× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19c59880f0e4c409603c5b76137d4846862356381250b1630366e7627740dad6
File name: G23d1k193pbzVcac.exe
Detection ratio: 43 / 69
Analysis date: 2018-10-06 06:52:55 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40560899 20181006
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181005
ALYac Trojan.GenericKD.40560899 20181006
Arcabit Trojan.Generic.D26AE903 20181006
Avast Win32:BankerX-gen [Trj] 20181006
AVG Win32:BankerX-gen [Trj] 20181006
BitDefender Trojan.GenericKD.40560899 20181006
Bkav HW32.Packed. 20181005
CAT-QuickHeal Trojan.Emotet.X4 20181005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.972800 20180225
Cylance Unsafe 20181006
Cyren W32/Trojan.MJTY-2442 20181006
Emsisoft Trojan.GenericKD.40560899 (B) 20181006
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLIH 20181006
F-Secure Trojan.GenericKD.40560899 20181006
Fortinet W32/Kryptik.GLHZ!tr 20181006
GData Trojan.GenericKD.40560899 20181006
Ikarus Trojan.Win32.Crypt 20181005
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181006
K7GW Riskware ( 0040eff71 ) 20181006
Kaspersky Trojan-Banker.Win32.Emotet.bghp 20181006
Malwarebytes Trojan.Emotet 20181006
McAfee Emotet-FHK!2031D3A05798 20181006
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181006
Microsoft Trojan:Win32/Emotet!rfn 20181006
eScan Trojan.GenericKD.40560899 20181006
NANO-Antivirus Trojan.Win32.Emotet.firphq 20181006
Palo Alto Networks (Known Signatures) generic.ml 20181006
Panda Trj/GdSda.A 20181005
Qihoo-360 Win32/Trojan.88c 20181006
Rising Trojan.Emotet!8.B95 (CLOUD) 20181006
Sophos AV Mal/EncPk-ANX 20181006
Symantec Trojan.Emotet 20181005
Tencent Win32.Trojan.Symmi.Hnav 20181006
TrendMicro TSPY_EMOTET.THJODAH 20181006
TrendMicro-HouseCall TSPY_EMOTET.THJODAH 20181006
VBA32 BScope.Trojan.Azden 20181005
VIPRE Trojan.Win32.Generic!BT 20181006
Webroot W32.Trojan.Emotet 20181006
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bghp 20181006
AegisLab 20181006
Alibaba 20180921
Antiy-AVL 20181005
Avast-Mobile 20181006
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
ClamAV 20181006
CMC 20181006
Comodo 20181006
DrWeb 20181006
eGambit 20181006
F-Prot 20181006
Jiangmin 20181006
Kingsoft 20181006
MAX 20181006
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181006
TheHacker 20181001
TotalDefense 20181006
Trustlook 20181006
ViRobot 20181005
Yandex 20181005
Zillya 20181005
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x00001572
Number of sections 7
PE sections
PE imports
GetTokenInformation
SetServiceBits
LogonUserW
CryptEnumProvidersW
QueryServiceConfigW
CryptVerifySignatureW
AccessCheckAndAuditAlarmA
CryptCreateHash
OpenClusterResource
ClusterRegDeleteValue
CertNameToStrA
CryptMemAlloc
JetIndexRecordCount
GetColorAdjustment
PolyPolygon
GetCharWidthFloatA
CreateEnhMetaFileW
GetTextCharset
IsBadHugeWritePtr
GetTimeZoneInformation
GetNamedPipeServerProcessId
GetConsoleWindow
ClosePrivateNamespace
DebugBreak
GetVolumeNameForVolumeMountPointW
GetCommandLineA
GetProcessVersion
Sleep
DeleteFileA
FindFirstFileNameW
MprConfigServerConnect
MprConfigInterfaceEnum
CreateErrorInfo
SysStringLen
VariantInit
GetCurrentPowerPolicies
RasEnumEntriesW
RpcMgmtEpEltInqBegin
RpcErrorEndEnumeration
I_RpcMapWin32Status
SetupOpenFileQueue
PathStripToRootW
StrToIntExW
StrChrNW
StrCmpNW
SHStrDupA
SetForegroundWindow
SetWindowRgn
PackDDElParam
ChangeWindowMessageFilter
GetSubMenu
WindowFromPhysicalPoint
SetLayeredWindowAttributes
GetUpdateRgn
CopyAcceleratorTableW
DestroyAcceleratorTable
UnregisterClassW
MessageBoxA
ScrollDC
GetClipboardOwner
GetWindow
IsWindowEnabled
LoadKeyboardLayoutA
WindowFromDC
GetMenuContextHelpId
InvalidateRect
midiInMessage
waveInPrepareHeader
CryptCATCDFEnumAttributes
isdigit
qsort
strcspn
HDC_UserFree
CLIPFORMAT_UserFree
PdhGetLogFileSize
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
1993:11:01 06:05:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
122880

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1572

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2031d3a05798219fe75c3a36827eab60
SHA1 53a2d7697280004bc9e2ea82b03f8e71263e5970
SHA256 19c59880f0e4c409603c5b76137d4846862356381250b1630366e7627740dad6
ssdeep
3072:9YuI8FbqZlO9M7g+3nl/nIrK04Ys8nEOh0Fy1BNr42:k8/+3ae3oEDFy3

authentihash 0e3870ea0ee7b62cb0a44a02d774afb08d89b91d6be1e0488be09d07de010ff8
imphash 20e6d78c7b88b5ad7bf7ee0de6bf593e
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-03 18:34:00 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-22 03:49:57 UTC ( 3 months, 3 weeks ago )
File names 2031d3a05798219fe75c3a36827eab60.virobj
G23d1k193pbzVcac.exe
8FAEz3RsM8PxSEvd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!