× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18ddc2de4479c402e81c5d8689571f586d06b38ff9f6f4eb2e2c67495dafec41
File name: 18ddc2de4479c402e81c5d8689571f586d06b38ff9f6f4eb2e2c67495dafec41
Detection ratio: 13 / 71
Analysis date: 2019-02-02 07:03:46 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Bkav HW32.Packed. 20190201
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190202
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.BCDP 20190202
Microsoft Trojan:Win32/Fuerboos.A!cl 20190202
Qihoo-360 HEUR/QVM20.1.F40B.Malware.Gen 20190202
Rising Trojan.GenKryptik!8.AA55/N3#82% (RDM+:cmRtazpanyyjDHDqY66oSPIOVe5A) 20190202
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Emotet-Q 20190202
Symantec ML.Attribute.HighConfidence 20190202
Trapmine malicious.moderate.ml.score 20190123
Ad-Aware 20190202
AegisLab 20190202
AhnLab-V3 20190201
Alibaba 20180921
ALYac 20190202
Antiy-AVL 20190202
Arcabit 20190202
Avast 20190202
Avast-Mobile 20190201
AVG 20190202
Avira (no cloud) 20190202
Babable 20180918
Baidu 20190202
BitDefender 20190202
CAT-QuickHeal 20190201
ClamAV 20190201
CMC 20190201
Comodo 20190202
Cybereason 20190109
Cyren 20190202
DrWeb 20190202
eGambit 20190202
Emsisoft 20190202
F-Prot 20190202
F-Secure 20190202
Fortinet 20190201
GData 20190202
Ikarus 20190201
Sophos ML 20181128
Jiangmin 20190202
K7AntiVirus 20190202
K7GW 20190202
Kaspersky 20190202
Kingsoft 20190202
Malwarebytes 20190202
MAX 20190202
McAfee 20190202
McAfee-GW-Edition 20190201
eScan 20190202
NANO-Antivirus 20190202
Palo Alto Networks (Known Signatures) 20190202
Panda 20190201
SUPERAntiSpyware 20190130
TACHYON 20190202
Tencent 20190202
TheHacker 20190131
TotalDefense 20190202
TrendMicro 20190202
TrendMicro-HouseCall 20190202
Trustlook 20190202
VBA32 20190201
VIPRE 20190202
ViRobot 20190201
Webroot 20190202
Yandex 20190201
Zillya 20190201
ZoneAlarm by Check Point 20190202
Zoner 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-02 15:00:11
Entry Point 0x000038D5
Number of sections 5
PE sections
PE imports
GetLengthSid
SetEntriesInAclW
RevertToSelf
IsTokenRestricted
CryptGetProvParam
CM_Query_Resource_Conflict_List
CM_Get_First_Log_Conf
CryptMsgGetAndVerifySigner
CryptSignCertificate
CertFindCRLInStore
CertCreateCTLContext
JetDelete
EndPath
AddFontResourceW
LocalFree
FileTimeToDosDateTime
CreateActCtxW
GetCurrentProcessId
GetModuleHandleA
GetConsoleOriginalTitleA
GetCommandLineW
FindResourceExW
GetNLSVersionEx
EnumResourceNamesA
CloseHandle
CreateWaitableTimerA
GetTapePosition
GetThreadLocale
DispGetParam
GetActivePwrScheme
I_RpcServerRegisterForwardFunction
RpcBindingFromStringBindingW
UuidIsNil
I_RpcSessionStrictContextHandle
NdrAllocate
SHGetFolderLocation
PathIsUNCW
StrDupA
PathIsRootW
VerifySignature
MapDialogRect
BeginDeferWindowPos
LockSetForegroundWindow
CreatePopupMenu
PackDDElParam
InsertMenuItemW
GetScrollInfo
LoadMenuA
GetDesktopWindow
ToUnicode
AddClipboardFormatListener
GetUpdateRect
NotifyWinEvent
TrackMouseEvent
mixerSetControlDetails
CoFileTimeNow
IIDFromString
OleGetAutoConvert
HGLOBAL_UserSize
CoInternetCreateZoneManager
Number of PE resources by type
RT_BITMAP 9
Number of PE resources by language
DUTCH BELGIAN 9
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
6.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:02:02 07:00:11-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x38d5

OSVersion
6.0

ImageVersion
6.0

UninitializedDataSize
102400

File identification
MD5 4316b08eb463ed006398fd79f89deaec
SHA1 26e0247d65da5d35ce6b88576d1d39c0f058b0d4
SHA256 18ddc2de4479c402e81c5d8689571f586d06b38ff9f6f4eb2e2c67495dafec41
ssdeep
6144:M/J57jTW+gucIjcaMdRQX6FZqm/2Ew3gr1rJ:M/fjTW+DYa8s+ZF/nMGt

authentihash 306dee89caf00e9ee84bef61f5165d97ca7630af1070e1ff39627e7dd3f30ec1
imphash f419f29a24ab8ddf46bc09c09b5848e6
File size 400.0 KB ( 409600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-02 07:03:46 UTC ( 3 months, 2 weeks ago )
Last submission 2019-02-04 19:31:26 UTC ( 3 months, 2 weeks ago )
File names neutraldetect.exe
culturewordpad.exe
shadermouse.exe
UUIDGENSINGLE.EXE
emotet_e2_18ddc2de4479c402e81c5d8689571f586d06b38ff9f6f4eb2e2c67495dafec41_2019-02-02__070503.exe_
cbsuuidgen.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!