× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b6c2882d2f47630365c9017dda264fdc95ccbf07cb6a3344c83b49593733439
File name: lookupwindow.exe
Detection ratio: 47 / 67
Analysis date: 2018-03-14 17:41:13 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30394383 20180314
AegisLab W32.Troj.Spy!c 20180314
AhnLab-V3 Trojan/Win32.Emotet.R222414 20180314
ALYac Trojan.GenericKD.30394383 20180314
Antiy-AVL Trojan/Win32.TSGeneric 20180314
Arcabit Trojan.Generic.D1CFC80F 20180314
Avast Win32:Malware-gen 20180314
AVG Win32:Malware-gen 20180314
Avira (no cloud) TR/Crypt.ZPACK.zvnvy 20180314
AVware Trojan.Win32.Generic!BT 20180314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20180314
BitDefender Trojan.GenericKD.30394383 20180314
Bkav HW32.Packed.37DC 20180314
ClamAV Win.Trojan.Emotet-6471079-0 20180314
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180314
Cyren W32/Trojan.KRIT-5806 20180314
Emsisoft Trojan.GenericKD.30394383 (B) 20180314
Endgame malicious (high confidence) 20180308
ESET-NOD32 Win32/Emotet.AZ 20180314
F-Secure Trojan.GenericKD.30394383 20180314
Fortinet W32/Kryptik.GDRZ!tr 20180314
GData Win32.Trojan-Spy.Emotet.NH 20180314
Ikarus Trojan-Banker.Emotet 20180314
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052a5511 ) 20180314
K7GW Trojan ( 0052a5511 ) 20180314
Kaspersky Trojan-Banker.Win32.Emotet.aatd 20180314
Malwarebytes Trojan.Emotet 20180314
MAX malware (ai score=98) 20180314
McAfee RDN/Generic.grp 20180314
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20180314
Microsoft Trojan:Win32/Tiggre!rfn 20180314
eScan Trojan.GenericKD.30394383 20180314
NANO-Antivirus Trojan.Win32.Emotet.eyvpji 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Panda Trj/Genetic.gen 20180314
Qihoo-360 HEUR/QVM20.1.C614.Malware.Gen 20180314
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180314
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180314
Symantec Trojan.Gen.2 20180314
TrendMicro TSPY_EMOTET.TTHBBFW 20180314
TrendMicro-HouseCall TSPY_EMOTET.TTHBBFW 20180314
VIPRE Trojan.Win32.Generic!BT 20180314
Webroot W32.Trojan.Emotet 20180314
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aatd 20180314
Alibaba 20180314
Avast-Mobile 20180314
CAT-QuickHeal 20180314
CMC 20180314
Comodo 20180314
Cybereason None
DrWeb 20180314
eGambit 20180314
F-Prot 20180314
Jiangmin 20180314
Kingsoft 20180314
nProtect 20180314
SUPERAntiSpyware 20180314
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TotalDefense 20180314
Trustlook 20180314
VBA32 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180314
Zillya 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-12 14:41:03
Entry Point 0x00006000
Number of sections 9
PE sections
PE imports
SetSecurityDescriptorDacl
RegCreateKeyExA
CreateHalftonePalette
CreateFontIndirectA
GetLastError
GetCurrentProcess
IsWow64Process
ReleaseMutex
LocalAlloc
LocalFree
CreateDirectoryExA
GetFileBandwidthReservation
HeapDestroy
GetUserPreferredUILanguages
CloseHandle
GetTickCount
PrepareTape
CreateMutexW
GetVersion
GetProfileStringW
WaitForMultipleObjects
acmFormatSuggest
RpcMgmtWaitServerListen
RpcServerUnregisterIf
SetupAddToSourceListW
PathRemoveArgsW
GetForegroundWindow
GetCursorInfo
ShowOwnedPopups
CallNextHookEx
LockWindowUpdate
GetCursor
RealChildWindowFromPoint
DestroyCursor
AddClipboardFormatListener
DrawTextW
SetScrollPos
OpenClipboard
SCardConnectA
DisassociateColorProfileFromDeviceW
OleCreateFromFile
OleCreateFromData
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_RCDATA 2
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:12 15:41:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
14.5

FileTypeExtension
exe

InitializedDataSize
122880

SubsystemVersion
4.0

EntryPoint
0x6000

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
4096

File identification
MD5 b7a948e7a300030c61066964abee6625
SHA1 217048b8a8b927c766a07974da1a6b1c8811fce2
SHA256 0b6c2882d2f47630365c9017dda264fdc95ccbf07cb6a3344c83b49593733439
ssdeep
3072:jkcFv+Khc/vTajWEcrBuRCtPl+ZzZxRA3AboqTEhO9/:jkc8Ke/LWFcrYR2qzZFqhO9

authentihash c402c9be86808d14ae0bc676fb4f159469ff7ef48931fe975fe79294bc72a5e5
imphash d238cc21f0b4e9b55b0c251c84fb16c9
File size 135.0 KB ( 138240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-12 14:50:28 UTC ( 7 months, 2 weeks ago )
Last submission 2018-05-08 03:48:00 UTC ( 5 months, 2 weeks ago )
File names flareFile
32434632.exe
lookupwindow.exe
aa
nvprovider.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!