× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16a3ea240943674cb29057f0431de7299cc102652cd7c4c289293104f56bc3ff
File name: cf6e87af545745f6bb6ab4fa7161badb.virus
Detection ratio: 37 / 69
Analysis date: 2018-10-09 20:38:09 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.KC 20181009
AhnLab-V3 Trojan/Win32.Emotet.R238622 20181009
ALYac Trojan.Emotet.KC 20181009
Arcabit Trojan.Emotet.KC 20181009
Avast Win32:TrojanX-gen [Trj] 20181009
AVG Win32:TrojanX-gen [Trj] 20181009
BitDefender Trojan.Emotet.KC 20181009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.f54574 20180225
Cylance Unsafe 20181009
Cyren W32/Trojan.XTEF-6485 20181009
DrWeb Trojan.Gozi.344 20181009
Emsisoft Trojan.Agent (A) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.BP 20181009
F-Prot W32/Trojan2.PYXG 20181009
F-Secure Trojan.Emotet.KC 20181009
Fortinet W32/GenKryptik.CMYY!tr 20181009
GData Trojan.Emotet.KC 20181009
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053e1681 ) 20181009
K7GW Trojan ( 0053e1681 ) 20181009
Kaspersky UDS:DangerousObject.Multi.Generic 20181009
Malwarebytes Trojan.Emotet 20181009
MAX malware (ai score=87) 20181009
McAfee Emotet-FJG!CF6E87AF5457 20181009
McAfee-GW-Edition Emotet-FJG!CF6E87AF5457 20181009
Microsoft Trojan:Win32/Emotet.AP 20181009
eScan Trojan.Emotet.KC 20181009
Panda Trj/GdSda.A 20181009
Qihoo-360 HEUR/QVM20.1.6A79.Malware.Gen 20181009
Rising Spyware.Ursnif!8.1DEF (RDM+:cmRtazpMuSaSRZHHqCkFLqQmu82Z) 20181009
Sophos AV Mal/EncPk-ANY 20181009
Symantec ML.Attribute.HighConfidence 20181009
VBA32 Trojan.Gozi 20181009
Webroot W32.Trojan.Gen 20181009
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181009
AegisLab 20181009
Alibaba 20180921
Antiy-AVL 20181009
Avast-Mobile 20181009
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181009
CMC 20181009
Comodo 20181009
eGambit 20181009
Ikarus 20181009
Jiangmin 20181009
Kingsoft 20181009
NANO-Antivirus 20181009
Palo Alto Networks (Known Signatures) 20181009
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181009
Tencent 20181009
TheHacker 20181008
TotalDefense 20181009
TrendMicro 20181009
TrendMicro-HouseCall 20181009
Trustlook 20181009
VIPRE 20181009
ViRobot 20181009
Yandex 20181008
Zillya 20181009
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name aspnet_counters.dll
Internal name aspnet_counters.dll
File version 4.0.30319.34209 built by: FX452RTMGDR
Description Microsoft ASP.NET Performance Counter Shim DLL
Comments Flavor=Retail
Signature verification The digital signature of the object did not verify.
Signing date 3:22 AM 2/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-28 14:12:31
Entry Point 0x000026D0
Number of sections 10
PE sections
Overlays
MD5 760266e33055fe13f053f9e76058e3d0
File type data
Offset 196608
Size 5568
Entropy 7.42
PE imports
CryptDeriveKey
RegSetKeySecurity
RegQueryInfoKeyA
AdjustTokenGroups
LocaleNameToLCID
EnumSystemCodePagesW
GetPrivateProfileSectionNamesA
SetCurrentConsoleFontEx
CompareStringA
FindFirstFileExW
TzSpecificLocalTimeToSystemTime
DsListSitesW
SafeArrayDestroyDescriptor
CreateTypeLib2
I_RpcFreeBuffer
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
StrChrNW
PathIsUNCA
SetUserObjectInformationW
OffsetRect
midiOutCacheDrumPatches
Ord(30)
isdigit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Flavor=Retail

InitializedDataSize
18176

ImageVersion
5.1

ProductName
Microsoft .NET Framework

FileVersionNumber
4.0.30319.34209

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.0

PrivateBuild
DDBLD354

FileTypeExtension
exe

OriginalFileName
aspnet_counters.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0.30319.34209 built by: FX452RTMGDR

TimeStamp
2009:05:28 07:12:31-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
aspnet_counters.dll

ProductVersion
4.0.30319.34209

FileDescription
Microsoft ASP.NET Performance Counter Shim DLL

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
359936

FileSubtype
0

ProductVersionNumber
4.0.30319.34209

EntryPoint
0x26d0

ObjectFileType
Dynamic link library

File identification
MD5 cf6e87af545745f6bb6ab4fa7161badb
SHA1 9cf5c06bcaad76ed0de6761bd0cba68c455ec6bd
SHA256 16a3ea240943674cb29057f0431de7299cc102652cd7c4c289293104f56bc3ff
ssdeep
1536:Z8IEfS0kN1aexFEgY8jHhbQRfwBfO/Zl4thddkaW/7qCFrgfLvr+ESOkiT:B+IjHhbQRfws/ydjufpgfLT+tO7

authentihash b1b0182f3c5cd6f85f5ca81b0f84aaa78c34381ef338f180b3cca447abfa53ce
imphash d57fd27bb594bd0cdf4d94ea07822435
File size 197.4 KB ( 202176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-09 20:38:09 UTC ( 6 months, 2 weeks ago )
Last submission 2018-10-09 20:38:09 UTC ( 6 months, 2 weeks ago )
File names aspnet_counters.dll
cf6e87af545745f6bb6ab4fa7161badb.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!