Antivirus scan for 0e02d70793f88464b9562caa8a9bb54dd518fa680e2ab5effc7e1ba3bf607e26 at 2018-08-15 17:57:14 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.Autoruns.GenericKDS.31163179	20180815
AhnLab-V3	Trojan/Win32.Emotet.R234146	20180815
ALYac	Trojan.Autoruns.GenericKDS.31163179	20180815
Arcabit	Trojan.Autoruns.GenericS.D1DB832B	20180815
Avast	Win32:GenX-Banker	20180815
AVG	Win32:GenX-Banker	20180815
AVware	Trojan.Win32.Generic!BT	20180815
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180815
BitDefender	Trojan.Autoruns.GenericKDS.31163179	20180815
CAT-QuickHeal	Trojan.Emotet.X4	20180814
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20180723
Cybereason	malicious.7d2d61	20180225
Cyren	W32/Emotet.ES.gen!Eldorado	20180815
Emsisoft	Trojan.Emotet (A)	20180815
Endgame	malicious (high confidence)	20180730
ESET-NOD32	a variant of Win32/Kryptik.GJSA	20180815
F-Prot	W32/Emotet.ES.gen!Eldorado	20180815
F-Secure	Trojan.Autoruns.GenericKDS.31163179	20180815
Fortinet	W32/PossibleThreat	20180815
GData	Win32.Trojan-Spy.Emotet.SY	20180815
Ikarus	Trojan.Win32.Crypt	20180815
Sophos ML	heuristic	20180717
Kaspersky	Trojan-Banker.Win32.Emotet.baoz	20180815
Malwarebytes	Trojan.Emotet	20180815
MAX	malware (ai score=84)	20180815
McAfee	Emotet-FIC!0D4F8A18DA0C	20180815
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dh	20180815
Microsoft	Trojan:Win32/Emotet.AC!bit	20180815
eScan	Trojan.Autoruns.GenericKDS.31163179	20180815
Panda	Trj/CI.A	20180815
Qihoo-360	HEUR/QVM19.1.3465.Malware.Gen	20180815
Rising	Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgI3BdV87KW+GQ)	20180815
SentinelOne (Static ML)	static engine - malicious	20180701
Sophos AV	Mal/EncPk-ANX	20180815
Symantec	Trojan.Gen.2	20180815
TrendMicro	TROJ_GEN.R020C0DHC18	20180815
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.SMTHG.hp	20180815
VBA32	Malware-Cryptor.Limpopo	20180815
VIPRE	Trojan.Win32.Generic!BT	20180815
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.baoz	20180815
AegisLab		20180815
Alibaba		20180713
Antiy-AVL		20180815
Avast-Mobile		20180815
Avira (no cloud)		20180815
Babable		20180725
Bkav		20180815
ClamAV		20180815
CMC		20180812
Comodo		20180815
DrWeb		20180815
eGambit		20180815
Jiangmin		20180815
K7AntiVirus		20180815
K7GW		20180815
Kingsoft		20180815
NANO-Antivirus		20180815
Palo Alto Networks (Known Signatures)		20180815
SUPERAntiSpyware		20180815
Symantec Mobile Insight		20180814
TACHYON		20180815
Tencent		20180815
TheHacker		20180815
TotalDefense		20180815
Trustlook		20180815
ViRobot		20180815
Webroot		20180815
Yandex		20180815
Zillya		20180815
Zoner		20180815

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-08-10 21:16:58

Entry Point 0x00006329

Number of sections 7

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 33456 32768 5.92 3444d7e2da2fc03ab0eafb4971d0e335

.crt3 40960 1750 4096 2.54 1103e45d058214ef75cc224f97f71c8e

.crt 45056 49812 53248 6.90 1742b34d17384f7d8f24e9d74101b3eb

.qdata 98304 33954 36864 6.89 a85522d9a66435c03f17d04cf185c88b

kLM 135168 29424 32768 6.76 66f95f69e6080e0ba647013e0e2de444

.rsrc 167936 55128 57344 5.09 f32409b0055f4ee416d910944c8f7968

.reloc 225280 5492 8192 4.83 3c74683d23adbd156d3467cae39bdae0

PE imports

Number of PE resources by type

RT_BITMAP 29

RT_STRING 24

RT_RCDATA 9

RT_DIALOG 1

RT_MANIFEST 1

Number of PE resources by language

NEUTRAL 49

ENGLISH US 7

ENGLISH NEUTRAL 6

RUSSIAN 1

FRENCH 1

PE resources

002297dd78bcc736749cd8a73c66667a23be83ab555667f7372edd0fb58450ea ASCII text

043682eb90c932a3cc5509e78b522fe3f84bf8096075270a4eebc2b2bdd973a4 ASCII text

06dbfdc99d88b330f738d8228ba99235f089e3a7f0a48b5eb4fc97e229213e12 ASCII text

07f91bf80013d5f7dd9c253df1e4dfa1dba6201fc7fef3d8f5f1d9ded328e9c6 ASCII text

0da580a81768fc7dcd1b4f0cb0d8616024268920c0605f6f2e52da9d2bfbc416 data

0f5248f16fe2b1e73aa9be760a6f0bef933dc09e3cc6d8a8958eae1ce0bd0f97 data

139d2aad11f0234cc20811dd81744ab189aa17cb661a3ffbca86bf05401d41e6 ASCII text

1d67053ca2168bfce200fb54328be11fdd08350e422a83dc49474a247bd38988 data

264830e878a7d37bfe6aa4153c0f0a74b37a4193ce08c6576387b0b3470dd9fb data

268b211ce18b4464fb8cb52477f33795510ce97f1d5537454ce32f828774bd9e ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Fri Aug 10 21:16:58 2018 37680 50 Bytes

12 (12) Fri Aug 10 21:16:58 2018 37804 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:08:10 14:16:58-07:00

FileType

Win32 EXE

PEType

PE32

CodeSize

LinkerVersion

9.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x6329

InitializedDataSize

192512

SubsystemVersion

5.1

ImageVersion

0.0

OSVersion

6.0

UninitializedDataSize

45056

File identification

MD5 0d4f8a18da0c3748ca9b3a7bcb31982a

SHA1 80c7b1a7d2d61f904378d1970abc149b34e3d399

SHA256 0e02d70793f88464b9562caa8a9bb54dd518fa680e2ab5effc7e1ba3bf607e26

ssdeep

3072:L9le6zy2i26mBaIN4DkuuXYkYypQCMvNlcBVIHX1oRjM4esso9qC4:L9k6a2vvlu4fYnvYvSiK4EG

authentihash 7c36ddf1c7aad27f693b3e0aabc3afbddf211991b98af8d2ac0a47e10d8f8b06

imphash 6fedc46ccafc66e479224a33beab22a2

File size 224.0 KB ( 229376 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-08-15 17:57:14 UTC ( 6 months, 1 week ago )

Last submission 2018-08-15 17:57:14 UTC ( 6 months, 1 week ago )

SHA256:	0e02d70793f88464b9562caa8a9bb54dd518fa680e2ab5effc7e1ba3bf607e26
File name:	0d4f8a18da0c3748ca9b3a7bcb31982a
Detection ratio:	40 / 67
Analysis date:	2018-08-15 17:57:14 UTC ( 6 months, 1 week ago ) View latest

Ciphered bundle