDefender Trojan.GenericKD.31219975 20180918
CAT-QuickHeal Trojan.Emotet.X4 20180917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180918
Cyren W32/Trojan.SMOE-6192 20180918
Emsisoft Trojan.GenericKD.31219975 (B) 20180918
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Emotet.BR 20180918
F-Secure Trojan.GenericKD.31219975 20180918
Fortinet W32/Emotet.BR!tr 20180918
GData Trojan.GenericKD.31219975 20180918
Ikarus Trojan.Win32.Emotet 20180917
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053c9491 ) 20180918
K7GW Trojan ( 0053c9491 ) 20180918
Kaspersky Trojan-Banker.Win32.Emotet.bduh 20180918
Malwarebytes Trojan.Emotet 20180918
MAX malware (ai score=88) 20180918
McAfee RDN/Generic.hra 20180918
McAfee-GW-Edition BehavesLike.Win32.AdwareConvertAd.fm 20180918
Microsoft Trojan:Win32/Emotet.AC!bit 20180918
eScan Trojan.GenericKD.31219975 20180918
Palo Alto Networks (Known Signatures) generic.ml 20180918
Panda Trj/GdSda.A 20180917
Qihoo-360 HEUR/QVM20.1.E77D.Malware.Gen 20180918
Rising Trojan.Azden!8.F0E3 (CLOUD) 20180918
Sophos AV Mal/EncPk-ANY 20180918
Symantec Trojan.Gen.2 20180918
Tencent Win32.Trojan-banker.Emotet.Ljko 20180918
TrendMicro TSPY_EMOTET.THIAGAH 20180918
TrendMicro-HouseCall TSPY_EMOTET.THIAGAH 20180918
Webroot W32.Trojan.Emotet 20180918
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bduh 20180918
AegisLab 20180918
AhnLab-V3 20180917
Alibaba 20180713
Avast-Mobile 20180917
Avira (no cloud) 20180917
AVware 20180918
Babable 20180918
Baidu 20180914
Bkav 20180917
ClamAV 20180918
CMC 20180917
Comodo 20180918
Cybereason 20180225
DrWeb 20180918
eGambit 20180918
F-Prot 20180918
Jiangmin 20180918
Kingsoft 20180918
NANO-Antivirus 20180918
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180918
TheHacker 20180914
TotalDefense 20180918
Trustlook 20180918
VBA32 20180917
VIPRE 20180918
ViRobot 20180918
Yandex 20180917
Zillya 20180917
Zoner 20180917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-16 12:00:15
Entry Point 0x0001E118
Number of sections 7
PE sections
PE imports
CloseEncryptedFileRaw
RegDisablePredefinedCacheEx
RegSetKeySecurity
CertDeleteCRLFromStore
GetSystemPaletteUse
GetProcessHandleCount
GetLogicalDriveStringsA
GetFileSize
GetModuleHandleA
GetCommandLineW
SetEvent
GetWindowsDirectoryA
GetTickCount
GlobalMemoryStatusEx
SafeArrayPutElement
RpcServerUseAllProtseqsIf
NdrClientCall2
DragQueryFileA
PathStripPathW
StrChrNW
DeleteSecurityContext
IsCharLowerW
PhysicalToLogicalPoint
GetClassInfoExA
WSAStartup
Ord(30)
OleQueryLinkFromData
HICON_UserUnmarshal
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1e118

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:16 14:00:15+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
126976

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 31bef7e2fbc292c91535f9b339968706
SHA1 5bfa1989e2f6e4a6af9ff62930f462e6b8632212
SHA256 06067592df4ae5a50ecd993504dc7beab4a9fd721a4c6f65363e195f8e77ef2a
ssdeep
6144:nwilmtUHgcqMN16RIoINwA6tfAYNiSzJ:nwiwlW0ao1A6tRNiSz

authentihash deba6c8af455f73615505d4a6c7737836f7987fa1be7927e80d59a89c204f9f0
imphash 939c828f62063dcb42494c1590f1194b
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-16 12:03:59 UTC ( 5 months, 1 week ago )
Last submission 2018-11-09 17:23:24 UTC ( 3 months, 2 weeks ago )
File names tLEUquyFI6Mfzw.exe
31bef7e2fbc292c91535f9b339968706
QllZd.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!