× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 137d5eef88bfc23e9462895fe371c52f7339d232ddfa56d19aa57e1987f116f5
File name: emotet_e1_137d5eef88bfc23e9462895fe371c52f7339d232ddfa56d19aa57e1...
Detection ratio: 45 / 70
Analysis date: 2019-03-19 06:37:53 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Gen:Variant.Ulise.32940 20190319
AhnLab-V3 Malware/Win32.Trojanspy.C3099389 20190319
ALYac Trojan.Agent.Emotet 20190319
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190319
Arcabit Trojan.Ulise.D80AC 20190319
Avast Win32:BankerX-gen [Trj] 20190319
AVG Win32:BankerX-gen [Trj] 20190319
Avira (no cloud) TR/Crypt.Agent.cqkvm 20190318
BitDefender Gen:Variant.Ulise.32940 20190319
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cylance Unsafe 20190319
Cyren W32/Trojan.BQNW-3131 20190319
Emsisoft Gen:Variant.Ulise.32940 (B) 20190319
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190319
F-Prot W32/Emotet.RB.gen!Eldorado 20190319
F-Secure Trojan.TR/Crypt.Agent.cqkvm 20190319
Fortinet W32/Kryptik.CBF!tr 20190319
GData Gen:Variant.Ulise.32940 20190319
Ikarus Trojan-Banker.Emotet 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 005020241 ) 20190319
Kaspersky Trojan-Banker.Win32.Emotet.cokn 20190319
Malwarebytes Trojan.Emotet 20190319
MAX malware (ai score=85) 20190319
McAfee Emotet-FMI!CBDC08F03A9F 20190319
McAfee-GW-Edition Emotet-FMI!CBDC08F03A9F 20190319
Microsoft Trojan:Win32/Emotet.AC!bit 20190319
eScan Gen:Variant.Ulise.32940 20190319
NANO-Antivirus Trojan.Win32.Kryptik.fobnwp 20190319
Palo Alto Networks (Known Signatures) generic.ml 20190319
Panda Trj/GdSda.A 20190318
Qihoo-360 HEUR/QVM20.1.DF45.Malware.Gen 20190319
Rising Trojan.Kryptik!8.8 (CLOUD) 20190319
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190319
Symantec Packed.Generic.459 20190319
Tencent Win32.Trojan.Falsesign.Tcme 20190319
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.SMF 20190319
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMF 20190319
VBA32 BScope.Malware-Cryptor.Emotet 20190318
Webroot W32.Trojan.Emotet 20190319
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cokn 20190319
AegisLab 20190318
Alibaba 20190306
Avast-Mobile 20190318
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190318
CMC 20190318
Comodo 20190319
Cybereason 20190109
DrWeb 20190319
eGambit 20190319
Jiangmin 20190319
K7GW 20190315
Kingsoft 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190319
ViRobot 20190319
Yandex 20190318
Zillya 20190318
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Cmd.Exe
Internal name cmd
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Command Processor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:06 AM 4/14/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 22:41:53
Entry Point 0x00001930
Number of sections 4
PE sections
Overlays
MD5 e9dcf8c0986b58d2d060eb6fa8387ac0
File type data
Offset 230912
Size 3336
Entropy 7.34
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
EncodePointer
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCommState
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetCommProperties
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
InterlockedIncrement
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
SetupComm
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
Shell_NotifyIconW
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SetForegroundWindow
SendMessageTimeoutA
DdeCreateStringHandleA
LoadStringA
FlashWindow
TranslateAccelerator
CreateIconFromResource
MessageBoxA
GetDCEx
GetTopWindow
GetMessageTime
InvalidateRgn
Number of PE resources by type
RT_ICON 10
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Command Processor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
107520

EntryPoint
0x1930

OriginalFileName
Cmd.Exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2019:03:15 23:41:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmd

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
122368

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cbdc08f03a9f405b084bb01acf7f2855
SHA1 fa1fb5856f0f93df3e7d37491f44a7650b5aaecb
SHA256 137d5eef88bfc23e9462895fe371c52f7339d232ddfa56d19aa57e1987f116f5
ssdeep
3072:iqp/0A4Hk2GgrQCz+VGUbqPM902yHydViPaYC730jjyGMC:vM9E29z+VGUQM9UHQo1Q3EmK

authentihash 965177fced7fb050b9c044965697188b7863c33766f103207ecacc2a09fe1f60
imphash a414760ef2239032ece2925d3d5e1988
File size 228.8 KB ( 234248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 22:48:16 UTC ( 1 month ago )
Last submission 2019-03-16 04:03:19 UTC ( 1 month ago )
File names 2TD3CXI3.exe
cmd
emotet_e1_137d5eef88bfc23e9462895fe371c52f7339d232ddfa56d19aa57e1987f116f5_2019-03-15__225001.exe_
Cmd.Exe
CnAGZSyOc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections