× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07a869d9f8c2d01b365d3276c13904b76e6416dc23626fba1b18da09fb203bd4
File name: F62A315E.exe
Detection ratio: 47 / 70
Analysis date: 2018-12-25 07:22:27 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.Autoruns.GenericKD.31437204 20181225
AhnLab-V3 Trojan/Win32.Emotet.R249456 20181224
ALYac Trojan.Agent.Emotet 20181225
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181225
Arcabit Trojan.Autoruns.Generic.D1DFB194 20181225
Avast Win32:MalwareX-gen [Trj] 20181225
AVG Win32:MalwareX-gen [Trj] 20181225
BitDefender Trojan.Autoruns.GenericKD.31437204 20181225
Bkav HW32.Packed. 20181224
Comodo Malware@#21i9n1vr6u91h 20181225
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.93f3df 20180225
Cylance Unsafe 20181225
Cyren W32/Emotet.LE.gen!Eldorado 20181225
eGambit Unsafe.AI_Score_99% 20181225
Emsisoft Trojan.Autoruns.GenericKD.31437204 (B) 20181225
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOAF 20181225
F-Prot W32/Emotet.LE.gen!Eldorado 20181225
Fortinet W32/Emotet.BWFA!tr 20181225
GData Trojan.Autoruns.GenericKD.31437204 20181225
Ikarus Trojan-Banker.Emotet 20181224
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181225
K7GW Riskware ( 0040eff71 ) 20181225
Kaspersky Trojan-Banker.Win32.Emotet.bwfa 20181225
Malwarebytes Trojan.Emotet 20181225
MAX malware (ai score=100) 20181225
McAfee Emotet-FJX!A98D82D93F3D 20181225
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181225
Microsoft Trojan:Win32/Emotet.CT 20181225
eScan Trojan.Autoruns.GenericKD.31437204 20181225
Palo Alto Networks (Known Signatures) generic.ml 20181225
Panda Trj/RnkBend.A 20181224
Qihoo-360 HEUR/QVM20.1.0075.Malware.Gen 20181225
Rising Trojan.Kryptik!8.8 (CLOUD) 20181225
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181225
Symantec Trojan.Gen.2 20181224
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.AFSDGD 20181225
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.AFSDGD 20181225
VBA32 BScope.Trojan.Dynamer 20181222
ViRobot Trojan.Win32.Z.Emotet.122880.FU 20181225
Webroot W32.Trojan.Emotet 20181225
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bwfa 20181225
AegisLab 20181225
Alibaba 20180921
Avast-Mobile 20181224
Avira (no cloud) 20181224
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181224
ClamAV 20181225
CMC 20181224
DrWeb 20181225
F-Secure 20181225
Jiangmin 20181225
Kingsoft 20181225
NANO-Antivirus 20181225
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
Tencent 20181225
TheHacker 20181220
TotalDefense 20181223
Trustlook 20181225
Yandex 20181223
Zillya 20181222
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp.

Internal name CTL3D32
File version 5.1.2600.2180
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002920
Number of sections 8
PE sections
PE imports
IsTokenRestricted
GetDCPenColor
GetPolyFillMode
GetFileTime
NormalizeString
LockFileEx
SetFilePointer
GetTapeStatus
SetEvent
GetConsoleProcessList
GetUserDefaultLCID
GetVersion
EmptyClipboard
GetLastActivePopup
GetSysColor
GetKeyboardType
RegisterRawInputDevices
SCardGetCardTypeProviderNameA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
135168

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
5.1

FileVersionNumber
5.1.2600.2180

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2920

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:18 03:23:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a98d82d93f3dfe21276a65b233606ec4
SHA1 18562d224abac43fa7a6fc1405683328c29c8a9e
SHA256 07a869d9f8c2d01b365d3276c13904b76e6416dc23626fba1b18da09fb203bd4
ssdeep
3072:2LR2Jq/rbSAb9dI3YNvMiyPY8sDSqD175ow8C:2LsJy/UYdryPJKvD175

authentihash 769615c9f4426da63df4fdd8131b2f61080cf37066bf43ffbce21500090860c2
imphash a5ecb1bef09515d1d21e0ff987bbf1db
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-20 23:45:45 UTC ( 1 month, 4 weeks ago )
Last submission 2018-12-20 23:45:54 UTC ( 1 month, 4 weeks ago )
File names CTL3D32
F62A315E.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!