× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a5160eb2dce7c4bceb75ea52a6e7445961e38796b0d07d15c30bc295b66c595
File name: CwEufdHqU6F.exe
Detection ratio: 42 / 67
Analysis date: 2018-09-21 12:12:43 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31226435 20180921
AhnLab-V3 Trojan/Win32.Emotet.R237667 20180921
ALYac Trojan.Autoruns.GenericKDS.31226435 20180921
Arcabit Trojan.Autoruns.GenericS.D1DC7A43 20180921
Avast Win32:Malware-gen 20180921
AVG Win32:Malware-gen 20180921
AVware Trojan.Win32.Generic!BT 20180921
BitDefender Trojan.Autoruns.GenericKDS.31226435 20180921
Bkav HW32.Packed. 20180921
CAT-QuickHeal Trojan.Emotet.X4 20180918
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180921
Cyren W32/Trojan.LXOX-4458 20180921
Emsisoft Trojan.Emotet (A) 20180921
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKYM 20180921
F-Secure Trojan.Autoruns.GenericKDS.31226435 20180921
Fortinet W32/GenKryptik.CLQF!tr 20180921
GData Trojan.Autoruns.GenericKDS.31226435 20180921
Ikarus Trojan.Win32.Krypt 20180921
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053cce01 ) 20180921
K7GW Trojan ( 0053cce01 ) 20180921
Kaspersky Trojan-Banker.Win32.Emotet.becx 20180921
Malwarebytes Trojan.Emotet 20180921
McAfee Emotet-FIB!33960D9F3ACF 20180921
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20180921
eScan Trojan.Autoruns.GenericKDS.31226435 20180921
Palo Alto Networks (Known Signatures) generic.ml 20180921
Panda Trj/Genetic.gen 20180921
Qihoo-360 Win32/Trojan.439 20180921
Rising Trojan.Azden!8.F0E3 (CLOUD) 20180921
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180921
Symantec Trojan.Emotet 20180921
TrendMicro TROJ_GEN.USIK18 20180921
TrendMicro-HouseCall TROJ_GEN.USIK18 20180921
VBA32 BScope.Trojan.Emotet 20180921
VIPRE Trojan.Win32.Generic!BT 20180921
ViRobot Trojan.Win32.Z.Emotet.118784.K 20180921
Webroot W32.Trojan.Emotet 20180921
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.becx 20180921
AegisLab 20180921
Antiy-AVL 20180921
Avast-Mobile 20180921
Avira (no cloud) 20180921
Babable 20180918
Baidu 20180914
ClamAV 20180921
CMC 20180921
Comodo 20180921
Cybereason 20180225
DrWeb 20180921
eGambit 20180921
F-Prot 20180921
Jiangmin 20180921
Kingsoft 20180921
MAX 20180921
NANO-Antivirus 20180921
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180921
Tencent 20180921
TheHacker 20180920
TotalDefense 20180920
Trustlook 20180921
Yandex 20180920
Zillya 20180920
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name coin.lib
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description German_IBM Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-20 13:47:10
Entry Point 0x00017B05
Number of sections 5
PE sections
PE imports
DuplicateTokenEx
CreateRestrictedToken
RemoveUsersFromEncryptedFile
AVIStreamReadFormat
JetCloseTable
GetThreadPriorityBoost
SetConsoleMode
GetModuleHandleA
GetProcessHandleCount
PowerRestoreDefaultPowerSchemes
ScrollDC
ValidateRgn
GetRawInputDeviceInfoW
CheckRadioButton
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
gWLKEHJWEKLJL@K@!L

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x17b05

MIMEType
application/octet-stream

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:09:20 15:47:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
coin.lib

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
98304

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 33960d9f3acf2c3e987dd367ff2960bc
SHA1 0800f190c420d711275ae3960dbda6bb294ee81c
SHA256 1a5160eb2dce7c4bceb75ea52a6e7445961e38796b0d07d15c30bc295b66c595
ssdeep
3072:pg19X6sBuostJN+LEo/vKYWPo04Wpjbr:pgjX6sJAc/vKYW8i

authentihash 6ad925699048da905eedeb2906b30cd06d79eac962b49ab9fa71eadcaaa9388a
imphash 8df55c1fbd186b24c5b3cb7964a585cf
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-20 07:09:01 UTC ( 5 months ago )
Last submission 2018-11-21 07:44:06 UTC ( 3 months ago )
File names coin.lib
CwEufdHqU6F.exe
33960d9f3acf2c3e987dd367ff2960bc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!