Antivirus scan for 10a2f3de8dd05c16beabcfcbfca18f9db0f39dc5bc1c27a7f399b0c901d49456 at 2018-12-01 06:46:52 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.Autoruns.GenericKDS.31384569	20181201
AegisLab	Trojan.Win32.Emotet.4!c	20181201
AhnLab-V3	Trojan/Win32.Emotet.R246797	20181130
Alibaba	TrojanSpy:Win32/Kryptik.6432c6a0	20180921
ALYac	Trojan.Agent.Emotet	20181201
Arcabit	Trojan.Autoruns.GenericS.D1DEE3F9	20181201
Avast	Win32:BankerX-gen [Trj]	20181201
AVG	Win32:BankerX-gen [Trj]	20181201
BitDefender	Trojan.Autoruns.GenericKDS.31384569	20181201
CAT-QuickHeal	Trojan.Emotet.X4	20181130
Comodo	Malware@#ui75ywpd0ous	20181201
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20181022
Cybereason	malicious.b90d27	20180225
Cylance	Unsafe	20181201
Cyren	W32/Emotet.JX.gen!Eldorado	20181201
DrWeb	Trojan.EmotetENT.313	20181201
Emsisoft	Trojan.Emotet (A)	20181201
Endgame	malicious (high confidence)	20181108
ESET-NOD32	a variant of Win32/Kryptik.GNHH	20181201
F-Prot	W32/Emotet.JX.gen!Eldorado	20181201
F-Secure	Trojan.Autoruns.GenericKDS.31384569	20181201
Fortinet	W32/Kryptik.GNFC!tr	20181201
GData	Trojan.Autoruns.GenericKDS.31384569	20181201
Ikarus	Trojan-Banker.Emotet	20181130
K7AntiVirus	Riskware ( 0040eff71 )	20181201
K7GW	Riskware ( 0040eff71 )	20181201
Kaspersky	Trojan-Banker.Win32.Emotet.bske	20181201
Malwarebytes	Trojan.Emotet	20181201
MAX	malware (ai score=100)	20181201
McAfee	Emotet-FKN!3A5C775B90D2	20181201
McAfee-GW-Edition	Artemis!Trojan	20181201
Microsoft	Trojan:Win32/Emotet.AC!bit	20181201
eScan	Trojan.Autoruns.GenericKDS.31384569	20181201
Palo Alto Networks (Known Signatures)	generic.ml	20181201
Panda	Trj/Genetic.gen	20181130
Qihoo-360	HEUR/QVM20.1.8701.Malware.Gen	20181201
Rising	Trojan.Kryptik!8.8 (CLOUD)	20181201
SentinelOne (Static ML)	static engine - malicious	20181011
Sophos AV	Mal/EncPk-ANY	20181201
Symantec	Trojan.Emotet	20181201
Trapmine	malicious.high.ml.score	20181128
TrendMicro	TSPY_EMOTET.THAABIAH	20181201
TrendMicro-HouseCall	TSPY_EMOTET.THAABIAH	20181201
ViRobot	Trojan.Win32.Z.Emotet.438272.A	20181130
Webroot	W32.Trojan.Emotet	20181201
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.bske	20181201
Antiy-AVL		20181201
Avast-Mobile		20181130
Avira (no cloud)		20181130
Babable		20180918
Baidu		20181130
Bkav		20181129
ClamAV		20181130
CMC		20181130
eGambit		20181201
Sophos ML		20181128
Jiangmin		20181201
Kingsoft		20181201
NANO-Antivirus		20181201
SUPERAntiSpyware		20181128
Symantec Mobile Insight		20181121
Tencent		20181201
TheHacker		20181129
TotalDefense		20181201
Trustlook		20181201
VBA32		20181130
Yandex		20181130
Zillya		20181130
Zoner		20181130

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product Microsoft®

Internal name securit

File version 3.00.

Description V

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-11-29 10:01:37

Entry Point 0x0006384E

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 408776 409600 4.96 245a850ad6bc3672e47297c6eec0dee5

.data 413696 19744 12288 5.58 c742df4560b6c35b7b3efc21dcefcf75

.idata 434176 488 4096 0.79 187e82f6b0d1e67b2e0eaa489171cea9

.rsrc 438272 3816 4096 3.17 6906b1cdf3354484745cdb60e742d8c4

.reloc 442368 2296 4096 4.25 d22d88e2ab7019cef3281bd6cb5328d9

PE imports

Number of PE resources by type

RT_STRING 5

RT_RCDATA 1

RT_VERSION 1

Number of PE resources by language

NEUTRAL 6

ENGLISH US 1

PE resources

49273389801a1f2231e5dd94be7ba0b019b4939ff4689134e11dd0e0d9f98a04 ASCII text

5180c0ed0d9919461d9a29604a4a0e09accc227629acdfb5df5811d16eae77f5 data

606d934d092152b25e6a9b1aa532a329efd1045e0966b1cb3a400ae18cf4badf ASCII text

7a4ca7e141cfb149b85b75cf3d7bd3d678be6f6e6823f6123a0a569f78b5fc07 ASCII text

88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610 data

bb4f5943dff55c4cb4b3ac76c7ae2b48845f558c9aac4a8df4d39864a4c1ddd2 ASCII text

d1e4f67dfdac88a2667aef19c9e56fc6d0deaca637f10b941f1724a4466f9225 ASCII text

ExifTool file metadata

SpecialBuild

[pre-release version: pre-alpha]

SubsystemVersion

5.0

LinkerVersion

12.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

8.0.0.0

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Windows, Latin1

InitializedDataSize

32768

EntryPoint

0x6384e

MIMEType

application/octet-stream

LegalCopyright

Microsoft Corporation

FileVersion

3.00.

TimeStamp

2018:11:29 11:01:37+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

securit

UninitializedDataSize

OSVersion

5.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

S Corpora

CodeSize

409600

ProductName

Microsoft

ProductVersionNumber

0.0.0.0

FileTypeExtension

exe

ObjectFileType

Dynamic link library

File identification

MD5 3a5c775b90d27d26b7def9847035f2be

SHA1 98a8395b7df55d7d958e54fbac71511d5e2ab0ce

SHA256 10a2f3de8dd05c16beabcfcbfca18f9db0f39dc5bc1c27a7f399b0c901d49456

ssdeep

3072:RsfjzvhE/URVIlOB1wW1mKe3EDI3SH0RgO8IZKwneCmGV3s13f:OJEsRVIe1wW1reUlH/Oown5lV3

authentihash 9620aaadcd9d238d9760403446b2da808b5eeb50594c2d68f49af4a44a9d104c

imphash 6ea6dd2f2e6b75823e57c2c5ad65f7d3

File size 428.0 KB ( 438272 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (34.2%) Win32 Executable (generic) (23.4%) Win16/32 Executable Delphi generic (10.7%) OS/2 Executable (generic) (10.5%) Generic Win/DOS Executable (10.4%)

VirusTotal metadata

First submission 2018-11-29 10:05:20 UTC ( 2 months, 3 weeks ago )

Last submission 2018-11-29 10:05:20 UTC ( 2 months, 3 weeks ago )

File names

securit
tQGOj3SwT6Ksf8ON.exe

SHA256:	10a2f3de8dd05c16beabcfcbfca18f9db0f39dc5bc1c27a7f399b0c901d49456
File name:	tQGOj3SwT6Ksf8ON.exe
Detection ratio:	46 / 68
Analysis date:	2018-12-01 06:46:52 UTC ( 2 months, 3 weeks ago ) View latest

Ciphered bundle