× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 133a1ac5f3414437d641ddc181c744b936ffed36cf93ce4c0eec12b0c65814e0
File name: 133a1ac5f3414437d641ddc181c744b936ffed36cf93ce4c0eec12b0c65814e0
Detection ratio: 12 / 70
Analysis date: 2019-02-09 01:03:27 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190208
AVG FileRepMalware 20190208
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190209
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Fuerboos.C!cl 20190209
Qihoo-360 HEUR/QVM19.1.19FF.Malware.Gen 20190209
Rising Trojan.Emotet!8.B95/N3#99% (RDM+:cmRtazpjmPuv1weaBpEFrf5bkcjF) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190209
Trapmine malicious.moderate.ml.score 20190123
Ad-Aware 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190208
Antiy-AVL 20190208
Arcabit 20190208
Avast 20190208
Avast-Mobile 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
BitDefender 20190208
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
Cybereason 20190109
Cyren 20190208
DrWeb 20190208
eGambit 20190209
Emsisoft 20190208
ESET-NOD32 20190209
F-Prot 20190208
F-Secure 20190209
Fortinet 20190209
GData 20190209
Ikarus 20190208
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kaspersky 20190208
Kingsoft 20190209
Malwarebytes 20190209
MAX 20190209
McAfee 20190209
McAfee-GW-Edition 20190208
eScan 20190208
NANO-Antivirus 20190209
Palo Alto Networks (Known Signatures) 20190209
Panda 20190208
Sophos AV 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190209
TheHacker 20190203
TotalDefense 20190206
TrendMicro 20190209
TrendMicro-HouseCall 20190208
Trustlook 20190209
VBA32 20190208
ViRobot 20190208
Webroot 20190209
Yandex 20190208
Zillya 20190208
ZoneAlarm by Check Point 20190209
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights

Product Microso
Original name nsi.dll
Internal name PR3221
File version 6.1.76
Description Netscape 32-bit Portable Runtime
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-09 09:00:37
Entry Point 0x0000ECF9
Number of sections 5
PE sections
PE imports
GetCalendarInfoEx
FindNextVolumeW
IsSystemResumeAutomatic
GetModuleHandleW
GetLongPathNameW
GetFileVersionInfoSizeW
SCardCancel
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Netscape, Mozilla

SubsystemVersion
5.0

InitializedDataSize
302592

ImageVersion
0.0

ProductName
Microso

FileVersionNumber
4.5.1.48

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
nsi.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.76

TimeStamp
2019:02:09 10:00:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PR3221

ProductVersion
6.1

FileDescription
Netscape 32-bit Portable Runtime

OSVersion
5.0

FileOS
Windows 32-bit

LegalCopyright
Microsoft Corporation. All rights

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
63488

FileSubtype
0

ProductVersionNumber
4.5.1.48

EntryPoint
0xecf9

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 bea3147eeaae7b06f7f3589674e34a66
SHA1 918a44b1fd69d6ec1badeac0e9720ce1ff2ef667
SHA256 133a1ac5f3414437d641ddc181c744b936ffed36cf93ce4c0eec12b0c65814e0
ssdeep
3072:WYmGucGvEXVk+Cd9uG9bfpbi/mSyqS0Mu4FpbBZB9GnghS5lahBReiJLyIW4L1C9:aG5yqbMBFpb5cgE56eGHW

authentihash 7d753c713caa4f5cdd6ef2406d6b60880c3ce5545ae707b88458bfd94b04e49e
imphash eefb1c3a125899dc55d7920ae8e8d814
File size 350.5 KB ( 358912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-09 01:03:27 UTC ( 1 month, 2 weeks ago )
Last submission 2019-02-09 19:23:11 UTC ( 1 month, 2 weeks ago )
File names nsi.dll
PR3221
c6eqL6tLkv.exe
229.exe
emotet_e1_133a1ac5f3414437d641ddc181c744b936ffed36cf93ce4c0eec12b0c65814e0_2019-02-09__010502.exe_
NC5HVXupqNx.exe
mYggOfN6jv.exe
133a1ac5f3414437d641ddc181c744b936ffed36cf93ce4c0eec12b0c65814e0.exe
QpEa9vohN.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!