× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 184eb8a7e670d7a3d088d73eefbce78e81e2a553b8d8681b9bc3a09742e6ee5c
File name: 0bd4aab76332197ff7fca196adcc01b7.virus
Detection ratio: 43 / 68
Analysis date: 2018-09-14 18:44:00 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31182937 20180913
AhnLab-V3 Trojan/Win32.Emotet.R235587 20180914
ALYac Trojan.Autoruns.GenericKDS.31182937 20180914
Antiy-AVL Trojan/Win32.AGeneric 20180914
Arcabit Trojan.Autoruns.GenericS.D1DBD059 20180914
Avast Win32:BankerX-gen [Trj] 20180914
AVG Win32:BankerX-gen [Trj] 20180914
BitDefender Trojan.Autoruns.GenericKDS.31182937 20180914
CAT-QuickHeal Trojan.Emotet.X4 20180912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.f46436 20180225
Cylance Unsafe 20180914
Cyren W32/Emotet.FW.gen!Eldorado 20180914
DrWeb Trojan.EmotetENT.269 20180914
Emsisoft Trojan.Autoruns.GenericKDS.31182937 (B) 20180914
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKFJ 20180914
F-Prot W32/Emotet.FW.gen!Eldorado 20180914
F-Secure Trojan.Autoruns.GenericKDS.31182937 20180914
Fortinet W32/Kryptik.GKGU!tr 20180914
GData Win32.Trojan-Spy.Emotet.TB 20180914
Ikarus Trojan-Banker.Emotet 20180914
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20180914
Malwarebytes Trojan.Emotet 20180914
MAX malware (ai score=88) 20180914
McAfee Emotet-FID!0BD4AAB76332 20180914
McAfee-GW-Edition Emotet-FID!0BD4AAB76332 20180914
Microsoft Trojan:Win32/Emotet.AC!bit 20180914
eScan Trojan.Autoruns.GenericKDS.31182937 20180914
Palo Alto Networks (Known Signatures) generic.ml 20180914
Panda Trj/GdSda.A 20180914
Qihoo-360 HEUR/QVM20.1.DD35.Malware.Gen 20180914
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazqXCeNAjD620a07Hw+CSaQn) 20180914
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180914
Symantec Trojan.Emotet 20180914
Tencent Win32.Trojan.Generic.Jcm 20180914
TrendMicro TSPY_EMOTET.THHBHAH 20180914
TrendMicro-HouseCall TSPY_EMOTET.THHBHAH 20180914
VBA32 BScope.Trojan.Emotet 20180914
Webroot W32.Trojan.Emotet 20180914
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180914
AegisLab 20180914
Alibaba 20180713
Avast-Mobile 20180914
Avira (no cloud) 20180914
AVware 20180914
Babable 20180907
Baidu 20180914
Bkav 20180914
ClamAV 20180914
CMC 20180914
Comodo 20180914
eGambit 20180914
Jiangmin 20180914
K7AntiVirus 20180914
K7GW 20180914
Kingsoft 20180914
NANO-Antivirus 20180914
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180914
TheHacker 20180914
TotalDefense 20180914
Trustlook 20180914
VIPRE 20180914
ViRobot 20180914
Yandex 20180914
Zillya 20180914
Zoner 20180914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGINI.EXE
Internal name REGINI.EXE
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Initializer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-26 16:16:35
Entry Point 0x00001D58
Number of sections 6
PE sections
PE imports
RegDisablePredefinedCache
EqualPrefixSid
QueryUsersOnEncryptedFile
DeleteAce
SetTextAlign
GetTextCharsetInfo
GetDCPenColor
DeleteColorSpace
GetTextCharset
GetFileTime
GetLogicalProcessorInformation
GetFileSizeEx
GetModuleHandleA
LockResource
GetFileInformationByHandle
GetEnvironmentStringsW
UnlockFileEx
GetACP
GetSystemPowerStatus
GlobalFindAtomW
VarTokenizeFormatString
ExtractIconW
FreeContextBuffer
GetCursorPos
EndDialog
GetDlgItem
GetComboBoxInfo
LookupIconIdFromDirectoryEx
GetTabbedTextExtentW
strtoul
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Registry Initializer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
385024

EntryPoint
0x1d58

OriginalFileName
REGINI.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:26 18:16:35+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGINI.EXE

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0bd4aab76332197ff7fca196adcc01b7
SHA1 c496911f4643634e6ec218094a84dc12b5cc5cb6
SHA256 184eb8a7e670d7a3d088d73eefbce78e81e2a553b8d8681b9bc3a09742e6ee5c
ssdeep
6144:px5I4kGM+nYB7HfF0usTE4/5SxiWgTUz:f5mens7Ous4qUEWB

authentihash 392af61d5525c7e915ea20ca54faf980b4aadb1a1bf810073198151b25823c9c
imphash ff875cf48c57d5dfaa084f99c56cbc48
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-14 18:44:00 UTC ( 5 months, 1 week ago )
Last submission 2018-09-14 18:44:00 UTC ( 5 months, 1 week ago )
File names 0bd4aab76332197ff7fca196adcc01b7.virus
REGINI.EXE
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs