× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c99f700981182ea8d51eb61b5cabb4e9133679102e3c271fc7ec4fa6d29e5b5
File name: 0c99f700981182ea8d51eb61b5cabb4e9133679102e3c271fc7ec4fa6d29e5b5
Detection ratio: 12 / 65
Analysis date: 2019-01-15 20:07:17 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190111
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190115
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190114
Qihoo-360 HEUR/QVM20.1.91F9.Malware.Gen 20190115
Rising Trojan.Emotet!8.B95/N3#87% (RDM+:cmRtazo2zuSH5Mr3tVyfNY8cl63e) 20190115
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190115
Trapmine malicious.high.ml.score 20190103
Webroot W32.Trojan.Emotet 20190115
Ad-Aware 20190115
AegisLab 20190115
AhnLab-V3 20190114
Alibaba 20180921
Antiy-AVL 20190114
Arcabit 20190114
Avast 20190114
Avast-Mobile 20190115
AVG 20190114
Babable 20180918
Baidu 20190115
BitDefender 20190114
CAT-QuickHeal 20190114
ClamAV 20190114
CMC 20190114
Comodo 20190114
Cybereason 20190109
Cyren 20190114
DrWeb 20190114
eGambit 20190115
Emsisoft 20190114
ESET-NOD32 20190114
F-Prot 20190114
F-Secure 20190114
Fortinet 20190114
GData 20190114
Jiangmin 20190114
K7AntiVirus 20190114
K7GW 20190114
Kaspersky 20190114
Kingsoft 20190115
Malwarebytes 20190114
MAX 20190115
McAfee 20190114
Microsoft 20190114
eScan 20190114
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190115
Panda 20190114
Sophos AV 20190114
SUPERAntiSpyware 20190109
TACHYON 20190115
Tencent 20190115
TheHacker 20190113
TotalDefense 20190115
TrendMicro-HouseCall 20190114
Trustlook 20190115
VBA32 20190115
VIPRE 20190114
ViRobot 20190114
Yandex 20190111
ZoneAlarm by Check Point 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Co

Product Microsoft® Windows® O
Internal name fast
File version 6.1.7
Description WMI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-09 09:45:28
Entry Point 0x00003EF0
Number of sections 10
PE sections
PE imports
PaintRgn
SetBitmapDimensionEx
GetLastError
TlsFree
ReadFile
GlobalAlloc
GetTickCount
IsProcessInJob
GetSystemTimeAsFileTime
GetCommandLineA
CancelSynchronousIo
GetTapeStatus
VarCyFromI1
I_RpcServerSetAddressChangeFn
GetCursorPos
GetFocus
BeginDeferWindowPos
GetKeyboardType
GetMenuItemRect
InternetOpenUrlW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KANNADA DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WMI

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x3ef0

MIMEType
application/octet-stream

LegalCopyright
Microsoft Co

FileVersion
6.1.7

TimeStamp
1994:07:09 10:45:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
fast

ProductVersion
6.1.7

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
16384

ProductName
Microsoft Windows O

ProductVersionNumber
1.0.33.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 abc1d83efa786adf3dfcf3c5f564d08c
SHA1 516b2b447eaa42e9b63086f899f4b5e54b75c0bb
SHA256 0c99f700981182ea8d51eb61b5cabb4e9133679102e3c271fc7ec4fa6d29e5b5
ssdeep
3072:XXFq0gFFgiGsz3ygqH9RuytVHXdneWQiXIi6pstZp8N:XXFq0+yNn8iPD

authentihash 633d7c2d6f2257b057d1e580cc1ce9e0060bd8dfbac8287573036f63c1bc5fdc
imphash 2dc391f3755506fa38cb6defd521e651
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-15 20:07:17 UTC ( 1 month ago )
Last submission 2019-02-14 09:54:25 UTC ( 5 days, 3 hours ago )
File names dd_Vn.exe
185.exe
Abv9wxJH_urjS.exe
21947520.EXE
C1_OfVKz.exe
2nkMpPs_jtZ_lBx0Wt9.exe
185.exe
z_hHY.exe
emotet_e2_0c99f700981182ea8d51eb61b5cabb4e9133679102e3c271fc7ec4fa6d29e5b5_2019-01-15__201001.exe_
0vp3aCxF_G041y_2xRHHkmBE.exe
fast
q_l7dyA_aNkb.exe
jAOy1_Dj.exe
e_5J3JE_0.exe
8B_cc_PTi30Blf.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!