× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17a02746ed64edcbb8454e1d93c98753216c1f8e9b4d81cbaba80a5007238dc9
File name: Vkyi.exe
Detection ratio: 43 / 68
Analysis date: 2018-10-09 17:55:22 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40589227 20181009
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181009
ALYac Trojan.GenericKD.40589227 20181009
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181009
Arcabit Trojan.Generic.D26B57AB 20181009
Avast Win32:BankerX-gen [Trj] 20181009
AVG Win32:BankerX-gen [Trj] 20181009
BitDefender Trojan.GenericKD.40589227 20181009
Bkav HW32.Packed. 20181009
CAT-QuickHeal Trojan.Emotet.X4 20181008
ClamAV Win.Trojan.Emotet-6699550-0 20181009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.493e32 20180225
Cylance Unsafe 20181009
Cyren W32/Trojan.OHZU-4894 20181009
Emsisoft Trojan.GenericKD.40589227 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLLJ 20181009
F-Secure Trojan.GenericKD.40589227 20181009
Fortinet W32/Kryptik.GLLJ!tr 20181009
GData Trojan.GenericKD.40589227 20181009
Ikarus Trojan.Win32.Krypt 20181009
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053e4bf1 ) 20181009
K7GW Trojan ( 0053e4bf1 ) 20181009
Kaspersky Trojan-Banker.Win32.Emotet.bhmk 20181009
Malwarebytes Trojan.Emotet 20181009
McAfee Artemis!FFEC5A8347B3 20181009
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181009
Microsoft Trojan:Win32/Occamy.C 20181009
eScan Trojan.GenericKD.40589227 20181009
Palo Alto Networks (Known Signatures) generic.ml 20181009
Panda Trj/RnkBend.A 20181009
Qihoo-360 HEUR/QVM20.1.5FBB.Malware.Gen 20181009
Rising Trojan.Emotet!8.B95 (TFE:3:tLhe09sGFVT) 20181009
Sophos AV Mal/Generic-S 20181009
Symantec Trojan.Emotet 20181009
TACHYON Trojan/W32.Agent.139264.COL 20181009
Tencent Win32.Trojan-banker.Emotet.Ejfg 20181009
TrendMicro TSPY_EMOTET.THJOHAH 20181009
TrendMicro-HouseCall TSPY_EMOTET.THJOHAH 20181009
Webroot W32.Trojan.Emotet 20181009
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bhmk 20181009
AegisLab 20181009
Alibaba 20180921
Avast-Mobile 20181009
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
CMC 20181009
Comodo 20181009
DrWeb 20181009
eGambit 20181009
F-Prot 20181009
Jiangmin 20181009
Kingsoft 20181009
MAX 20181009
NANO-Antivirus 20181009
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TheHacker 20181008
TotalDefense 20181009
Trustlook 20181009
VBA32 20181009
ViRobot 20181009
Yandex 20181008
Zillya 20181009
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-07 16:03:30
Entry Point 0x0000136D
Number of sections 7
PE sections
PE imports
NotifyChangeEventLog
FindFirstFreeAce
RegSetValueExA
CreateRestrictedToken
ReportEventA
CryptGenKey
CryptDestroyHash
ClusterRegQueryValue
CreateToolbarEx
CreatePropertySheetPageW
PropertySheetW
CryptSIPAddProvider
CryptMsgOpenToEncode
CryptInstallOIDFunctionAddress
CertSerializeCertificateStoreElement
CertGetValidUsages
CreatePatternBrush
PlayEnhMetaFileRecord
PlgBlt
GetICMProfileA
GetBkMode
CancelDC
GetKerningPairsA
MaskBlt
SetThreadContext
SetupComm
AttachConsole
GetStdHandle
CheckRemoteDebuggerPresent
GetUserDefaultLCID
FindVolumeClose
GetProcessIdOfThread
ConvertDefaultLocale
IsBadWritePtr
SetDefaultCommConfigA
GetCommandLineA
lstrcmpiW
SetComputerNameA
HeapWalk
GetProcessHeap
LZClose
DsUnBindW
VarR4FromDate
VarBstrFromCy
VarCyFromI4
ReadPwrScheme
NdrStubCall2
CM_Get_DevNode_Custom_PropertyW
SetupDiSetSelectedDevice
PathGetDriveNumberA
PathRenameExtensionW
SHCreateThreadRef
StrTrimA
PathFindOnPathW
QuerySecurityPackageInfoA
CreateDialogParamW
GetDesktopWindow
GetMenuStringW
GetClipCursor
DrawFocusRect
GetTabbedTextExtentA
SendNotifyMessageW
VkKeyScanA
IsWindowVisible
DeferWindowPos
EnableScrollBar
GetWindowDC
GetPhysicalCursorPos
TranslateMessage
GetMessageTime
GetProcessWindowStation
GetSysColor
GetClipboardSequenceNumber
DrawStateW
DeleteMenu
InsertMenuItemA
midiStreamClose
EndDocPrinter
DeletePrinterDriverExW
WTHelperCertCheckValidSignature
RevokeDragDrop
CoCreateFreeThreadedMarshaler
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:07 17:03:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x136d

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ffec5a8347b31117c961e5f825a2c84c
SHA1 c299d2e493e3241d7b7f72e50a15cbb4b033bb7a
SHA256 17a02746ed64edcbb8454e1d93c98753216c1f8e9b4d81cbaba80a5007238dc9
ssdeep
3072:ZwMYWgSxrgUt+uKCevZjvyXQZvF6Zow0d42:e9WXxrRLqRjv2Q7I0

authentihash 58125e684adf3581cef11d3f8d5afb146de7b45838ba6e75ea79b8c4d12dca18
imphash fc87da0eaaa6190e954d8f064506df86
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-07 16:06:13 UTC ( 4 months, 1 week ago )
Last submission 2018-10-07 16:06:13 UTC ( 4 months, 1 week ago )
File names 26470424.exe
Vkyi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!