Antivirus scan for 1e63f61ddd4a9f5595c0b2db17ab392dbb786f9337292d3ebeb3cea708056ddf at 2018-12-18 19:13:25 UTC

Antivirus	Result	Update
Acronis	malware	20180726
Ad-Aware	Gen:Variant.Graftor.535655	20181218
BitDefender	Gen:Variant.Graftor.535655	20181218
Bkav	HW32.Packed.	20181217
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20181022
Cybereason	malicious.3ba780	20180225
Cylance	Unsafe	20181218
eGambit	Unsafe.AI_Score_62%	20181218
Emsisoft	Gen:Variant.Graftor.535655 (B)	20181218
Endgame	malicious (high confidence)	20181108
F-Secure	Gen:Variant.Graftor.535655	20181218
GData	Gen:Variant.Graftor.535655	20181218
Sophos ML	heuristic	20181128
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc	20181218
Microsoft	Trojan:Win32/Fuerboos.A!cl	20181218
Qihoo-360	HEUR/QVM20.1.F349.Malware.Gen	20181218
Rising	Malware.Heuristic!ET#100% (RDM+:cmRtazpmaMKqhSzKWyHj9iTn5vSZ)	20181218
SentinelOne (Static ML)	static engine - malicious	20181011
Sophos AV	Mal/EncPk-ANY	20181218
Symantec	ML.Attribute.HighConfidence	20181218
Trapmine	malicious.high.ml.score	20181205
Webroot	W32.Trojan.Emotet	20181218
AegisLab		20181218
AhnLab-V3		20181218
Alibaba		20180921
ALYac		20181218
Antiy-AVL		20181218
Arcabit		20181218
Avast		20181218
Avast-Mobile		20181218
AVG		20181218
Avira (no cloud)		20181218
Babable		20180918
Baidu		20181207
CAT-QuickHeal		20181218
ClamAV		20181218
CMC		20181218
Comodo		20181218
Cyren		20181218
DrWeb		20181218
ESET-NOD32		20181218
F-Prot		20181218
Fortinet		20181218
Ikarus		20181218
Jiangmin		20181218
K7AntiVirus		20181218
K7GW		20181218
Kaspersky		20181218
Kingsoft		20181218
Malwarebytes		20181218
MAX		20181218
McAfee		20181218
eScan		20181218
NANO-Antivirus		20181218
Palo Alto Networks (Known Signatures)		20181218
Panda		20181218
SUPERAntiSpyware		20181212
Symantec Mobile Insight		20181215
TACHYON		20181218
Tencent		20181218
TheHacker		20181216
TotalDefense		20181218
TrendMicro		20181218
TrendMicro-HouseCall		20181218
Trustlook		20181218
VBA32		20181218
ViRobot		20181218
Yandex		20181218
Zillya		20181217
ZoneAlarm by Check Point		20181218
Zoner		20181218

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product Microsoft®

Original name kbdth3.dll

Internal name kbdth3 (3.13)

Description Thai Pattachote (non-ShiftLock) Keyboa

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2002-07-18 02:23:20

Entry Point 0x00002D40

Number of sections 9

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 7848 8192 6.50 9bc32b1d5add25c859fd44a532776eb8

.rdata 12288 1132 4096 1.79 b71b63d294ea63abf83ad4fc46573b4c

.data 16384 24080 20480 7.66 8953190f4060518ce55bb8e2359f66fe

.CRT 40960 27943 28672 7.93 47a096d0393f6c0c566b44d9f1a74306

.reloc 69632 25240 28672 7.53 96b77f7835cea3e15fc7b3521ff768c2

.crt2 98304 10817 12288 7.53 a906e04fccf04840cd8acbb1ebf1016f

.3Q 110592 9011 12288 6.66 5ba01e5a2a93f0d32d7209bbd28c7f9e

.rsrc 122880 1584 4096 1.73 84238f4f0a133249f689ca894d590e9b

.reloc 126976 196 4096 0.51 ad7b0d3966a4216efabf725a492864f1

PE imports

Number of PE resources by type

RT_BITMAP 1

RT_VERSION 1

Number of PE resources by language

JAPANESE DEFAULT 2

PE resources

4fbdd000e0bcba650353be06a92d513abdeda02fa17d5b6de618f245088950fe data

cbdeed46e35ebf3271b3fa633bf525881ce580cfcdcfe1c94bcf94dc846eba80 data

Debug information

Type Timestamp Offset Size

13160 (13160) Thu Jan 1 03:38:42 1970 13056 13210 Bytes

IMAGE_DEBUG_TYPE_UNKNOWN (0) Thu Jan 1 03:36:46 1970 13390 13090 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

2.0

ImageVersion

5.1

FileSubtype

FileVersionNumber

9.0.0.2719

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

Thai Pattachote (non-ShiftLock) Keyboa

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Windows, Latin1

InitializedDataSize

EntryPoint

0x2d40

OriginalFileName

kbdth3.dll

MIMEType

application/octet-stream

LegalCopyright

Microsoft Cor

TimeStamp

2002:07:18 04:23:20+02:00

FileType

Win32 EXE

PEType

PE32

InternalName

kbdth3 (3.13)

ProductVersion

6.1.76

SubsystemVersion

5.0

OSVersion

6.0

FileOS

Windows 32-bit

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Microsoft Corporati

CodeSize

135168

ProductName

Microsoft

ProductVersionNumber

9.0.0.2719

FileTypeExtension

exe

ObjectFileType

Dynamic link library

File identification

MD5 54cd96462ef2f1697cb207a08604426c

SHA1 1e45a993ba7808e71acf01c5fbb1c66b586b595c

SHA256 1e63f61ddd4a9f5595c0b2db17ab392dbb786f9337292d3ebeb3cea708056ddf

ssdeep

1536:c4jhSwFH28nZ3rHTv7+2/iIBuAtOCEZEgjiEmwGdeQhEZKDcbsS1kKFm/AqiRT:c+Z3rTvfidAuEgjpmwsxhlwPU/AqiRT

authentihash d1bbaa5ced09f0a45e500fdea07965d3940ff34197cda1609cad64129cce7872

imphash 057b3610e123cf4b78ec28d6909d1948

File size 124.0 KB ( 126976 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-12-18 19:13:25 UTC ( 2 months ago )

Last submission 2018-12-18 19:13:25 UTC ( 2 months ago )

File names

kbdth3 (3.13)
kbdth3.dll

SHA256:	1e63f61ddd4a9f5595c0b2db17ab392dbb786f9337292d3ebeb3cea708056ddf
File name:	1e63f61ddd4a9f5595c0b2db17ab392dbb786f9337292d3ebeb3cea708056ddf
Detection ratio:	22 / 70
Analysis date:	2018-12-18 19:13:25 UTC ( 2 months ago ) View latest

Ciphered bundle