× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eba5cf4934e
File name: emotet_e1_1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eb...
Detection ratio: 44 / 65
Analysis date: 2019-03-19 06:50:28 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Trojan.Agent.DRMF 20190319
AhnLab-V3 Trojan/Win32.Emotet.R258765 20190319
ALYac Trojan.Agent.Emotet 20190319
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190319
Arcabit Trojan.Agent.DRMF 20190319
Avast Win32:BankerX-gen [Trj] 20190319
AVG Win32:BankerX-gen [Trj] 20190319
Avira (no cloud) TR/Crypt.Agent.qmanq 20190318
BitDefender Trojan.Agent.DRMF 20190319
CAT-QuickHeal Trojan.Fuerboos 20190318
Comodo Malware@#1atm2oitscapa 20190319
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cyren W32/Filecoder.G.gen!Eldorado 20190319
DrWeb Trojan.DownLoader27.33753 20190319
Emsisoft Trojan.Agent.DRMF (B) 20190319
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQYG 20190319
Fortinet W32/Kryptik.CPES!tr 20190319
GData Trojan.Agent.DRMF 20190319
Ikarus Trojan-Banker.Emotet 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 00549b621 ) 20190319
K7GW Trojan ( 00549b621 ) 20190315
Kaspersky HEUR:Trojan.Win32.Generic 20190319
Malwarebytes Trojan.Emotet 20190319
MAX malware (ai score=100) 20190319
McAfee Emotet-FMI!C39E06292160 20190319
McAfee-GW-Edition Emotet-FMI!C39E06292160 20190319
Microsoft Trojan:Win32/Emotet.AC!bit 20190319
eScan Trojan.Agent.DRMF 20190319
NANO-Antivirus Trojan.Win32.Kryptik.fnzuyo 20190319
Palo Alto Networks (Known Signatures) generic.ml 20190319
Panda Trj/Genetic.gen 20190318
Qihoo-360 HEUR/QVM20.1.D53A.Malware.Gen 20190319
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190319
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Emotet-Q 20190319
Tencent Win32.Trojan.Falsesign.Sxyc 20190319
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190319
VBA32 BScope.TrojanBanker.Chthonic 20190318
ViRobot Trojan.Win32.Emotet.311048 20190319
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190319
AegisLab 20190318
Alibaba 20190306
Avast-Mobile 20190318
Babable 20180918
Baidu 20190318
Bkav 20190318
ClamAV 20190318
CMC 20190318
Cybereason 20190109
eGambit 20190319
F-Secure 20190319
Jiangmin 20190319
Kingsoft 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190319
Yandex 20190318
Zillya 20190318
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Information Services
Original name InetMgr.exe
Internal name InetMgr.exe
File version 7.5.7600.16385 (win7_rtm.090713-1255)
Description IIS Manager
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:38 PM 4/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-14 07:43:32
Entry Point 0x00001030
Number of sections 4
PE sections
Overlays
MD5 7a9f4b8f472edd745ca667832d4095d9
File type data
Offset 307712
Size 3336
Entropy 7.33
PE imports
RegOpenKeyA
RegQueryValueExW
_TrackMouseEvent
GdiFixUpHandle
PolyPolyline
GetTextMetricsW
GetWindowOrgEx
ResizePalette
STROBJ_dwGetCodePage
GetObjectType
CopyEnhMetaFileW
SetLayout
SetPixel
IntersectClipRect
GetTextFaceW
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
StretchDIBits
EngDeletePalette
GetPaletteEntries
ResetDCA
GetGlyphIndicesW
EnumICMProfilesW
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
GetClipBox
GetCurrentPositionEx
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
GetRegionData
BitBlt
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetROP2
GdiEntry6
PolyTextOutA
GetNearestPaletteIndex
SetDIBColorTable
UpdateICMRegKeyW
BeginPath
DeleteObject
CreatePenIndirect
SetGraphicsMode
SetBitmapBits
PatBlt
SetColorSpace
SetStretchBltMode
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GdiSetPixelFormat
GetSystemPaletteEntries
GetObjectW
CreateDCW
RealizePalette
GdiConvertBitmapV5
CreatePatternBrush
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GetTextAlign
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
