× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d73bc903d3c98a510bf580a62aca1514e8ca935180657de4c7403969d15283a
File name: 1d73bc903d3c98a510bf580a62aca1514e8ca935180657de4c7403969d15283a
Detection ratio: 48 / 69
Analysis date: 2019-01-23 04:24:26 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.31544366 20190123
AhnLab-V3 Malware/Win32.Generic.C2950269 20190122
ALYac Trojan.GenericKD.31544366 20190123
Arcabit Trojan.Generic.D1E1542E 20190123
Avast Win32:BankerX-gen [Trj] 20190123
AVG Win32:BankerX-gen [Trj] 20190123
Avira (no cloud) TR/AD.Emotet.itcqf 20190122
BitDefender Trojan.GenericKD.31544366 20190123
CAT-QuickHeal Trojan.Emotet.X4 20190122
Comodo Malware@#13qld02silatj 20190123
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.ae4420 20190109
Cylance Unsafe 20190123
Cyren W32/Trojan.ISQP-2943 20190123
DrWeb Trojan.DownLoader27.23914 20190123
eGambit Unsafe.AI_Score_99% 20190123
Emsisoft Trojan.GenericKD.31544366 (B) 20190123
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOUY 20190123
Fortinet W32/GenKryptik.CWYW!tr 20190123
GData Trojan.GenericKD.31544366 20190123
Ikarus Trojan-Banker.Emotet 20190122
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545ed01 ) 20190122
K7GW Trojan ( 00545ed01 ) 20190122
Kaspersky Trojan-Banker.Win32.Emotet.caql 20190122
MAX malware (ai score=100) 20190123
McAfee RDN/Generic.grp 20190123
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20190123
Microsoft Trojan:Win32/Emotet.DN 20190123
eScan Trojan.GenericKD.31544366 20190123
NANO-Antivirus Trojan.Win32.Kryptik.fmghmn 20190123
Palo Alto Networks (Known Signatures) generic.ml 20190123
Panda Trj/GdSda.A 20190122
Qihoo-360 Win32/Trojan.7bf 20190123
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190123
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Emotet-Q 20190123
Symantec Trojan.Gen.2 20190122
Tencent Win32.Trojan-banker.Emotet.Wopp 20190123
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOABAAI 20190123
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOABAAI 20190123
VBA32 BScope.Trojan.Refinka 20190122
ViRobot Trojan.Win32.Z.Emotet.223232.A 20190122
Webroot W32.Trojan.Emotet 20190123
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.caql 20190123
AegisLab 20190123
Alibaba 20180921
Antiy-AVL 20190123
Avast-Mobile 20190122
Babable 20180918
Baidu 20190122
Bkav 20190122
ClamAV 20190123
CMC 20190122
F-Prot 20190123
F-Secure 20190123
Jiangmin 20190123
Kingsoft 20190123
SUPERAntiSpyware 20190116
TACHYON 20190123
TheHacker 20190118
TotalDefense 20190122
Trustlook 20190123
Yandex 20190122
Zillya 20190122
Zoner 20190123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) America Online, Inc. 1999 - 2004

Product America Online
Internal name MISCUTIL
File version 9.00.001
Description Utilities
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-19 11:00:41
Entry Point 0x0001C1B0
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
CryptHashSessionKey
GetSidIdentifierAuthority
TreeResetNamedSecurityInfoW
LogonUserA
QueryUsersOnEncryptedFile
EqualPrefixSid
GetClusterFromResource
JetTerm2
GetLogColorSpaceA
GetCurrentPositionEx
GetPolyFillMode
GetObjectW
GetFontLanguageInfo
GetObjectType
GetSystemTime
GetSystemWindowsDirectoryA
GetModuleFileNameW
DeactivateActCtx
GetTapeStatus
FlsGetValue
IsValidLocale
FlushFileBuffers
GetShortPathNameA
GetVolumePathNamesForVolumeNameW
IsWow64Process
GetCurrentProcess
GetVolumeInformationA
GetCurrentDirectoryA
GetConsoleMode
WriteProfileStringA
GetConsoleCursorInfo
GetWindowsDirectoryA
GetLocalTime
GetLogicalDrives
MapViewOfFile
GetTapePosition
GetProfileSectionA
GetSystemPowerStatus
GetCurrentThread
EnumResourceTypesA
EnumResourceNamesW
GetTimeFormatW
GetOverlappedResult
GetModuleHandleA
GetExitCodeThread
GlobalAddAtomA
FindResourceExW
GetAtomNameA
ReadFile
GetComputerNameExW
QueryIdleProcessorCycleTime
GetSystemDirectoryA
GetPrivateProfileIntW
GetPrivateProfileSectionW
LocalFree
GetThreadSelectorEntry
FindAtomW
GetTimeZoneInformation
DebugActiveProcess
GetPrivateProfileStringA
GetFileType
LocalUnlock
GetThreadLocale
LoadTypeLib
VariantTimeToSystemTime
GetRecordInfoFromGuids
SystemTimeToVariantTime
RasGetEapUserIdentityA
RpcRaiseException
RpcServerListen
SetupDiGetClassDescriptionExW
ExtractIconA
HashData
SHDeleteValueA
GetMenuPosFromID
DecryptMessage
FindWindowW
ExcludeUpdateRgn
GetComboBoxInfo
PostQuitMessage
GetDialogBaseUnits
FlashWindowEx
DeferWindowPos
ReleaseCapture
LookupIconIdFromDirectoryEx
DestroyCaret
GetTabbedTextExtentW
GetWindowRgn
LockWorkStation
GetMenuItemRect
GetLastActivePopup
IsWindowVisible
GetWindowPlacement
DrawMenuBar
DrawTextW
GetThreadDesktop
LoadAcceleratorsA
GetPriorityClipboardFormat
DdeClientTransaction
ChangeMenuA
GetKeyboardLayout
GetMenuItemCount
GetMenuState
CreateIconFromResource
LoadCursorW
GetWindowLongW
GetWindowTextA
CharNextW
GetMenuContextHelpId
GetFileVersionInfoSizeW
FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW
mmioSendMessage
DeletePortW
shutdown
getservbyname
realloc
fputws
fgetws
strcmp
CoTaskMemFree
MkParseDisplayName
CoUninitialize
CoGetClassObjectFromURL
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:19 12:00:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
129024

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x1c1b0

InitializedDataSize
102400

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d42dbba27dc711e5b4a3f4bf83967049
SHA1 669a023ae4420eae9f03f967547dcbb0a4a5a509
SHA256 1d73bc903d3c98a510bf580a62aca1514e8ca935180657de4c7403969d15283a
ssdeep
3072:DB+Cq2qguyCO9JgYnk37UwpjXjqK+eZtNJkXjeH+LbSZUJXuRBAmOzOa1+4WD7:DF6gxNgYnk37UwpDjqK3ZnD

authentihash bb5c6ec29e62191ac26802534cd34e1c67fe647cb98c3166e0dd6be45f894580
imphash 5ab3375f87a877f2e7318c6609127df4
File size 218.0 KB ( 223232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (46.2%)
Win32 Dynamic Link Library (generic) (18.4%)
Win32 Executable (generic) (12.6%)
Win16/32 Executable Delphi generic (5.8%)
OS/2 Executable (generic) (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-19 11:08:35 UTC ( 1 month, 4 weeks ago )
Last submission 2019-01-20 14:53:00 UTC ( 1 month, 4 weeks ago )
File names MISCUTIL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!