× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1241fdd8588b85e3f75b86083754d6425e32783f70bfdd7350a5b448541bee84
File name: D7A5B300.exe
Detection ratio: 43 / 70
Analysis date: 2019-02-13 00:01:21 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190212
Ad-Aware Trojan.Autoruns.GenericKDS.41007495 20190213
AhnLab-V3 Malware/Win32.Generic.R254847 20190212
ALYac Trojan.GenericKD.31681452 20190213
Arcabit Trojan.Autoruns.GenericS.D271B987 20190212
Avast Win32:BankerX-gen [Trj] 20190212
AVG Win32:BankerX-gen [Trj] 20190212
BitDefender Trojan.Autoruns.GenericKDS.41007495 20190212
CAT-QuickHeal Trojan.Emotet.X4 20190212
Comodo Malware@#lhzpjw1n15u1 20190212
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190213
Cyren W32/Trojan.OUZG-6053 20190212
DrWeb Trojan.DownLoader27.30674 20190213
Emsisoft Trojan.Autoruns.GenericKDS.41007495 (B) 20190213
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CZAD 20190213
Fortinet W32/GenKryptik.CZAD!tr 20190212
GData Trojan.Autoruns.GenericKDS.41007495 20190213
Ikarus Trojan-Banker.Emotet 20190212
K7AntiVirus Trojan ( 0054770c1 ) 20190212
K7GW Trojan ( 0054770c1 ) 20190212
Kaspersky Trojan-Banker.Win32.Emotet.cfbx 20190212
Malwarebytes Trojan.Emotet 20190212
McAfee RDN/Generic.dx 20190213
McAfee-GW-Edition RDN/Generic.dx 20190212
Microsoft Trojan:Win32/Emotet.AC!bit 20190212
eScan Trojan.Autoruns.GenericKDS.41007495 20190212
NANO-Antivirus Virus.Win32.Gen.ccmw 20190213
Palo Alto Networks (Known Signatures) generic.ml 20190213
Panda Trj/Genetic.gen 20190212
Qihoo-360 HEUR/QVM20.1.2517.Malware.Gen 20190213
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190212
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190212
Symantec Trojan.Emotet 20190212
Tencent Win32.Trojan-banker.Emotet.Hqlo 20190213
TrendMicro TrojanSpy.Win32.EMOTET.THBAAAI 20190212
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THBAAAI 20190212
VBA32 BScope.Trojan.Refinka 20190212
ViRobot Trojan.Win32.Z.Genkryptik.468480 20190212
Webroot W32.Trojan.Emotet 20190213
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cfbx 20190212
AegisLab 20190212
Alibaba 20180921
Antiy-AVL 20190212
Avast-Mobile 20190212
Avira (no cloud) 20190212
Babable 20180918
Baidu 20190202
Bkav 20190201
ClamAV 20190212
CMC 20190212
Cybereason 20190109
eGambit 20190213
F-Prot 20190212
F-Secure 20190212
Sophos ML 20181128
Jiangmin 20190212
Kingsoft 20190213
MAX 20190213
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190212
TheHacker 20190212
TotalDefense 20190212
Trapmine 20190123
Trustlook 20190213
Yandex 20190212
Zillya 20190212
Zoner 20190213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corpor

Product Microsoft®
Original name kb
Internal name kb
File version 6.1
Description Lithuania
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-10 23:41:23
Entry Point 0x00011154
Number of sections 5
PE sections
PE imports
IsSystemResumeAutomatic
GetCalendarInfoEx
GetModuleHandleW
GetCurrentPowerPolicies
RegisterWindowMessageW
UpdateWindow
DestroyWindow
DefWindowProcW
FindWindowW
PostQuitMessage
SetWindowPos
RegisterClassExW
SetWindowPlacement
MoveWindow
SetActiveWindow
CreateDialogParamW
CheckMenuItem
SendMessageW
GetWindowPlacement
CloseClipboard
SetCursor
SetScrollPos
InvalidateRect
IsClipboardFormatAvailable
LoadImageW
GetKeyboardLayout
GetWindowTextW
LoadCursorW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
EnableWindow
GetUpdateRect
CharNextW
OpenClipboard
GetClassFileOrMime
Number of PE resources by type
RT_RCDATA 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SWEDISH 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
399360

ImageVersion
0.0

ProductName
Microsoft

FileVersionNumber
4.0.0.950

UninitializedDataSize
0

LanguageCode
Swedish

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
kb

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1

TimeStamp
2019:02:11 00:41:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kb

ProductVersion
6

FileDescription
Lithuania

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Microsoft Corpor

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpo

CodeSize
76288

FileSubtype
0

ProductVersionNumber
4.0.0.950

Warning
Possibly corrupt Version resource

EntryPoint
0x11154

ObjectFileType
Dynamic link library

File identification
MD5 22a443879c796dbf8c08a954ca053d3a
SHA1 edc65317febdf73b12e5f1ce1c551e001c5f3f62
SHA256 1241fdd8588b85e3f75b86083754d6425e32783f70bfdd7350a5b448541bee84
ssdeep
3072:a1inQIq5sy+tdzLp2m7ezWN1wMhGXwaShHb9et4ZdH+8NPPHlRv/jsOji8Hv+zjo:5XGX+hHEyZ5DNP3/4uHHv25

authentihash 3deb211613b8376a6cfc292b5acdce81c9300681c7c8123c7882113fafa90244
imphash 05dccdce09a305fccbbd1579f105c465
File size 457.5 KB ( 468480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-10 23:45:13 UTC ( 2 months, 1 week ago )
Last submission 2019-02-11 00:39:12 UTC ( 2 months, 1 week ago )
File names kb
D7A5B300.exe
mpnMWbkzU48.exe
reswadam.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!