× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 087ed1fa466f589f82a53731047f5c83e13db5cb5ef943589ed21a7d0453cffc
File name: a10ff0f0246523ed75fcbe8ad4d13356
Detection ratio: 34 / 67
Analysis date: 2018-11-03 00:31:48 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware DeepScan:Generic.EmotetN.A60C5F4C 20181103
ALYac DeepScan:Generic.EmotetN.A60C5F4C 20181102
Arcabit DeepScan:Generic.EmotetN.A60C5F4C 20181103
Avira (no cloud) TR/Crypt.XPACK.Gen3 20181103
BitDefender DeepScan:Generic.EmotetN.A60C5F4C 20181102
CAT-QuickHeal Trojan.Emotet.X4 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181103
Emsisoft DeepScan:Generic.EmotetN.A60C5F4C (B) 20181102
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKTJ 20181102
F-Secure DeepScan:Generic.EmotetN.A60C5F4C 20181102
Fortinet W32/Kryptik.GKUW!tr 20181102
GData DeepScan:Generic.EmotetN.A60C5F4C 20181102
Ikarus Packer.Win32.Krap 20181102
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0052964f1 ) 20181102
K7GW Trojan ( 0053c65d1 ) 20181102
Malwarebytes Trojan.Emotet 20181102
MAX malware (ai score=86) 20181103
McAfee Artemis!A10FF0F02465 20181102
Microsoft Trojan:Win32/Emotet.AC!bit 20181103
eScan DeepScan:Generic.EmotetN.A60C5F4C 20181102
NANO-Antivirus Trojan.Win32.Emotet.fhuelk 20181102
Qihoo-360 HEUR/QVM19.1.F269.Malware.Gen 20181103
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgJGTVvMY7Y/ig) 20181102
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181102
Symantec ML.Attribute.HighConfidence 20181102
TrendMicro TrojanSpy.Win32.EMOTET.SMITHAL94.hp 20181102
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMITHAL94.hp 20181102
VBA32 BScope.TrojanBanker.Emotet 20181102
ViRobot Backdoor.Win32.Agent.356352.G 20181102
Webroot W32.Trojan.Emotet 20181103
AegisLab 20181102
AhnLab-V3 20181102
Alibaba 20180921
Antiy-AVL 20181103
Avast 20181103
Avast-Mobile 20181102
AVG 20181103
Babable 20180918
Baidu 20181102
Bkav 20181102
ClamAV 20181102
CMC 20181102
Cybereason 20180225
Cyren 20181102
DrWeb 20181103
eGambit 20181103
F-Prot 20181102
Jiangmin 20181102
Kaspersky 20181102
Kingsoft 20181103
McAfee-GW-Edition 20181102
Palo Alto Networks (Known Signatures) 20181103
Panda 20181102
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181103
Tencent 20181103
TheHacker 20181031
TotalDefense 20181102
VIPRE None
Yandex 20181102
Zillya 20181102
ZoneAlarm by Check Point 20181103
Zoner 20181103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-14 03:45:32
Entry Point 0x0001C756
Number of sections 4
PE sections
PE imports
RegSetKeySecurity
FrameRgn
FlushFileBuffers
VerifyScripts
GetModuleHandleA
SetThreadLocale
GetProcessHeap
BSTR_UserFree
RasDeleteEntryW
I_RpcGetExtendedError
SetupDiBuildClassInfoListExW
StrChrNW
IsCharLowerW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit, No debug

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1c756

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:13 20:45:32-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
118784

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a10ff0f0246523ed75fcbe8ad4d13356
SHA1 a4244ec1892c1484e29527274488cad3d269647a
SHA256 087ed1fa466f589f82a53731047f5c83e13db5cb5ef943589ed21a7d0453cffc
ssdeep
6144:iIHqekzAlg0Q8QyzQvIFryfigroSorOlNTiDdorGDVo:dKekzAG0Q8KvIlYoSJNTprGe

authentihash e91318d32499dd967fd1ab01fa8b80d828d26fb9e65ca55283fac63ab5de950d
imphash a42a02cecef40c234ece2228d31a811a
File size 326.5 KB ( 334336 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-03 00:31:48 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-03 00:31:48 UTC ( 3 months, 2 weeks ago )
File names QllZd.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!