× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 141a7e92e3914c4a3039f26a392d02f2c6ec6b94040941f71c779699e9857828
File name: 2c29d8d386e7bd17cf95ac29acbaf669
Detection ratio: 26 / 66
Analysis date: 2018-09-05 01:19:35 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R236180 20180904
AVG FileRepMalware 20180904
Avira (no cloud) TR/Crypt.Agent.gniam 20180904
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180904
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.30c6bb 20180225
Cyren W32/GenBl.2C29D8D3!Olympus 20180904
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKJH 20180904
Fortinet W32/GenKryptik.CJTY!tr 20180904
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.cmv 20180904
K7AntiVirus Trojan ( 0053b8d31 ) 20180904
K7GW Trojan ( 0053b8d31 ) 20180904
Kaspersky Trojan-Banker.Win32.Emotet.bcka 20180905
Malwarebytes Trojan.Emotet 20180904
McAfee Emotet-FDM!2C29D8D386E7 20180904
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.hm 20180904
Microsoft Trojan:Win32/Emotet.AC!bit 20180904
NANO-Antivirus Trojan.Win32.Kryptik.fhfwol 20180904
Qihoo-360 HEUR/QVM20.1.A633.Malware.Gen 20180905
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180905
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180904
Symantec ML.Attribute.HighConfidence 20180904
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bcka 20180905
Ad-Aware 20180905
AegisLab 20180904
Alibaba 20180713
ALYac 20180904
Antiy-AVL 20180904
Arcabit 20180904
Avast 20180904
Avast-Mobile 20180904
AVware 20180823
Babable 20180902
BitDefender 20180904
Bkav 20180831
CAT-QuickHeal 20180904
ClamAV 20180905
CMC 20180904
Comodo 20180904
DrWeb 20180904
eGambit 20180905
Emsisoft 20180904
F-Prot 20180904
F-Secure 20180904
GData 20180904
Kingsoft 20180905
MAX 20180905
eScan 20180905
Palo Alto Networks (Known Signatures) 20180905
Panda 20180904
SUPERAntiSpyware 20180904
Symantec Mobile Insight 20180831
TACHYON 20180904
Tencent 20180905
TheHacker 20180904
TotalDefense 20180904
TrendMicro 20180905
TrendMicro-HouseCall 20180905
Trustlook 20180905
VBA32 20180904
VIPRE 20180905
ViRobot 20180904
Webroot 20180905
Yandex 20180904
Zillya 20180904
Zoner 20180904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-01 13:19:23
Entry Point 0x00001DF9
Number of sections 4
PE sections
PE imports
SetServiceBits
ObjectPrivilegeAuditAlarmA
QueryUsersOnEncryptedFile
GetTextCharsetInfo
GetDCPenColor
GetLogicalProcessorInformation
SetUserGeoID
FindFirstChangeNotificationA
GetModuleHandleA
PostQueuedCompletionStatus
FlsGetValue
SetFileBandwidthReservation
MprConfigInterfaceTransportRemove
NetGroupDel
DsReplicaGetInfo2W
RpcServerUseProtseqW
RpcServerUseProtseqExW
SHAppBarMessage
ChrCmpIA
UnionRect
InternetSetOptionW
InternetGetCookieW
StartDocPrinterW
AddFormW
OpenPrinterW
CryptCATAdminAcquireContext
g_rgSCardT1Pci
fgets
isprint
vfprintf
CreateAsyncBindCtxEx
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:09:01 13:19:23+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1df9

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2c29d8d386e7bd17cf95ac29acbaf669
SHA1 9cee47930c6bbc9d841ca84c9033ce436b9db8ae
SHA256 141a7e92e3914c4a3039f26a392d02f2c6ec6b94040941f71c779699e9857828
ssdeep
6144:v/w/8Q3ek+4dGTTy1dyzCkIdP02AOg6874Y21A9O:Hwhea0MozCkG/9GkK

authentihash b620a219469dd8c0889a7fe80a82799cac3cdde214b8e6867a1c3425359ff424
imphash dc020a6b84009d26e31dcbdfccdd8f36
File size 536.0 KB ( 548864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-05 01:19:35 UTC ( 5 months, 2 weeks ago )
Last submission 2018-09-05 01:19:35 UTC ( 5 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!