× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d3dd85f2301227dbe75341bcaac27befbfa6b69aa6ff3048088cd1efba17291
File name: emotet_e1_1d3dd85f2301227dbe75341bcaac27befbfa6b69aa6ff3048088cd1...
Detection ratio: 44 / 65
Analysis date: 2019-02-23 08:44:49 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31706648 20190223
AhnLab-V3 Malware/Gen.Generic.C3026609 20190222
ALYac Trojan.GenericKD.31706648 20190223
Arcabit Trojan.Generic.D1E3CE18 20190223
Avast Win32:TrojanX-gen [Trj] 20190223
AVG Win32:TrojanX-gen [Trj] 20190223
Avira (no cloud) TR/Crypt.Agent.ivitz 20190223
BitDefender Trojan.GenericKD.31706648 20190223
ClamAV Win.Malware.Emotet-6863015-0 20190222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.5bc9bd 20190109
Cylance Unsafe 20190223
Cyren W32/Agent.AVU.gen!Eldorado 20190223
DrWeb Trojan.EmotetENT.389 20190223
Emsisoft Trojan.GenericKD.31706648 (B) 20190223
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPUV 20190223
Fortinet W32/Kryptik.GPUV!tr 20190223
GData Trojan.GenericKD.31706648 20190223
Ikarus Trojan-Banker.Emotet 20190222
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054801e1 ) 20190223
K7GW Trojan ( 0054801e1 ) 20190223
Kaspersky Trojan.Win32.Agent.qwiclv 20190223
Malwarebytes Trojan.Emotet 20190223
McAfee Emotet-FLY!90F42B009EA5 20190223
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20190223
Microsoft Trojan:Win32/Emotet.AC!bit 20190222
eScan Trojan.GenericKD.31706648 20190223
NANO-Antivirus Trojan.Win32.EmotetENT.fnefpp 20190223
Palo Alto Networks (Known Signatures) generic.ml 20190223
Panda Trj/GdSda.A 20190222
Qihoo-360 Trojan.Generic 20190223
Rising Trojan.Kryptik!8.8 (CLOUD) 20190223
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190223
Symantec Trojan.Gen.2 20190222
Tencent Win32.Trojan.Agent.Hufk 20190223
Trapmine malicious.moderate.ml.score 20190123
VBA32 BScope.Malware-Cryptor.Emotet 20190222
VIPRE Trojan.Win32.Generic!BT 20190223
Yandex Trojan.Agent!QeE07YL3DT0 20190222
ZoneAlarm by Check Point Trojan.Win32.Agent.qwiclv 20190223
AegisLab 20190223
Alibaba 20180921
Antiy-AVL 20190223
Avast-Mobile 20190222
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190222
CMC 20190223
Comodo 20190223
eGambit 20190223
F-Secure 20190223
Jiangmin 20190223
Kingsoft 20190223
MAX 20190223
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190223
TheHacker 20190217
TotalDefense 20190223
Trustlook 20190223
ViRobot 20190222
Zoner 20190223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 1991-2001 LEAD Technologies, Inc.

Product LEADTOOLS(r) DLL for Win32
Original name LFMSP13N.DLL
Internal name LFMSP13N
File version 13.0.0.047
Description LEADTOOLS(r) DLL for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-13 20:26:08
Entry Point 0x00002D14
Number of sections 5
PE sections
PE imports
EnumServicesStatusW
SetTextJustification
FlattenPath
SetPixelV
GetCurrentProcess
GetLargePageMinimum
GetProcessHandleCount
GetCommandLineW
SetConsoleHistoryInfo
CancelWaitableTimer
CloseHandle
GetVersion
SysFreeString
VarCyCmp
VarCyFromR8
Ord(29)
GetUserNameExW
FindWindowExA
GetMenuInfo
CreateIconIndirect
GetClientRect
UserHandleGrantAccess
GetKeyboardType
strncmp
memset
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
16384

SubsystemVersion
6.1

LinkerVersion
4.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
13.0.0.47

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LEADTOOLS(r) DLL for Win32

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2d14

OriginalFileName
LFMSP13N.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-2001 LEAD Technologies, Inc.

FileVersion
13.0.0.047

TimeStamp
1995:11:13 21:26:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
LFMSP13N

ProductVersion
13.0.0.047

UninitializedDataSize
131072

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LEAD Technologies, Inc.

LegalTrademarks
LEADTOOLS(r) is a trademark of LEAD Technologies, Inc.

ProductName
LEADTOOLS(r) DLL for Win32

ProductVersionNumber
13.0.0.47

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 90f42b009ea576b77f0b0426f445cb65
SHA1 e2491ce5bc9bda9b46e4e3ce26dfe093ce09ed24
SHA256 1d3dd85f2301227dbe75341bcaac27befbfa6b69aa6ff3048088cd1efba17291
ssdeep
3072:FNychA+0CDOvc/Q8y1R6oIoiMs7AzrfCr07pwJNUh:rB/C1R6oIok7V0d

authentihash ec41aea1251b7986e44093452daf83e9716f2b90ec3f0a74e4065e0a796321e9
imphash e08094ccf2937be16034dce00191ee08
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-18 13:19:25 UTC ( 2 months ago )
Last submission 2019-03-22 10:50:22 UTC ( 1 month ago )
File names YAxubxZ5aXf9.exe
USXX3uDrm4.exe
LFMSP13N
0UVgGvvb.exe
emotet_e1_1d3dd85f2301227dbe75341bcaac27befbfa6b69aa6ff3048088cd1efba17291_2019-02-18__131004.exe_

345.exe
29.tmp
LFMSP13N.DLL
minidasmrc.exe
policresw.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!