× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08f0261059671c8d2ce7744b72dafe36380fece3ccec98717a401b61cb09dd67
File name: 08f0261059671c8d2ce7744b72dafe36380fece3ccec98717a401b61cb09dd67
Detection ratio: 26 / 68
Analysis date: 2018-07-22 14:46:14 UTC ( 7 months ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180722
AhnLab-V3 Trojan/Win32.MalPacked.R232177 20180721
Avast Win32:Malware-gen 20180722
AVG Win32:Malware-gen 20180722
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9979 20180717
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.49d650 20180225
Cylance Unsafe 20180722
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GJBO 20180722
Fortinet W32/Kryptik.GJBH!tr 20180722
GData Win32.Trojan-Spy.Emotet.V8EE73 20180722
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.ayys 20180722
McAfee Artemis!FEC553561588 20180722
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180722
Microsoft Trojan:Win32/Emotet.AC!bit 20180722
Palo Alto Networks (Known Signatures) generic.ml 20180722
Qihoo-360 HEUR/QVM20.1.AB86.Malware.Gen 20180722
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgTk2ZgSWQ+BaA) 20180722
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180722
Symantec Packed.Generic.517 20180721
VBA32 BScope.TrojanBanker.Emotet 20180720
Webroot W32.Trojan.Emotet 20180722
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180722
Ad-Aware 20180722
Alibaba 20180713
ALYac 20180722
Antiy-AVL 20180722
Arcabit 20180722
Avast-Mobile 20180722
Avira (no cloud) 20180722
AVware 20180722
Babable 20180406
BitDefender 20180722
Bkav 20180719
CAT-QuickHeal 20180722
ClamAV 20180722
CMC 20180722
Comodo 20180722
Cyren 20180722
DrWeb 20180722
eGambit 20180722
Emsisoft 20180722
F-Prot 20180722
F-Secure 20180722
Ikarus 20180722
Jiangmin 20180722
K7AntiVirus 20180722
K7GW 20180722
Kingsoft 20180722
Malwarebytes 20180722
MAX 20180722
eScan 20180722
NANO-Antivirus 20180722
Panda 20180722
SUPERAntiSpyware 20180722
TACHYON 20180722
Tencent 20180722
TheHacker 20180722
TotalDefense 20180722
TrendMicro 20180722
TrendMicro-HouseCall 20180722
Trustlook 20180722
VIPRE 20180722
ViRobot 20180722
Yandex 20180720
Zillya 20180720
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name icardagt.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-22 08:01:41
Entry Point 0x00002486
Number of sections 6
PE sections
PE imports
CryptDestroyKey
MakeAbsoluteSD
UnlockServiceDatabase
GetOutlineTextMetricsW
GetTextMetricsW
GetRTTAndHopCount
RegisterWaitForSingleObjectEx
GetVolumeInformationA
CopyFileW
lstrlenA
CreateFileW
MoveFileW
FlsFree
FlsGetValue
NetSessionEnum
SafeArrayDestroyData
VarCyCmp
VarCat
glTranslatef
glGetString
GetCurrentPowerPolicies
SetupDiDestroyDriverInfoList
SetupOpenAppendInfFileW
SHGetFolderPathA
InitializeSecurityContextW
LockWorkStation
SetDlgItemTextA
DrawIconEx
ChildWindowFromPoint
IsCharAlphaA
ScrollWindow
SetCursor
midiOutUnprepareHeader
Ord(30)
Ord(29)
PdhAddCounterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Scription
Windows CardSpace Us

InitializedDataSize
32256

ImageVersion
0.0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

NETFramework
ing S

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

EntryPoint
0x2486

MIMEType
application/octet-stream

Name
icardagt.exe

TimeStamp
2018:07:22 09:01:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
icardagt.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
138240

FileSubtype
0

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

InalFilename
wfw.fwf

File identification
MD5 fec553561588892836eb39d4cc336edf
SHA1 028850649d65090769500daa396dc89a7c98e423
SHA256 08f0261059671c8d2ce7744b72dafe36380fece3ccec98717a401b61cb09dd67
ssdeep
3072:Sgy1ipEfz/HMig1wLr25kJqtZRzDCuckZTb:Sl1zjMi0wf25AmrTck

authentihash daf05fae75dbff39e1f8a33925656de06e92f5716ce944bf05fd863f1671718b
imphash dc9a53a390911144fa1228da3cb69d91
File size 161.5 KB ( 165376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-22 08:16:01 UTC ( 7 months ago )
Last submission 2018-07-27 23:37:40 UTC ( 6 months, 3 weeks ago )
File names 57766455226.exe
656.exe.6.dr
3227353017.exe
Bd3rMP3ulUz0fk68.exe
output.113675838.txt
icardagt.exe
42749538.exe
304736731023.exe
85976202.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!