GetClipRgn
GetTextExtentPoint32W
GdiEntry4
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
XLATEOBJ_piVector
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
GetCurrentObject
EnumObjects
MoveToEx
SetViewportOrgEx
bInitSystemAndFontsDirectoriesW
CreateRoundRectRgn
CreateCompatibleDC
GdiSwapBuffers
SetBrushOrgEx
CreateRectRgn
SelectObject
GdiStartDocEMF
CreateCompatibleBitmap
GdiRealizationInfo
CreateSolidBrush
Polyline
GetTextCharacterExtra
ImmEscapeW
ImmGetConversionStatus
ImmNotifyIME
ImmSetConversionStatus
ImmGetCandidateListW
ImmDestroyContext
ImmGetContext
ImmGetIMEFileNameW
ImmDisableTextFrameService
ImmCreateContext
ImmSimulateHotKey
ImmGetOpenStatus
ImmGetGuideLineW
ImmGetProperty
ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
ImmIsIME
ImmAssociateContext
GetSystemTimeAsFileTime
EncodePointer
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
_llseek
FreeEnvironmentStringsW
lstrcatW
GetAtomNameW
SetStdHandle
GetCPInfo
WriteFile
SwitchToFiber
HeapReAlloc
GetStringTypeW
FormatMessageW
OutputDebugStringW
InterlockedDecrement
SetLastError
TlsGetValue
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetCalendarInfoW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetNamedPipeHandleState
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
GetMailslotInfo
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
SetProcessPriorityBoost
GetStartupInfoW
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
RemoveDirectoryW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
SwitchToThread
SizeofResource
GetCurrentProcessId
GetConsoleTitleW
GetCommandLineW
BuildCommDCBAndTimeoutsW
HeapSize
SetThreadAffinityMask
lstrcpynW
Heap32ListNext
TlsFree
GetModuleHandleA
Module32NextW
ReadConsoleOutputCharacterW
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
Sleep
IsBadCodePtr
VirtualAlloc
IMPQueryIMEW
GetForegroundWindow
IsCharAlphaNumericW
SetClassLongW
FindWindowW
KillTimer
DestroyMenu
GetDoubleClickTime
GetListBoxInfo
GetSystemMetrics
MessageBoxW
OpenIcon
ReleaseCapture
ChildWindowFromPoint
CascadeChildWindows
CopyImage
ChildWindowFromPointEx
SetShellWindow
EnumDisplayMonitors
RegisterClassW
CloseWindow
DdeGetLastError
CreateWindowStationW
CloseWindowStation
CreateMenu
GetMenuStringA
GetMenuItemInfoW
CloseDesktop
IsMenu
GetFocus
CreateWindowExW
GetUpdateRect
GetGUIThreadInfo
WindowFromDC
IsDialogMessageA
DestroyWindow
OleUninitialize
OleInitialize
Number of PE resources by type
RT_ICON 13
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.5.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
IIS Manager

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
281088

EntryPoint
0x1030

OriginalFileName
InetMgr.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
7.5.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:14 08:43:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
InetMgr.exe

ProductVersion
7.5.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
25600

ProductName
Internet Information Services

ProductVersionNumber
7.5.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c39e062921602a5b3ae5f2f27d8e8db3
SHA1 0c8ea818f792d85eca67aca4b6d958ee73b5b4fc
SHA256 1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eba5cf4934e
ssdeep
6144:5MRn5gOiJlvXag0K2TmiUZlm9htoJFihLt3A+k:56iJlvqg7jlrJFihLt3A+k

authentihash ca4a63876f6af6abb0bbdac6d317b0e8f56fc397c4a87ae4d1ed3ce0c405760b
imphash 5b23cb1393f9ed0bfee57a0ddfca9275
File size 303.8 KB ( 311048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-14 07:47:34 UTC ( 1 month ago )
Last submission 2019-03-15 06:21:32 UTC ( 1 month ago )
File names mlBQ2tIcQSk.exe
emotet_e1_1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eba5cf4934e_2019-03-14__075005.exe_
WyR9KuO5.exe
ovVfMA3b0.exe
N32v86H8RQjP2.exe
InetMgr.exe
BiUHmc34CZL2.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections