× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 1649f73e61b675b0878888fcd0c729cb51128b164d0ad8e53eb8ba28f4b331c3
File name: 2.exe
Detection ratio: 12 / 67
Analysis date: 2018-06-18 12:54:29 UTC ( 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R230152 20180618
Avast Win32:Malware-gen 20180618
Avira (no cloud) TR/Crypt.XPACK.Gen 20180618
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.d5ba5b 20180225
Cylance Unsafe 20180618
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Qihoo-360 HEUR/QVM20.1.ECFB.Malware.Gen 20180618
SentinelOne (Static ML) static engine - malicious 20180617
Symantec ML.Attribute.HighConfidence 20180618
Webroot W32.Trojan.Emotet 20180618
Ad-Aware 20180618
AegisLab 20180618
Alibaba 20180615
ALYac 20180618
Antiy-AVL 20180618
Arcabit 20180618
Avast-Mobile 20180618
AVG 20180618
AVware 20180618
Babable 20180406
Baidu 20180615
BitDefender 20180618
Bkav 20180618
CAT-QuickHeal 20180618
ClamAV 20180618
CMC 20180618
Comodo 20180618
Cyren 20180618
DrWeb 20180618
eGambit 20180618
Emsisoft 20180618
ESET-NOD32 20180618
F-Prot 20180618
F-Secure 20180618
Fortinet 20180618
GData 20180618
Ikarus 20180618
Jiangmin 20180618
K7AntiVirus 20180618
K7GW 20180618
Kaspersky 20180618
Kingsoft 20180618
Malwarebytes 20180618
MAX 20180618
McAfee 20180618
McAfee-GW-Edition 20180618
Microsoft 20180618
eScan 20180618
NANO-Antivirus 20180618
Palo Alto Networks (Known Signatures) 20180618
Panda 20180618
Rising 20180618
Sophos AV 20180618
SUPERAntiSpyware 20180617
Symantec Mobile Insight 20180614
TACHYON 20180618
Tencent 20180618
TheHacker 20180613
TrendMicro 20180618
TrendMicro-HouseCall 20180618
Trustlook 20180618
VBA32 20180618
VIPRE 20180618
ViRobot 20180618
Yandex 20180618
Zillya 20180615
ZoneAlarm by Check Point 20180618
Zoner 20180618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-18 07:20:23
Entry Point 0x00001A3B
Number of sections 6
PE sections
Overlays
MD5 b05e5241ab1569d951afa7f5a0835273
File type data
Offset 190976
Size 1074
Entropy 2.80
PE imports
[+] ADVAPI32.dll
GetSecurityDescriptorDacl
EnumServicesStatusW
RegSetKeySecurity
[+] GDI32.dll
GetDeviceCaps
PlayMetaFileRecord
GetWindowExtEx
CreateHalftonePalette
CopyEnhMetaFileW
SetLayout
GetWorldTransform
UnrealizeObject
DPtoLP
ExtSelectClipRgn
[+] KERNEL32.dll
GetSystemTime
GlobalGetAtomNameW
GlobalReAlloc
lstrcmpiA
GetThreadUILanguage
GetCommandLineA
GetNamedPipeClientSessionId
[+] OLEAUT32.dll
VarR8FromR4
SafeArrayCopy
[+] RPCRT4.dll
I_RpcServerRegisterForwardFunction
RpcServerUseProtseqA
RpcServerRegisterIf
RpcAsyncInitializeHandle
[+] SETUPAPI.dll
SetupOpenLog
[+] USER32.dll
GetSubMenu
GetDCEx
GetParent
GetActiveWindow
IsWindowVisible
CreateIconIndirect
GetThreadDesktop
GetClientRect
PeekMessageA
GetDlgItem
GetQueueStatus
ClientToScreen
CloseWindowStation
[+] WINSPOOL.DRV
AddPrinterConnectionW
[+] WinSCard.dll
SCardSetCardTypeProviderNameW
[+] ole32.dll
OleCreateEmbeddingHelper
[+] urlmon.dll
CoInternetCreateZoneManager
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:18 08:20:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15360

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1a3b

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 718826050bd788cdc6cf87252a2ad870
SHA1 ff78a86d5ba5b7fab859151d69c2a7aa1deff3a2
SHA256 1649f73e61b675b0878888fcd0c729cb51128b164d0ad8e53eb8ba28f4b331c3
ssdeep
3072:OND1CHdbf0UPNYou8f+X8AO4zH5B9Lx4Wybk0rKkWuDh+SPi0hAbVSzxfk:ONDotus+X9O4b5BDjp0riu9+SPi0hAbf

authentihash a500ad3548ec9885a112640bbfad428da7e95b67a9d98f9cb9fa7187177b9a18
imphash 66b3ffcae7a66eb1e781395d8b1d532c
File size 187.5 KB ( 192050 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.3%)
Win32 Executable (generic) (23.5%)
OS/2 Executable (generic) (10.6%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-18 12:54:29 UTC ( 8 months ago )
Last submission 2018-07-08 22:12:46 UTC ( 7 months, 2 weeks ago )
File names 718826050bd788cdc6cf87252a2ad870.virobj
2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy