× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1649f73e61b675b0878888fcd0c729cb51128b164d0ad8e53eb8ba28f4b331c3
File name: 2.exe
Detection ratio: 12 / 67
Analysis date: 2018-06-18 12:54:29 UTC ( 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R230152 20180618
Avast Win32:Malware-gen 20180618
Avira (no cloud) TR/Crypt.XPACK.Gen 20180618
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.d5ba5b 20180225
Cylance Unsafe 20180618
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Qihoo-360 HEUR/QVM20.1.ECFB.Malware.Gen 20180618
SentinelOne (Static ML) static engine - malicious 20180617
Symantec ML.Attribute.HighConfidence 20180618
Webroot W32.Trojan.Emotet 20180618
Ad-Aware 20180618
AegisLab 20180618
Alibaba 20180615
ALYac 20180618
Antiy-AVL 20180618
Arcabit 20180618
Avast-Mobile 20180618
AVG 20180618
AVware 20180618
Babable 20180406
Baidu 20180615
BitDefender 20180618
Bkav 20180618
CAT-QuickHeal 20180618
ClamAV 20180618
CMC 20180618
Comodo 20180618
Cyren 20180618
DrWeb 20180618
eGambit 20180618
Emsisoft 20180618
ESET-NOD32 20180618
F-Prot 20180618
F-Secure 20180618
Fortinet 20180618
GData 20180618
Ikarus 20180618
Jiangmin 20180618
K7AntiVirus 20180618
K7GW 20180618
Kaspersky 20180618
Kingsoft 20180618
Malwarebytes 20180618
MAX 20180618
McAfee 20180618
McAfee-GW-Edition 20180618
Microsoft 20180618
eScan 20180618
NANO-Antivirus 20180618
Palo Alto Networks (Known Signatures) 20180618
Panda 20180618
Rising 20180618
Sophos AV 20180618
SUPERAntiSpyware 20180617
Symantec Mobile Insight 20180614
TACHYON 20180618
Tencent 20180618
TheHacker 20180613
TrendMicro 20180618
TrendMicro-HouseCall 20180618
Trustlook 20180618
VBA32 20180618
VIPRE 20180618
ViRobot 20180618
Yandex 20180618
Zillya 20180615
ZoneAlarm by Check Point 20180618
Zoner 20180618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-18 07:20:23
Entry Point 0x00001A3B
Number of sections 6
PE sections
Overlays
MD5 b05e5241ab1569d951afa7f5a0835273
File type data
Offset 190976
Size 1074
Entropy 2.80
PE imports
GetSecurityDescriptorDacl
EnumServicesStatusW
RegSetKeySecurity
GetDeviceCaps
PlayMetaFileRecord
GetWindowExtEx
CreateHalftonePalette
CopyEnhMetaFileW
SetLayout
GetWorldTransform
UnrealizeObject
DPtoLP
ExtSelectClipRgn
GetSystemTime
GlobalGetAtomNameW
GlobalReAlloc
lstrcmpiA
GetThreadUILanguage
GetCommandLineA
GetNamedPipeClientSessionId
VarR8FromR4
SafeArrayCopy
I_RpcServerRegisterForwardFunction
RpcServerUseProtseqA
RpcServerRegisterIf
RpcAsyncInitializeHandle
SetupOpenLog
GetSubMenu
GetDCEx
GetParent
GetActiveWindow
IsWindowVisible
CreateIconIndirect
GetThreadDesktop
GetClientRect
PeekMessageA
GetDlgItem
GetQueueStatus
ClientToScreen
CloseWindowStation
AddPrinterConnectionW
SCardSetCardTypeProviderNameW
OleCreateEmbeddingHelper
CoInternetCreateZoneManager
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:18 08:20:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15360

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1a3b

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 718826050bd788cdc6cf87252a2ad870
SHA1 ff78a86d5ba5b7fab859151d69c2a7aa1deff3a2
SHA256 1649f73e61b675b0878888fcd0c729cb51128b164d0ad8e53eb8ba28f4b331c3
ssdeep
3072:OND1CHdbf0UPNYou8f+X8AO4zH5B9Lx4Wybk0rKkWuDh+SPi0hAbVSzxfk:ONDotus+X9O4b5BDjp0riu9+SPi0hAbf

authentihash a500ad3548ec9885a112640bbfad428da7e95b67a9d98f9cb9fa7187177b9a18
imphash 66b3ffcae7a66eb1e781395d8b1d532c
File size 187.5 KB ( 192050 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.3%)
Win32 Executable (generic) (23.5%)
OS/2 Executable (generic) (10.6%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-18 12:54:29 UTC ( 8 months ago )
Last submission 2018-07-08 22:12:46 UTC ( 7 months, 2 weeks ago )
File names 718826050bd788cdc6cf87252a2ad870.virobj
2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!