× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ce944f2805a3771916ec99016cf34f1f68c26abc6a50df07b6189c8c1346278
File name: 888da95fa9188162d68d09ff2690b139
Detection ratio: 49 / 68
Analysis date: 2018-07-29 09:24:44 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31064524 20180729
AegisLab Ml.Attribute.Gen!c 20180729
AhnLab-V3 Trojan/Win32.Banki.R231390 20180728
ALYac Trojan.GenericKD.31064524 20180729
Arcabit Trojan.Generic.D1DA01CC 20180729
Avast Win32:GenX-Banker 20180729
AVG Win32:GenX-Banker 20180729
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180726
BitDefender Trojan.GenericKD.31064524 20180729
CAT-QuickHeal Trojan.Emotet.X4 20180728
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.140243 20180225
Cylance Unsafe 20180729
Cyren W32/S-202bdc0d!Eldorado 20180729
Emsisoft Trojan.GenericKD.31064524 (B) 20180729
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIPS 20180729
F-Prot W32/S-202bdc0d!Eldorado 20180729
F-Secure Trojan.GenericKD.31064524 20180729
Fortinet W32/Emotet.AWIF!tr 20180729
GData Trojan.GenericKD.31064524 20180729
Ikarus Trojan.Agent 20180728
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.bls 20180729
K7AntiVirus Trojan ( 005370531 ) 20180727
K7GW Trojan ( 005370531 ) 20180727
Kaspersky Trojan-Banker.Win32.Emotet.awif 20180729
Malwarebytes Spyware.Emotet 20180729
MAX malware (ai score=99) 20180729
McAfee RDN/Generic.grp 20180729
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180729
Microsoft Trojan:Win32/Emotet.AC!bit 20180729
eScan Trojan.GenericKD.31064524 20180729
NANO-Antivirus Trojan.Win32.Emotet.ffflmh 20180729
Palo Alto Networks (Known Signatures) generic.ml 20180729
Panda Trj/CI.A 20180728
Qihoo-360 HEUR/QVM20.1.5A8D.Malware.Gen 20180729
Rising Trojan.Emotet!8.B95 (CLOUD) 20180729
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180729
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180728
Symantec Trojan.Emotet 20180729
TrendMicro TROJ_GEN.R03FC0DG918 20180729
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMG.hp 20180729
VBA32 Malware-Cryptor.Limpopo 20180727
ViRobot Trojan.Win32.Z.Emotet.110592.E 20180728
Webroot W32.Trojan.Emotet 20180729
Yandex Trojan.PWS.Emotet! 20180725
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.awif 20180729
Alibaba 20180713
Antiy-AVL 20180729
Avast-Mobile 20180729
Avira (no cloud) 20180729
AVware 20180727
Babable 20180725
Bkav 20180728
ClamAV 20180729
CMC 20180729
Comodo 20180729
DrWeb 20180729
eGambit 20180729
Kingsoft 20180729
TACHYON 20180729
Tencent 20180729
TheHacker 20180727
TotalDefense 20180729
Trustlook 20180729
VIPRE 20180729
Zillya 20180727
Zoner 20180728
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Stock

Product Stock Software Monitor
Original name StockFile.exe
File version 1, 0, 4, 0
Description Beck Son
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 00:32:15
Entry Point 0x00001554
Number of sections 4
PE sections
PE imports
RegDisableReflectionKey
QueryServiceLockStatusW
CertSetCTLContextProperty
LCIDToLocaleName
GetSystemDefaultLangID
GetCurrentProcessId
GetSystemDefaultUILanguage
FindNextFileW
AssignProcessToJobObject
GetFileType
GetCommandLineA
GetConsoleHistoryInfo
SetFileBandwidthReservation
UrlHashW
GetCursorPos
RemovePropA
GetOpenClipboardWindow
FillRect
SetTimer
ChildWindowFromPoint
TrackMouseEvent
ChangeWindowMessageFilter
GetQueueStatus
GetClassWord
DeregisterShellHookWindow
UnpackDDElParam
IsCharAlphaA
SCardFreeMemory
IsAccelerator
Number of PE resources by type
RT_STRING 25
RT_BITMAP 2
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:08 02:32:15+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1554

InitializedDataSize
98304

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 888da95fa9188162d68d09ff2690b139
SHA1 d6f5b19140243411fda6833f83e4751ce7de25b1
SHA256 0ce944f2805a3771916ec99016cf34f1f68c26abc6a50df07b6189c8c1346278
ssdeep
3072:nkx71THdJ6SfUVRhrKHZim4N6SLaflSrzQ:n+1aLDK5AMfl

authentihash c980a40b7f5b1ad428a96ad58497142684806da7eec83faf05b00c8024d40964
imphash 9c3708f7857b57d7cd64ad3df9217c2c
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-08 00:42:36 UTC ( 7 months, 1 week ago )
Last submission 2018-07-21 02:32:51 UTC ( 6 months, 4 weeks ago )
File names o2Le2AjBHQ.exe
StockFile.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!