× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11150e8002826625051a55093594893fc278ee5e2a6c5275413121d41f47a72c
File name: 11150e8002826625051a55093594893fc278ee5e2a6c5275413121d41f47a72c
Detection ratio: 42 / 68
Analysis date: 2018-08-19 21:29:48 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40410290 20180819
ALYac Trojan.GenericKD.40410290 20180819
Arcabit Trojan.Generic.D2689CB2 20180819
Avast Win32:GenX 20180819
AVG Win32:GenX 20180819
AVware Trojan.Win32.Generic!BT 20180819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180818
BitDefender Trojan.GenericKD.40410290 20180819
ClamAV Win.Trojan.Agent-6651307-0 20180819
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.7f2270 20180225
Cylance Unsafe 20180819
Emsisoft Trojan.GenericKD.40410290 (B) 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CIMY 20180819
F-Secure Trojan.GenericKD.40410290 20180819
Fortinet W32/Kryptik.GJBH!tr 20180819
GData Trojan.GenericKD.40410290 20180819
Ikarus Trojan.Win32.Krypt 20180819
Sophos ML heuristic 20180717
K7GW Trojan ( 0053abb11 ) 20180819
Kaspersky Trojan-Banker.Win32.Shiotob.aaap 20180819
Malwarebytes Trojan.Emotet 20180819
MAX malware (ai score=100) 20180819
McAfee GenericRXGH-PQ!C5807E6488E8 20180819
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20180819
Microsoft Trojan:Win32/Emotet.AC!bit 20180819
eScan Trojan.GenericKD.40410290 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Panda Trj/GdSda.A 20180819
Qihoo-360 Win32/Trojan.3f0 20180819
Rising Trojan.Kryptik!8.8 (CLOUD) 20180819
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/FakeAV-IS 20180819
Symantec Trojan.Emotet 20180819
Tencent Win32.Trojan-banker.Shiotob.Syhk 20180819
TrendMicro TROJ_GEN.USHI18 20180819
TrendMicro-HouseCall TROJ_GEN.USHI18 20180819
VBA32 BScope.TrojanBanker.Emotet 20180817
VIPRE Trojan.Win32.Generic!BT 20180819
Webroot W32.Trojan.Emotet 20180819
ZoneAlarm by Check Point Trojan-Banker.Win32.Shiotob.aaap 20180819
AegisLab 20180819
AhnLab-V3 20180819
Alibaba 20180713
Antiy-AVL 20180819
Avast-Mobile 20180819
Avira (no cloud) 20180819
Babable 20180725
Bkav 20180817
CAT-QuickHeal 20180819
CMC 20180817
Comodo 20180819
Cyren 20180819
DrWeb 20180819
eGambit 20180819
F-Prot 20180819
Jiangmin 20180819
K7AntiVirus 20180819
Kingsoft 20180819
NANO-Antivirus 20180819
SUPERAntiSpyware 20180819
Symantec Mobile Insight 20180814
TACHYON 20180819
TheHacker 20180818
TotalDefense 20180818
Trustlook 20180819
ViRobot 20180819
Yandex 20180818
Zillya 20180817
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation.

Product Microsoft® Windows® Operating S
Internal name hrtEW@!@!@rl;
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-18 16:45:22
Entry Point 0x00022DB5
Number of sections 5
PE sections
PE imports
IsValidSid
RegDeleteValueW
GetSecurityDescriptorControl
IsWellKnownSid
CreateWellKnownSid
ImageList_Create
PrintDlgExW
CryptSignAndEncodeCertificate
CryptInstallOIDFunctionAddress
CertDuplicateCRLContext
CertSetEnhancedKeyUsage
GetMetaFileBitsEx
GetArcDirection
CopyMetaFileW
ScaleWindowExtEx
UnrealizeObject
GetDIBits
Ellipse
ImmDestroyContext
SetFileAttributesA
GetModuleHandleA
FindAtomW
GetNamedPipeInfo
EraseTape
DeleteFiber
GetCurrentDirectoryA
GetTempPathW
GetTimeZoneInformation
FlsGetValue
GetStringTypeExA
FlsFree
SleepEx
DsGetDomainControllerInfoW
VarUI1FromStr
RasSetAutodialParamA
RasGetSubEntryPropertiesA
NdrCorrelationInitialize
I_RpcMapWin32Status
CM_Get_DevNode_Custom_PropertyW
SetupDiCancelDriverInfoSearch
CM_Open_DevNode_Key
SetupDiGetDeviceRegistryPropertyW
DuplicateIcon
SHGetFolderPathA
DragFinish
SHAppBarMessage
PathFindSuffixArrayW
SHDeleteValueA
GetWindowThreadProcessId
wsprintfA
GetClassNameW
SendMessageW
DeferWindowPos
DlgDirSelectComboBoxExW
ScrollWindow
MonitorFromWindow
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersW
CryptSIPRemoveSignedDataMsg
CryptCATAdminReleaseContext
SCardIntroduceCardTypeA
strncmp
CoWaitForMultipleHandles
RevokeBindStatusCallback
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
29696

EntryPoint
0x22db5

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation.

TimeStamp
2018:08:18 17:45:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrtEW@!@!@rl;

ProductVersion
666.1.2.4

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
147456

ProductName
Microsoft Windows Operating S

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c5807e6488e89569169facdae30afa98
SHA1 c111a517f2270696c3f5b4f2c72306dac70c07d9
SHA256 11150e8002826625051a55093594893fc278ee5e2a6c5275413121d41f47a72c
ssdeep
3072:WJ/l+eC45RW9lJZgo30fB2bdiJ8M9iwZQnKQzNPoN:67OlJPksxiO9wZQnKQzN

authentihash 2710cbc48f79d1b90c021fc372c149723a0626506d4697f6a38b7bb46172c8b6
imphash f262e4f37bd709561a70003e9ede22db
File size 174.0 KB ( 178176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-18 09:47:46 UTC ( 6 months ago )
Last submission 2018-08-23 11:37:25 UTC ( 5 months, 3 weeks ago )
File names 27781168.EXE
hrtEW@!@!@rl;
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!