Antivirus scan for 087a2947e77a42758924b5da53b5b36b2931e7c8843ef2ca09c8f3f4654a75c1 at 2018-06-04 17:51:59 UTC

Antivirus	Result	Update
Ad-Aware	Gen:Variant.Emotet.22	20180604
AegisLab	Gen.Variant.Emotet!c	20180604
AhnLab-V3	Trojan/Win32.Agent.R228650	20180604
ALYac	Gen:Variant.Emotet.22	20180604
Antiy-AVL	Trojan/Win32.TSGeneric	20180604
Arcabit	Trojan.Emotet.22	20180604
Avast	Win32:Malware-gen	20180604
AVG	Win32:Malware-gen	20180604
Avira (no cloud)	TR/Crypt.ZPACK.fvibe	20180604
AVware	Trojan.Win32.Generic!BT	20180604
BitDefender	Gen:Variant.Emotet.22	20180604
CAT-QuickHeal	Trojan.Cloxer	20180604
Cylance	Unsafe	20180604
Cyren	W32/Trojan.INBI-0316	20180604
DrWeb	Trojan.EmotetENT.222	20180604
Emsisoft	Gen:Variant.Emotet.22 (B)	20180604
Endgame	malicious (high confidence)	20180507
ESET-NOD32	a variant of Win32/Kryptik.GGWW	20180604
F-Secure	Gen:Variant.Emotet.22	20180604
Fortinet	W32/GenKryptik.BTIX!tr	20180604
GData	Gen:Variant.Emotet.22	20180604
Ikarus	Trojan.Win32.Crypt	20180604
Sophos ML	heuristic	20180601
Jiangmin	Trojan.Agent.bhgw	20180604
K7AntiVirus	Trojan ( 005321871 )	20180604
K7GW	Trojan ( 005321871 )	20180604
Kaspersky	Trojan.Win32.Agent.qwgofa	20180604
Malwarebytes	Spyware.PasswordStealer	20180604
MAX	malware (ai score=96)	20180604
McAfee	RDN/Generic.grp	20180604
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.dm	20180604
Microsoft	Trojan:Win32/Tiggre!rfn	20180604
eScan	Gen:Variant.Emotet.22	20180604
NANO-Antivirus	Trojan.Win32.Kryptik.fcspcw	20180604
Palo Alto Networks (Known Signatures)	generic.ml	20180604
Panda	Trj/CI.A	20180604
Qihoo-360	Win32/Trojan.bb4	20180604
SentinelOne (Static ML)	static engine - malicious	20180225
Sophos AV	Mal/EncPk-ANX	20180604
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik	20180604
Symantec	Packed.Generic.517	20180604
Tencent	Win32.Trojan.Agent.Wtdq	20180604
TrendMicro	TROJ_GEN.R002C0OEL18	20180604
TrendMicro-HouseCall	TSPY_HPEMOTET.SMAL8	20180604
VBA32	BScope.Trojan.Emotet	20180604
VIPRE	Trojan.Win32.Generic!BT	20180604
Webroot	W32.Trojan.Emotet	20180604
Yandex	Trojan.Agent!EPs4lBfsZ1E	20180529
Zillya	Trojan.Kryptik.Win32.1421746	20180604
ZoneAlarm by Check Point	Trojan.Win32.Agent.qwgofa	20180604
Alibaba		20180604
Avast-Mobile		20180604
Babable		20180406
Baidu		20180604
Bkav		20180604
ClamAV		20180604
CMC		20180604
Comodo		20180604
CrowdStrike Falcon (ML)		20180202
Cybereason		None
eGambit		20180604
F-Prot		20180604
Kingsoft		20180604
nProtect		20180604
Rising		20180604
Symantec Mobile Insight		20180601
TheHacker		20180531
TotalDefense		20180604
Trustlook		20180604
ViRobot		20180604
Zoner		20180604

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2028-12-25 04:27:37

Entry Point 0x00002293

Number of sections 10

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 8884 12288 5.13 d2ce713015ba7c8787264eb4387e9978

.data 16384 16556 16384 2.74 b75dfdc81f856f360c4bcd5f3fdfd7b1

DP| 36864 27017 28672 4.75 5630a313d50e16cbb0e81ec9ab42cffe

CODE 65536 14030 16384 6.31 0f8b57e646347889dce9fb847bc47287

.rsrc 81920 19745 20480 5.89 8fe8eef928e8ae01e23e32fa91713c62

|mQ 102400 7751 8192 6.99 a5d8ab1111fee0ca4a43c0e05aba9da0

.CRT4 110592 47603 49152 7.13 f82acc6123698528c1d4d00a9345fd87

.qdata 159744 42170 45056 4.79 b0d26e86135f927ed2d4736177b0907c

.rsrc 204800 368 4096 0.36 254f53c60f54ecec75e304703c49bc32

.reloc 208896 4448 8192 4.15 1eaa03d2336298dd7e23c35539c2b61d

PE imports

[+] KERNEL32.dll

[+] LZ32.dll

[+] SHELL32.dll

Number of PE resources by type

RT_VERSION 1

Number of PE resources by language

JAPANESE DEFAULT 1

PE resources

845a11f5dd0192d13c7135f6914a907742edd8baec2ac6f5aa20f07cc4bcce42 data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Tue May 22 04:30:21 2018 197360 29 Bytes

12 (12) Tue May 22 04:30:21 2018 197484 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2028:12:24 20:27:37-08:00

FileType

Win32 EXE

PEType

PE32

CodeSize

LinkerVersion

12.164

ImageFileCharacteristics

Executable, 32-bit

Warning

Error processing PE data dictionary

EntryPoint

0x2293

InitializedDataSize

200704

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

5.0

UninitializedDataSize

Compressed bundles

This file was also submitted to VirusTotal in the following compressed file bundles.

b5bba11f6be3c15ba8c941f1b831cfa57550e7d1551d4c21a9dfa9ec541a50eb

File identification

MD5 de4aad0ab6f80760483115e5bb0af183

SHA1 8d5306e36f4069e948fd821f0dd4ad1b1b885691

SHA256 087a2947e77a42758924b5da53b5b36b2931e7c8843ef2ca09c8f3f4654a75c1

ssdeep

1536:R7yYRVbQOWVUI0hClHdjBkHkNQ7WbDTOwckcN4De5vBwTEZVNDmBSAkWs+:R7jDMOS8eoWQ78DTOwVUp3N86+

authentihash 4f1477bb07d55bb38c37cbf18075979db2e52d45822a1689ab43945c5a9bb977

imphash 85ef02398d25d0b3b4eaae46394f2158

File size 208.0 KB ( 212992 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Executable (generic) (42.7%) OS/2 Executable (generic) (19.2%) Generic Win/DOS Executable (18.9%) DOS Executable Generic (18.9%)

VirusTotal metadata

First submission 2018-05-21 21:45:37 UTC ( 9 months ago )

Last submission 2018-05-26 17:57:52 UTC ( 8 months, 4 weeks ago )

File names

initmcr.exe
4830.exe

SHA256:	087a2947e77a42758924b5da53b5b36b2931e7c8843ef2ca09c8f3f4654a75c1
Detection ratio:	50 / 66
Analysis date:	2018-06-04 17:51:59 UTC ( 8 months, 2 weeks ago ) View latest

Ciphered bundle