× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07089c9689dba0e609e8cb56a80975465220b49377608e902415832a09fd8184
File name: 20075295
Detection ratio: 47 / 70
Analysis date: 2018-12-01 03:14:46 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31382331 20181201
AhnLab-V3 Trojan/Win32.Emotet.R246797 20181130
ALYac Trojan.Agent.Emotet 20181201
Arcabit Trojan.Generic.D1DEDB3B 20181130
Avast Win32:BankerX-gen [Trj] 20181201
AVG Win32:BankerX-gen [Trj] 20181201
BitDefender Trojan.GenericKD.31382331 20181201
CAT-QuickHeal Trojan.Ludicrouz 20181130
Comodo Malware@#3njpxs5t6pk7n 20181201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.4796b7 20180225
Cylance Unsafe 20181201
Cyren W32/Trojan.MZHC-5158 20181201
DrWeb Trojan.EmotetENT.312 20181201
eGambit Unsafe.AI_Score_91% 20181201
Emsisoft Trojan.GenericKD.31382331 (B) 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181201
F-Prot W32/Emotet.JX.gen!Eldorado 20181201
F-Secure Trojan.GenericKD.31382331 20181201
Fortinet W32/GenKryptik.CSMJ!tr 20181201
GData Win32.Trojan-Spy.Emotet.TV 20181201
Ikarus Trojan-Banker.Emotet 20181130
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053b3091 ) 20181130
K7GW Trojan ( 0053b3091 ) 20181201
Kaspersky Trojan-Banker.Win32.Emotet.bshu 20181201
Malwarebytes Trojan.Emotet 20181201
McAfee Emotet-FID!16EE82D4796B 20181201
McAfee-GW-Edition Emotet-FID!16EE82D4796B 20181130
Microsoft Trojan:Win32/Emotet.YK 20181201
eScan Trojan.GenericKD.31382331 20181201
NANO-Antivirus Trojan.Win32.EmotetENT.fksdlf 20181201
Palo Alto Networks (Known Signatures) generic.ml 20181201
Panda Trj/RnkBend.A 20181130
Qihoo-360 Win32/Trojan.c84 20181201
Rising Trojan.Emotet!8.B95 (CLOUD) 20181201
Sophos AV Mal/Generic-S 20181201
Symantec Trojan.Emotet 20181201
Trapmine malicious.moderate.ml.score 20181128
TrendMicro TSPY_EMOTET.THAABIAH 20181201
TrendMicro-HouseCall TSPY_EMOTET.THAABIAH 20181201
VBA32 BScope.Trojan.Emotet 20181130
VIPRE Trojan.Win32.Generic!BT None
ViRobot Trojan.Win32.Z.Emotet.520192.A 20181130
Webroot W32.Trojan.Emotet 20181201
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bshu 20181201
AegisLab 20181201
Alibaba 20180921
Antiy-AVL 20181201
Avast-Mobile 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
Bkav 20181129
ClamAV 20181130
CMC 20181130
Jiangmin 20181130
Kingsoft 20181201
MAX 20181201
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181201
Tencent 20181201
TheHacker 20181129
TotalDefense 20181130
Trustlook 20181201
Yandex 20181130
Zillya 20181130
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft®
Internal name kbdusa
File version 3.00.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 20:15:53
Entry Point 0x00002910
Number of sections 4
PE sections
PE imports
DeregisterEventSource
FileEncryptionStatusW
AVIFileGetStream
CM_Get_Next_Log_Conf
GetClipRgn
FillRgn
GetCharacterPlacementA
Rectangle
GetCharWidth32A
GetNamedPipeClientProcessId
GetFileTime
GetCurrentProcess
GetUserDefaultLangID
GetSystemPowerStatus
GetModuleHandleA
GetConsoleWindow
GetVolumeInformationW
GetTimeFormatW
GetTickCount
FreeEnvironmentStringsW
GetSystemWindowsDirectoryW
SetMailslotInfo
GetDiskFreeSpaceA
WriteProcessMemory
FillConsoleOutputAttribute
GetPrivateProfileStringW
LZSeek
NetLocalGroupAddMembers
DrawFrameControl
GetCursorInfo
CallMsgFilterA
DrawStateA
GetProcessWindowStation
GetDlgItemInt
timeGetTime
FindFirstPrinterChangeNotification
GetPrintProcessorDirectoryW
SCardListReadersA
fputc
malloc
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:28 12:15:53-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
491520

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x2910

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 16ee82d4796b75755b7121aff55b3a0b
SHA1 9b075070e8a96c06745b387acf5fade4f9041295
SHA256 07089c9689dba0e609e8cb56a80975465220b49377608e902415832a09fd8184
ssdeep
3072:z6lGWBF4rlbwVkIGa8EXX6REMP/Rk3D5BZrgAUt3:7WBARwWtu6REMPJkzLZrgf

authentihash 43998c4fa24df4241c77a060d504674cca31bdae9adf5bae964089ff7efd552a
imphash 5f8d7842afbb7ac0fbf4769bc3639be5
File size 508.0 KB ( 520192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 20:25:58 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-28 21:14:08 UTC ( 2 months, 3 weeks ago )
File names kNnmULo2.exe
kbdusa
NPfRxErn.exe
8isuywU7.exe
MNROKGgXSAJ.exe
C686DB85.exe
CHeQHza2.exe
193.exe
20075295
lvH4x2FZ.exe
73klZnwtOG.exe
4cgLTFrq.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!