× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19ee66efc7e0bcaa3fe7912dca983ff4554a10c8c535ff35a9418d5ee93bc11e
File name: 19ee66efc7e0bcaa3fe7912dca983ff4554a10c8c535ff35a9418d5ee93bc11e
Detection ratio: 15 / 71
Analysis date: 2018-12-20 18:10:44 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Bkav HW32.Packed. 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.59d176 20180225
Cylance Unsafe 20181220
eGambit Unsafe.AI_Score_99% 20181220
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee Emotet-FJX!460A55E59D17 20181220
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181220
Qihoo-360 HEUR/QVM20.1.FF3D.Malware.Gen 20181220
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazoVQTVhbkEgOJ6MST+Ukp/q) 20181220
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181220
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181220
AegisLab 20181220
AhnLab-V3 20181220
Alibaba 20180921
ALYac 20181220
Antiy-AVL 20181220
Arcabit 20181220
Avast 20181220
Avast-Mobile 20181220
AVG 20181220
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
BitDefender 20181220
CAT-QuickHeal 20181220
ClamAV 20181220
CMC 20181219
Comodo 20181220
Cyren 20181220
DrWeb 20181220
Emsisoft 20181220
ESET-NOD32 20181220
F-Prot 20181220
F-Secure 20181220
Fortinet 20181220
GData 20181220
Ikarus 20181220
Jiangmin 20181220
K7AntiVirus 20181220
K7GW 20181220
Kaspersky 20181220
Kingsoft 20181220
Malwarebytes 20181220
MAX 20181220
Microsoft 20181220
eScan 20181220
NANO-Antivirus 20181220
Palo Alto Networks (Known Signatures) 20181220
Panda 20181219
Sophos AV 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
Tencent 20181220
TheHacker 20181216
TotalDefense 20181220
TrendMicro 20181220
TrendMicro-HouseCall 20181220
Trustlook 20181220
VBA32 20181220
VIPRE 20181220
ViRobot 20181220
Webroot 20181220
Yandex 20181220
Zillya 20181219
ZoneAlarm by Check Point 20181220
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp. 1993-2001.

Internal name ASYCFILT.DLL
File version 5.1.2600.2180
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002700
Number of sections 8
PE sections
PE imports
IsTokenRestricted
GetDCPenColor
GetPolyFillMode
GetFileTime
NormalizeString
LockFileEx
SetFilePointer
GetTapeStatus
SetEvent
GetConsoleProcessList
GetUserDefaultLCID
GetVersion
EmptyClipboard
GetLastActivePopup
GetSysColor
GetKeyboardType
RegisterRawInputDevices
SCardGetCardTypeProviderNameA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
135168

UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
5.1

FileVersionNumber
5.1.2600.2180

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2700

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp. 1993-2001.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:18 02:23:20+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
ASYCFILT.DLL

ProductVersion
5.1.2600.2180

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 460a55e59d176e972e2e3bebb699074e
SHA1 2fb147b0fec56cb85df9f8adb37f78e6b99c709c
SHA256 19ee66efc7e0bcaa3fe7912dca983ff4554a10c8c535ff35a9418d5ee93bc11e
ssdeep
3072:xOcDrvi0EET+neYsE98J7lWYLjL0S91i:0c6vjelWYgaw

authentihash a494829e5f80fb08afa0fe12a6a81ad02691aef483b6c57faf0e9788d763db55
imphash d8cd8750432ff0c6e6dcc0709e08a75a
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-20 18:10:44 UTC ( 1 month, 4 weeks ago )
Last submission 2018-12-21 23:47:46 UTC ( 1 month, 3 weeks ago )
File names JytQ_bwMYl_n.exe
Emotet binary updated 645.exe.milo
773.exe
2018-12-20-Emotet-binary-updated-during-infection.exe
vuV9NrRTNiBDIk9.exe
ASYCFILT.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!