× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 125ce06b468bbdd05cc1c571411abf6e764e2e8ac055e731d30b53041612108c
File name: emotet_e2_125ce06b468bbdd05cc1c571411abf6e764e2e8ac055e731d30b530...
Detection ratio: 40 / 66
Analysis date: 2019-03-26 05:16:34 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190325
Ad-Aware Trojan.GenericKD.41139163 20190326
AhnLab-V3 Trojan/Win32.Agent.R260068 20190326
ALYac Trojan.GenericKD.41139163 20190326
Arcabit Trojan.Generic.D273BBDB 20190325
Avast Win32:DangerousSig [Trj] 20190326
AVG Win32:DangerousSig [Trj] 20190326
BitDefender Trojan.GenericKD.41139163 20190326
ClamAV Win.Malware.Razy-6904264-0 20190325
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.3b4501 20190325
DrWeb Trojan.MulDrop9.5592 20190326
Emsisoft Trojan.GenericKD.41139163 (B) 20190326
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GRFS 20190326
FireEye Generic.mg.0d4b4b33b4501fc6 20190326
Fortinet W32/Kryptik.GRFS!tr 20190326
GData Trojan.GenericKD.41139163 20190326
Ikarus Trojan.Win32.Crypt 20190325
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a7b41 ) 20190325
K7GW Trojan ( 0054a7b41 ) 20190326
Kaspersky Trojan-Banker.Win32.Emotet.cruq 20190326
Malwarebytes Trojan.Emotet 20190326
MAX malware (ai score=88) 20190326
McAfee GenericRXHG-WM!0D4B4B33B450 20190326
McAfee-GW-Edition Artemis!Trojan 20190325
Microsoft Trojan:Win32/Emotet.AC!bit 20190326
eScan Trojan.GenericKD.41139163 20190326
Palo Alto Networks (Known Signatures) generic.ml 20190326
Panda Trj/GdSda.A 20190325
Qihoo-360 HEUR/QVM20.1.0A99.Malware.Gen 20190326
Rising Trojan.Kryptik!8.8 (CLOUD) 20190326
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190326
Tencent Win32.Trojan.Falsesign.Glv 20190326
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TROJ_GEN.R023C0OCP19 20190326
VBA32 BScope.Malware-Cryptor.Emotet 20190325
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cruq 20190326
AegisLab 20190326
Alibaba 20190306
Antiy-AVL 20190326
Avast-Mobile 20190325
Avira (no cloud) 20190325
Babable 20180918
Baidu 20190318
Bkav 20190326
CAT-QuickHeal 20190325
CMC 20190321
Comodo 20190326
Cyren 20190326
eGambit 20190326
F-Secure 20190325
Jiangmin 20190326
Kingsoft 20190326
NANO-Antivirus 20190326
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190325
TACHYON 20190326
TheHacker 20190324
TotalDefense 20190325
Trustlook 20190326
ViRobot 20190325
Yandex 20190324
Zillya 20190324
Zoner 20190326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DISM.EXE
Internal name dism
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Dism Image Servicing Utility
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:39 AM 4/8/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-23 15:36:08
Entry Point 0x0001E140
Number of sections 4
PE sections
Overlays
MD5 74fb9c4dbe784280d303f00c22320800
File type data
Offset 208896
Size 3336
Entropy 7.35
PE imports
CreateJobObjectA
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
HeapDestroy
DebugBreak
ProcessIdToSessionId
SetConsoleCursorPosition
GetFileAttributesW
lstrcmpW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
GetVolumeInformationW
VerifyVersionInfoA
SetErrorMode
WideCharToMultiByte
WritePrivateProfileStringW
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
EncodePointer
OutputDebugStringA
SetLocaleInfoW
GetEnvironmentVariableW
SetLastError
_llseek
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
OutputDebugStringW
CancelTimerQueueTimer
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GlobalHandle
LoadLibraryA
RaiseException
FoldStringA
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
SetEnvironmentVariableW
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
TlsSetValue
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
IsProcessorFeaturePresent
UnlockFile
ExitThread
DecodePointer
SetEnvironmentVariableA
FindAtomW
SetProcessShutdownParameters
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
SetConsoleTitleA
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
MoveFileWithProgressW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GlobalFindAtomW
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
GetDateFormatW
CreateTimerQueueTimer
FreeResource
SetVolumeMountPointW
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
GetConsoleAliasesA
AddAtomW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
WTSGetActiveConsoleSessionId
HeapValidate
CompareStringA
FreeConsole
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetUserDefaultLCID
GetPrivateProfileIntW
GetTempPathW
CreateEventW
FindFirstVolumeA
EnumTimeFormatsA
CreateFileW
WriteConsoleA
GetFileType
SetFileTime
CreateFileA
HeapAlloc
GetCurrencyFormatW
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetThreadLocale
OpenThread
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
HeapSize
GetCurrentProcessId
OpenSemaphoreA
LockResource
ContinueDebugEvent
GetCommandLineW
GetCurrentDirectoryA
GetAtomNameW
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
UnhandledExceptionFilter
TerminateProcess
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
OpenMutexW
