× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 072931c5345488affae5259c1159636d80ed921b2d26fcc1512643142668b692
File name: 0a68946c77994c4d555c4dfcfd2f7011
Detection ratio: 36 / 69
Analysis date: 2018-09-26 08:37:47 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40517955 20180926
ALYac Trojan.GenericKD.40517955 20180926
Arcabit Trojan.Generic.D26A4143 20180926
Avast Win32:Malware-gen 20180926
AVG Win32:Malware-gen 20180926
BitDefender Trojan.GenericKD.40517955 20180926
CAT-QuickHeal Trojan.Emotet.X4 20180923
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cylance Unsafe 20180926
Cyren W32/Trojan.QMYK-5848 20180926
Emsisoft Trojan.GenericKD.40517955 (B) 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Emotet.BR 20180926
F-Secure Trojan.GenericKD.40517955 20180926
Fortinet W32/Emotet.BR!tr 20180926
GData Trojan.GenericKD.40517955 20180926
Ikarus Trojan.Win32.Emotet 20180926
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180926
Kaspersky Trojan-Banker.Win32.Emotet.bepp 20180926
Malwarebytes Trojan.Emotet 20180926
McAfee RDN/Generic.grp 20180926
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm 20180926
Microsoft Trojan:Win32/Emotet.AC!bit 20180926
eScan Trojan.GenericKD.40517955 20180926
Palo Alto Networks (Known Signatures) generic.ml 20180926
Panda Trj/Emotet.C 20180925
Qihoo-360 HEUR/QVM20.1.1561.Malware.Gen 20180926
Rising Trojan.Emotet!8.B95 (CLOUD) 20180926
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/EncPk-ANY 20180926
Symantec ML.Attribute.HighConfidence 20180925
TrendMicro TrojanSpy.Win32.EMOTET.AL 20180926
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.AL 20180926
Webroot W32.Trojan.Emotet 20180926
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bepp 20180925
AegisLab 20180926
AhnLab-V3 20180925
Alibaba 20180921
Antiy-AVL 20180926
Avast-Mobile 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
Bkav 20180925
ClamAV 20180926
CMC 20180926
Comodo 20180926
Cybereason 20180225
DrWeb 20180926
eGambit 20180926
F-Prot 20180926
Jiangmin 20180926
K7AntiVirus 20180926
Kingsoft 20180926
MAX 20180926
NANO-Antivirus 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
Trustlook 20180926
VBA32 20180926
VIPRE 20180926
ViRobot 20180925
Yandex 20180925
Zillya 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name diantz.exe
Internal name diantz.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft® Cabinet Maker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-24 17:00:16
Entry Point 0x0002E0E0
Number of sections 5
PE sections
PE imports
QueryUsersOnEncryptedFile
RemoveUsersFromEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
HeapCompact
GetModuleHandleA
GetSystemDefaultLCID
GetStartupInfoW
GetSystemTimes
UnlockFileEx
GetSystemPowerStatus
SetFileBandwidthReservation
PowerRestoreDefaultPowerSchemes
PathIsRootA
ToUnicodeEx
BeginDeferWindowPos
DispatchMessageW
DeleteFormW
Ord(30)
CompatFlagsFromClsid
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
31232

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
4294967295

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
diantz.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:09:24 18:00:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
diantz.exe

ProductVersion
6.1.7600.16385

FileDescription
Microsoft Cabinet Maker

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
189440

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x2e0e0

ObjectFileType
Executable application

File identification
MD5 0a68946c77994c4d555c4dfcfd2f7011
SHA1 6611a064635cc4fda83a5bfbb23a72034049f5da
SHA256 072931c5345488affae5259c1159636d80ed921b2d26fcc1512643142668b692
ssdeep
1536:hvKP/tBtK79UF4j1emyatwiycZ1cHRtqc2Rmtrqibn33slaXQwh5FTfsbYkoeo:NKPVBobdya+il+REMqSvQwTFI0koe

authentihash 9ff0430a33023c19a7a766d0dbdcd9915e68a64f7d7a3a39da3fab022d2890cc
imphash 1c8d63fc560f52334e7e7ae9e86aa2f2
File size 216.5 KB ( 221696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-24 17:06:39 UTC ( 3 months, 3 weeks ago )
Last submission 2018-11-13 18:35:58 UTC ( 2 months ago )
File names 32105144.exe
diantz.exe
computecompute.exe
31121856.exe
0a68946c77994c4d555c4dfcfd2f7011
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!