× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a54be784817dc2cb8946a67b25912ba685857f877d556b2291864125d99655f
File name: 0a54be784817dc2cb8946a67b25912ba685857f877d556b2291864125d99655f
Detection ratio: 42 / 69
Analysis date: 2019-01-03 06:24:20 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31475734 20190103
AegisLab Trojan.Win32.Emotet.4!c 20190103
ALYac Trojan.Autoruns.GenericKDS.31475734 20190103
Arcabit Trojan.Autoruns.GenericS.D1E04816 20190103
Avast Win32:BankerX-gen [Trj] 20190103
AVG Win32:BankerX-gen [Trj] 20190103
Avira (no cloud) TR/AD.Emotet.eaibe 20190102
BitDefender Trojan.Autoruns.GenericKDS.31475734 20190103
Bkav HW32.Packed. 20190102
Comodo Malware@#24thvbm3uvi3l 20190103
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.674789 20180225
Cylance Unsafe 20190103
Cyren W32/Trojan.DDXU-1720 20190103
Emsisoft Trojan.Autoruns.GenericKDS.31475734 (B) 20190103
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVNI 20190103
F-Secure Trojan.Autoruns.GenericKDS.31475734 20190103
Fortinet W32/GenKryptik.CVNI!tr 20190103
GData Trojan.Autoruns.GenericKDS.31475734 20190103
Ikarus Trojan.Autoruns.GenericKDS 20190102
Sophos ML heuristic 20181128
Kaspersky Trojan-Banker.Win32.Emotet.bxue 20190103
Malwarebytes Trojan.Emotet 20190103
McAfee RDN/PWS-Banker 20190103
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190103
Microsoft Trojan:Win32/Emotet.AC!bit 20190103
eScan Trojan.Autoruns.GenericKDS.31475734 20190103
Palo Alto Networks (Known Signatures) generic.ml 20190103
Panda Trj/RnkBend.A 20190102
Qihoo-360 Win32/Trojan.5a7 20190103
Rising Trojan.Kryptik!8.8 (CLOUD) 20190103
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190103
Symantec Trojan.Gen.2 20190103
Tencent Win32.Trojan-banker.Emotet.Dzjp 20190103
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_FRS.VSN02A19 20190103
TrendMicro-HouseCall TROJ_FRS.VSN02A19 20190103
VBA32 BScope.Trojan.Refinka 20181229
Webroot W32.Trojan.Emotet 20190103
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxue 20190103
Acronis 20181227
Alibaba 20180921
Antiy-AVL 20190103
Avast-Mobile 20190102
Babable 20180918
Baidu 20190102
CAT-QuickHeal 20190102
ClamAV 20190103
CMC 20190102
DrWeb 20190103
eGambit 20190103
F-Prot 20190103
Jiangmin 20190103
K7AntiVirus 20190103
K7GW 20190103
Kingsoft 20190103
MAX 20190103
NANO-Antivirus 20190103
SUPERAntiSpyware 20190102
TACHYON 20190102
TheHacker 20181230
TotalDefense 20190102
Trustlook 20190103
ViRobot 20190103
Yandex 20181229
Zillya 20190102
Zoner 20190103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microso

Product Mi
Internal name kbds
File version 6.1.7600.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x00002C16
Number of sections 8
PE sections
PE imports
SetSecurityDescriptorControl
GetSecurityDescriptorControl
CreateHalftonePalette
GetUserDefaultLCID
VerifyScripts
SetFileIoOverlappedRange
SetSystemPowerState
GetModuleHandleW
NetLocalGroupGetInfo
VarI4FromCy
RpcBindingSetAuthInfoW
ShellAboutW
PathIsSameRootW
GetForegroundWindow
DefWindowProcW
PostQuitMessage
SetWindowPos
ToUnicodeEx
BeginDeferWindowPos
RegisterClassExW
DdeAddData
CharUpperW
ChildWindowFromPoint
GetDC
GetCursorPos
GetDlgCtrlID
CheckMenuItem
RemoveClipboardFormatListener
GetTitleBarInfo
GetSystemMetrics
GetWindowPlacement
ShutdownBlockReasonCreate
GetClientRect
DispatchMessageW
ScreenToClient
InvalidateRect
IsClipboardFormatAvailable
GetMenuState
GetRawInputBuffer
LoadCursorW
GetFocus
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
OpenClipboard
GetAncestor
DestroyWindow
CryptCATAdminAcquireContext
setsockopt
RtlFirstEntrySList
iswlower
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
46080

UninitializedDataSize
0

LinkerVersion
15.255

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
111104

EntryPoint
0x2c16

MIMEType
application/octet-stream

LegalCopyright
Microso

FileVersion
6.1.7600.1

TimeStamp
2004:08:04 09:56:09+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbds

ProductVersion
6.1.7600.163

SubsystemVersion
5.1

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corp

LegalTrademarks
Mozilla, Netscape

ProductName
Mi

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 85550f7674789ea97b518e8ab9eaed00
SHA1 fe6a38c1e659da78e4b6f7c96646c10d7542b864
SHA256 0a54be784817dc2cb8946a67b25912ba685857f877d556b2291864125d99655f
ssdeep
3072:p2v/LfALCpbm6oZiF98obuBGW9iijXun:p2vkibmk8orWQiDu

authentihash 6402c8d8fb9fdfd16c6ae78589b163a4fc2798db53f9f5ac9b2b067638a91364
imphash 0d15f224d8259d13b9fe6045a20ed37f
File size 118.5 KB ( 121344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-01 16:36:43 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-02 04:49:35 UTC ( 1 month, 3 weeks ago )
File names kbds
22997464.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!