× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a05e728e40d80db4159ced8760ade6cc66cd1d1c3187bc389801f975ea356a5
File name: dc6697d94912ca70de32d8bd7717bd50
Detection ratio: 50 / 72
Analysis date: 2019-01-18 04:59:47 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Trojan.GenericKD.40943490 20190117
AhnLab-V3 Malware/Gen.Generic.C2924949 20190117
ALYac Trojan.Agent.Emotet 20190117
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190117
Arcabit Trojan.Generic.D270BF82 20190117
Avast Win32:BankerX-gen [Trj] 20190117
AVG Win32:BankerX-gen [Trj] 20190117
Avira (no cloud) TR/AD.Emotet.asbeb 20190117
BitDefender Trojan.GenericKD.40943490 20190117
Bkav HW32.Packed. 20190117
Comodo Malware@#ot90dpduh2t 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.748933 20190109
Cylance Unsafe 20190117
Cyren W32/Trojan.KWZA-5972 20190117
DrWeb Trojan.EmotetENT.344 20190117
eGambit Unsafe.AI_Score_79% 20190117
Emsisoft Trojan.Emotet (A) 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190117
F-Prot W32/Emotet.MC.gen!Eldorado 20190117
F-Secure Trojan.GenericKD.40943490 20190117
Fortinet W32/Emotet.BZJG!tr 20190117
GData Win32.Trojan-Spy.Emotet.RFFKDR 20190117
Ikarus Trojan-Banker.Emotet 20190117
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005459731 ) 20190117
K7GW Trojan ( 005459731 ) 20190117
Kaspersky Trojan-Banker.Win32.Emotet.bzjg 20190117
Malwarebytes Trojan.Emotet 20190117
McAfee RDN/Generic.grp 20190117
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20190117
Microsoft Trojan:Win32/Emotet.DF 20190117
eScan Trojan.GenericKD.40943490 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Panda Trj/RnkBend.A 20190117
Qihoo-360 HEUR/QVM20.1.8A9D.Malware.Gen 20190117
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190117
Symantec Trojan.Emotet 20190117
Tencent Win32.Trojan-banker.Emotet.Wtdm 20190117
Trapmine malicious.high.ml.score 20190102
TrendMicro TrojanSpy.Win32.EMOTET.THOAAEAI 20190117
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAEAI 20190117
VBA32 BScope.Trojan.Refinka 20190117
VIPRE Trojan.Win32.Generic!BT 20190117
Webroot W32.Trojan.Emotet 20190117
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bzjg 20190117
AegisLab 20190117
Alibaba 20180921
Avast-Mobile 20190116
AVware 20180925
Babable 20180917
Baidu 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Jiangmin 20190117
Kingsoft 20190117
MAX 20190117
NANO-Antivirus 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
TheHacker 20190114
TotalDefense 20190117
Trustlook 20190117
ViRobot 20190117
Yandex 20190116
Zillya 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporat

Product Microsoft® Windows® Operating S
Internal name hbaapi
File version 6.1.760
Description HBA API data interface dll for HB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-14 12:00:27
Entry Point 0x00003B90
Number of sections 10
PE sections
PE imports
CertGetEnhancedKeyUsage
SetTextColor
GetLastError
SetHandleCount
GetCurrentProcessId
ReadFile
GetTapeStatus
GetTickCount
TlsAlloc
GetCommandLineA
SetVolumeMountPointW
CompareStringOrdinal
CancelSynchronousIo
FindActCtxSectionGuid
TlsFree
I_RpcServerSetAddressChangeFn
PathIsRelativeA
SetClassWord
GetParent
GetMenuItemRect
ExcludeUpdateRgn
GetSystemMenu
GetLastInputInfo
GetKeyboardType
InternetOpenUrlW
CryptCATAdminAddCatalog
SCardDisconnect
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KANNADA DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
HBA API data interface dll for HB

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
122880

EntryPoint
0x3b90

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporat

FileVersion
6.1.760

TimeStamp
2019:01:14 12:00:27+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
hbaapi

ProductVersion
6.1.760

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating S

ProductVersionNumber
1.0.33.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dc6697d94912ca70de32d8bd7717bd50
SHA1 1f8c869748933bc8c9a69cb25c3f0ea3f8071075
SHA256 0a05e728e40d80db4159ced8760ade6cc66cd1d1c3187bc389801f975ea356a5
ssdeep
3072:fGtMGz044wJ/lvfrO9nsirVgMiNWcJZ9KzO9vgYRu9:uSGY44QHrqVrWDNWcYOZL

authentihash 958eeac7be880010c05b152b77f29eb5808fae06931ad2b3441e4cbfbf9e40e2
imphash cbf845b269dd337b04e8dac50e44baba
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-14 12:05:10 UTC ( 1 month, 1 week ago )
Last submission 2019-02-14 09:54:28 UTC ( 1 week, 1 day ago )
File names dIKkRjjg1ACLCAY.exe
C4m_xa_L.exe
21571873
hbaapi
VNgNQG_PXN5J.exe
22144320.EXE
dc6697d94912ca70de32d8bd7717bd50
V_Zw2uK.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!