× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10a2f3de8dd05c16beabcfcbfca18f9db0f39dc5bc1c27a7f399b0c901d49456
File name: tQGOj3SwT6Ksf8ON.exe
Detection ratio: 46 / 68
Analysis date: 2018-12-01 06:46:52 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31384569 20181201
AegisLab Trojan.Win32.Emotet.4!c 20181201
AhnLab-V3 Trojan/Win32.Emotet.R246797 20181130
Alibaba TrojanSpy:Win32/Kryptik.6432c6a0 20180921
ALYac Trojan.Agent.Emotet 20181201
Arcabit Trojan.Autoruns.GenericS.D1DEE3F9 20181201
Avast Win32:BankerX-gen [Trj] 20181201
AVG Win32:BankerX-gen [Trj] 20181201
BitDefender Trojan.Autoruns.GenericKDS.31384569 20181201
CAT-QuickHeal Trojan.Emotet.X4 20181130
Comodo Malware@#ui75ywpd0ous 20181201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.b90d27 20180225
Cylance Unsafe 20181201
Cyren W32/Emotet.JX.gen!Eldorado 20181201
DrWeb Trojan.EmotetENT.313 20181201
Emsisoft Trojan.Emotet (A) 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNHH 20181201
F-Prot W32/Emotet.JX.gen!Eldorado 20181201
F-Secure Trojan.Autoruns.GenericKDS.31384569 20181201
Fortinet W32/Kryptik.GNFC!tr 20181201
GData Trojan.Autoruns.GenericKDS.31384569 20181201
Ikarus Trojan-Banker.Emotet 20181130
K7AntiVirus Riskware ( 0040eff71 ) 20181201
K7GW Riskware ( 0040eff71 ) 20181201
Kaspersky Trojan-Banker.Win32.Emotet.bske 20181201
Malwarebytes Trojan.Emotet 20181201
MAX malware (ai score=100) 20181201
McAfee Emotet-FKN!3A5C775B90D2 20181201
McAfee-GW-Edition Artemis!Trojan 20181201
Microsoft Trojan:Win32/Emotet.AC!bit 20181201
eScan Trojan.Autoruns.GenericKDS.31384569 20181201
Palo Alto Networks (Known Signatures) generic.ml 20181201
Panda Trj/Genetic.gen 20181130
Qihoo-360 HEUR/QVM20.1.8701.Malware.Gen 20181201
Rising Trojan.Kryptik!8.8 (CLOUD) 20181201
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181201
Symantec Trojan.Emotet 20181201
Trapmine malicious.high.ml.score 20181128
TrendMicro TSPY_EMOTET.THAABIAH 20181201
TrendMicro-HouseCall TSPY_EMOTET.THAABIAH 20181201
ViRobot Trojan.Win32.Z.Emotet.438272.A 20181130
Webroot W32.Trojan.Emotet 20181201
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bske 20181201
Antiy-AVL 20181201
Avast-Mobile 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
Bkav 20181129
ClamAV 20181130
CMC 20181130
eGambit 20181201
Sophos ML 20181128
Jiangmin 20181201
Kingsoft 20181201
NANO-Antivirus 20181201
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
Tencent 20181201
TheHacker 20181129
TotalDefense 20181201
Trustlook 20181201
VBA32 20181130
Yandex 20181130
Zillya 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation

Product Microsoft®
Internal name securit
File version 3.00.
Description V
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-29 10:01:37
Entry Point 0x0006384E
Number of sections 5
PE sections
PE imports
GetNamedPipeClientProcessId
GetModuleHandleA
GetTimeZoneInformation
LZSeek
DdeConnect
timeGetTime
CryptCATOpen
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
V

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
32768

EntryPoint
0x6384e

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation

FileVersion
3.00.

TimeStamp
2018:11:29 11:01:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
securit

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
409600

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 3a5c775b90d27d26b7def9847035f2be
SHA1 98a8395b7df55d7d958e54fbac71511d5e2ab0ce
SHA256 10a2f3de8dd05c16beabcfcbfca18f9db0f39dc5bc1c27a7f399b0c901d49456
ssdeep
3072:RsfjzvhE/URVIlOB1wW1mKe3EDI3SH0RgO8IZKwneCmGV3s13f:OJEsRVIe1wW1reUlH/Oown5lV3

authentihash 9620aaadcd9d238d9760403446b2da808b5eeb50594c2d68f49af4a44a9d104c
imphash 6ea6dd2f2e6b75823e57c2c5ad65f7d3
File size 428.0 KB ( 438272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-29 10:05:20 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-29 10:05:20 UTC ( 2 months, 3 weeks ago )
File names securit
tQGOj3SwT6Ksf8ON.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!