lstrcpynA
ReadConsoleOutputCharacterA
GetACP
GlobalLock
GetModuleHandleW
BindIoCompletionCallback
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
TlsGetValue
lstrcmpiW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
IsBadReadPtr
IsBadStringPtrA
SetThreadPriority
SetComputerNameExW
VirtualAlloc
GetTimeFormatA
SHGetFileInfoA
ShellExecuteExA
DragFinish
SHInvokePrinterCommandW
SHQueryRecycleBinW
ShellHookProc
SHInvokePrinterCommandA
SHGetIconOverlayIndexW
SHGetPathFromIDList
SHGetDesktopFolder
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetMalloc
StrCmpNA
StrStrIA
StrRStrIA
WindowFromPoint
RedrawWindow
EnumWindowStationsA
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
MoveWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
ValidateRect
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
SetTimer
DispatchMessageA
EndPaint
ScrollWindowEx
MessageBoxA
SetDlgItemInt
IntersectRect
PeekMessageA
GetMessageTime
SetMenuItemInfoW
SendMessageW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
DdeInitializeA
GetDlgCtrlID
DefFrameProcW
UnregisterClassA
EndMenu
TranslateMessage
CharUpperW
SendMessageA
UnregisterClassW
GetClassInfoW
CreateAcceleratorTableW
DefWindowProcW
DrawTextW
LoadImageW
GetNextDlgTabItem
SetCursorPos
CallNextHookEx
MsgWaitForMultipleObjectsEx
GetClientRect
TrackPopupMenu
GetActiveWindow
OpenClipboard
GetWindowTextW
SetDlgItemTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
GetTopWindow
GetKeyState
DestroyWindow
DrawEdge
GetClassInfoExW
SystemParametersInfoA
GetWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMenuState
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
EnumDisplayMonitors
GetClipboardFormatNameA
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
LockWindowUpdate
LoadIconW
GetMenuItemRect
IsWindowEnabled
GetDlgItemTextW
GetDlgItemInt
SetClipboardData
GetMenuBarInfo
GetMenuItemID
CharNextExA
GetIconInfo
MsgWaitForMultipleObjects
DdeQueryConvInfo
RegisterClassW
ScrollWindow
IsZoomed
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
DrawMenuBar
OemToCharBuffA
EnableMenuItem
TrackPopupMenuEx
GetScrollPos
DrawFocusRect
GetDCEx
GetKeyboardLayout
FillRect
EnumThreadWindows
MonitorFromPoint
CopyRect
DeferWindowPos
GetDialogBaseUnits
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetGUIThreadInfo
GetMenuStringW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
DrawAnimatedRects
ReleaseCapture
SetCapture
SystemParametersInfoW
OffsetRect
DefMDIChildProcW
GetAltTabInfo
CopyIcon
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
SendNotifyMessageW
TranslateAcceleratorW
GetClipboardData
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetRectEmpty
UpdateWindow
PostMessageA
DrawIcon
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
SetProcessDefaultLayout
GetScrollInfo
WaitMessage
CreatePopupMenu
ShowCaret
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
ActivateKeyboardLayout
GetKeyboardState
CheckRadioButton
ReuseDDElParam
GetMenuItemCount
SetParent
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
IsDialogMessageW
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
SetFocus
GetMenuItemInfoW
EmptyClipboard
CreateDialogIndirectParamW
CharLowerBuffW
DrawTextExW
EndDialog
ModifyMenuW
HideCaret
FindWindowW
GetCapture
BeginPaint
RealGetWindowClass
ScreenToClient
SetWindowLongW
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
GetMenu
MonitorFromRect
FlashWindowEx
SetMenu
IsWindowUnicode
LoadKeyboardLayoutW
DdePostAdvise
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
DestroyIcon
wsprintfW
IsWindowVisible
WinHelpW
UnpackDDElParam
GetWindowContextHelpId
GetWindowInfo
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CharNextW
CallWindowProcW
GetClassNameW
TranslateMDISysAccel
CreateIcon
UnregisterDeviceNotification
IsRectEmpty
GetCursor
GetFocus
BeginDeferWindowPos
InsertMenuItemW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
86528

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
DISM.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:23 16:36:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dism

ProductVersion
6.1.7600.16385

FileDescription
Dism Image Servicing Utility

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
121344

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1e140

ObjectFileType
Executable application

File identification
MD5 0d4b4b33b4501fc6296e0ead7f348839
SHA1 0d26c6a46d0dd18326f93df62dc6e23d32483cb3
SHA256 125ce06b468bbdd05cc1c571411abf6e764e2e8ac055e731d30b53041612108c
ssdeep
3072:eiI0G8FBMlX+V7WxQxxOoI+9PDjbPxn5t1M1r52YJ40W2mI56nrt9z:gOMlXIAQxiujbPxn5XOGAWrbz

authentihash 08412aed378a6deae7f0c4b0c6d272d327e44d916e41801c6386ce39b9e74e16
imphash b00428bbe5fe036cdbb5f0daab514f91
File size 207.3 KB ( 212232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-23 15:47:31 UTC ( 1 month, 4 weeks ago )
Last submission 2019-03-26 05:16:34 UTC ( 1 month, 3 weeks ago )
File names emotet_e2_125ce06b468bbdd05cc1c571411abf6e764e2e8ac055e731d30b53041612108c_2019-03-23__154006.exe_
dism
DISM.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections