× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 069277d9e3bb9c1bf10032804f4a4b288b4bfc7f7e21e3ca62a5f89153a69334
File name: 0106e4df9c54556b2218dbadda38b0cc
Detection ratio: 42 / 65
Analysis date: 2017-09-06 10:51:04 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.219141 20170906
AegisLab Tspy.Emotet.Smd0!c 20170906
Antiy-AVL Trojan/Win32.Refinka 20170906
Arcabit Trojan.Razy.D35805 20170906
Avira (no cloud) TR/Crypt.ZPACK.nsnrv 20170906
AVware Trojan.Win32.Generic!BT 20170906
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9975 20170831
BitDefender Gen:Variant.Razy.219141 20170906
Comodo UnclassifiedMalware 20170906
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170906
Cyren W32/Trojan.KVZM-7776 20170906
DrWeb Trojan.DownLoader25.29860 20170906
Emsisoft Gen:Variant.Razy.219141 (B) 20170906
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Emotet.AZ 20170906
F-Secure Gen:Variant.Razy.219141 20170906
Fortinet W32/GenKryptik.AUBY!tr 20170906
GData Gen:Variant.Razy.219141 20170906
Ikarus Trojan.Win32.Emotet 20170906
Sophos ML heuristic 20170822
K7AntiVirus Trojan ( 005152941 ) 20170906
K7GW Trojan ( 005152941 ) 20170906
Kaspersky Trojan.Win32.Refinka.akr 20170906
Malwarebytes Trojan.Emotet 20170906
McAfee Artemis!0106E4DF9C54 20170905
McAfee-GW-Edition BehavesLike.Win32.MysticCompressor.dz 20170906
Microsoft Trojan:Win32/Dynamer!rfn 20170906
eScan Gen:Variant.Razy.219141 20170906
nProtect Trojan/W32.Refinka.217088.G 20170906
Palo Alto Networks (Known Signatures) generic.ml 20170906
Panda Trj/Emotet.A 20170905
Rising Trojan.Refinka!8.EBC2 (cloud:NiJvGnUhbfI) 20170901
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/EncPk-ANR 20170906
Symantec Trojan.Gen.2 20170906
Tencent Win32.Trojan.Refinka.Kc 20170906
TrendMicro TSPY_EMOTET.SMD0 20170906
TrendMicro-HouseCall TSPY_EMOTET.SMD0 20170906
VIPRE Trojan.Win32.Generic!BT 20170906
Webroot W32.Trojan.Gen 20170906
ZoneAlarm by Check Point Trojan.Win32.Refinka.akr 20170906
AhnLab-V3 20170906
Alibaba 20170906
ALYac 20170906
Avast 20170906
AVG 20170906
Bkav 20170906
CAT-QuickHeal 20170905
ClamAV 20170906
CMC 20170902
F-Prot 20170906
Jiangmin 20170906
Kingsoft 20170906
MAX 20170906
NANO-Antivirus 20170906
Qihoo-360 20170906
SUPERAntiSpyware 20170906
Symantec Mobile Insight 20170906
TheHacker 20170904
TotalDefense 20170906
Trustlook 20170906
VBA32 20170906
ViRobot 20170906
WhiteArmor 20170829
Yandex 20170906
Zillya 20170905
Zoner 20170906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-04 13:51:34
Entry Point 0x0000101E
Number of sections 6
PE sections
PE imports
ImmDisableTextFrameService
HeapFree
FormatMessageA
AddAtomW
VarBstrCmp
SHGetFileInfoA
PathIsDirectoryEmptyA
OpenInputDesktop
SetWindowTextA
DrawTextExA
OpenColorProfileA
CoUninitialize
URLOpenBlockingStreamA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:04 14:51:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
8.0

EntryPoint
0x101e

InitializedDataSize
86016

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0106e4df9c54556b2218dbadda38b0cc
SHA1 539a3cbcb17a71b7bada97a998ea63e0035c85da
SHA256 069277d9e3bb9c1bf10032804f4a4b288b4bfc7f7e21e3ca62a5f89153a69334
ssdeep
1536:K/16CpsbxRVUIzrIksrLZfP9oBMCFC31mQZlZ3f6yZxuc3kSgggKbA:K/1JudUWA5MfFClmQLBNxvk5

authentihash 113f746f0a962b2d3006b3fd0e4610c726fced38b0b77f31a8c55535f409d1ee
imphash ebe8bec2331b35dcafc1d09cff439650
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-04 13:59:14 UTC ( 1 year, 3 months ago )
Last submission 2018-05-25 17:48:46 UTC ( 6 months, 3 weeks ago )
File names 0106e4df9c54556b2218dbadda38b0cc.vir
jGMjR9Ejtkn0NDod.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications