× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fc927dc11bdc29774e77ad9102d43a9f7de08dffde78b05506255a35ed27492
File name: emotet_e2_1fc927dc11bdc29774e77ad9102d43a9f7de08dffde78b05506255a...
Detection ratio: 38 / 64
Analysis date: 2019-03-26 05:01:34 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190325
Ad-Aware Trojan.Agent.DSGX 20190326
AhnLab-V3 Trojan/Win32.Agent.R260068 20190326
ALYac Trojan.Agent.DSGX 20190326
Arcabit Trojan.Agent.DSGX 20190325
Avast Win32:DangerousSig [Trj] 20190326
AVG Win32:DangerousSig [Trj] 20190326
Avira (no cloud) TR/Crypt.Agent.zvnnv 20190325
BitDefender Trojan.Agent.DSGX 20190326
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.13bfb4 20190325
DrWeb Trojan.Siggen8.19716 20190326
Emsisoft Trojan.Agent.DSGX (B) 20190326
Endgame malicious (high confidence) 20190322
ESET-NOD32 Win32/Emotet.BY 20190326
FireEye Generic.mg.a8a2a7d13bfb43c4 20190326
Fortinet W32/Generic.AP.290658!tr 20190326
GData Trojan.Agent.DSGX 20190326
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a7b41 ) 20190325
K7GW Trojan ( 0054a7b41 ) 20190326
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen 20190326
Malwarebytes Trojan.Emotet 20190326
MAX malware (ai score=85) 20190326
McAfee GenericRXHG-WM!A8A2A7D13BFB 20190326
McAfee-GW-Edition Artemis!Trojan 20190325
Microsoft Trojan:Win32/Emotet!rfn 20190326
eScan Trojan.Agent.DSGX 20190326
Palo Alto Networks (Known Signatures) generic.ml 20190326
Panda Trj/GdSda.A 20190325
Qihoo-360 Win32/Trojan.466 20190326
Rising Trojan.Kryptik!8.8 (CLOUD) 20190326
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190326
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THCBEAI 20190326
VBA32 BScope.Malware-Cryptor.Emotet 20190325
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190326
AegisLab 20190326
Alibaba 20190306
Antiy-AVL 20190326
Avast-Mobile 20190325
Babable 20180918
Baidu 20190318
Bkav 20190326
CAT-QuickHeal 20190325
CMC 20190321
Comodo 20190326
Cyren 20190326
eGambit 20190326
F-Secure 20190325
Jiangmin 20190326
Kingsoft 20190326
NANO-Antivirus 20190326
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190325
TACHYON 20190326
Tencent 20190326
TheHacker 20190324
TotalDefense 20190325
Trustlook 20190326
ViRobot 20190325
Yandex 20190324
Zillya 20190324
Zoner 20190326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DISM.EXE
Internal name dism
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Dism Image Servicing Utility
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:01 AM 3/26/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-24 01:13:38
Entry Point 0x0001D950
Number of sections 4
PE sections
Overlays
MD5 fdec69549a2ab1d6bc206cb3d881b269
File type data
Offset 204288
Size 3336
Entropy 7.35
PE imports
CreateJobObjectA
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
HeapDestroy
ProcessIdToSessionId
GetFileAttributesW
lstrcmpW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
GetVolumeInformationW
VerifyVersionInfoA
SetErrorMode
WideCharToMultiByte
WritePrivateProfileStringW
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
OutputDebugStringA
SetLocaleInfoW
SetLastError
_llseek
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
OutputDebugStringW
CancelTimerQueueTimer
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GlobalHandle
lstrcmpiW
FoldStringA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
TlsSetValue
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
UnlockFile
ExitThread
SetEnvironmentVariableA
FindAtomW
SetProcessShutdownParameters
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
SetConsoleTitleA
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
MoveFileWithProgressW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
FreeResource
SetVolumeMountPointW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetConsoleAliasesA
AddAtomW
GetProcessHeap
GetComputerNameW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
WTSGetActiveConsoleSessionId
HeapValidate
CompareStringA
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTempPathW
CreateEventW
FindFirstVolumeA
EnumTimeFormatsA
CreateFileW
WriteConsoleA
GetFileType
SetFileTime
CreateFileA
HeapAlloc
GetCurrencyFormatW
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetThreadLocale
OpenThread
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
HeapSize
GetCurrentProcessId
LockResource
ContinueDebugEvent
GetCommandLineW
GetCurrentDirectoryA
GetAtomNameW
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
UnhandledExceptionFilter
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
BindIoCompletionCallback
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
TerminateProcess
SetThreadPriority
SetComputerNameExW
VirtualAlloc
GetTimeFormatA
WindowFromPoint
SetFocus
EnumWindowStationsA
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
ValidateRect
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
EndPaint
ScrollWindowEx
SetDlgItemInt
IntersectRect
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
DdeInitializeA
GetDlgCtrlID
GetMenu
UnregisterClassA
TranslateMessage
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
GetTopWindow
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
ShowScrollBar
CheckRadioButton
GetMessageW
ShowWindow
SetPropW
GetMenuState
GetClipboardFormatNameA
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
DdeQueryConvInfo
IsWindowEnabled
GetDlgItemTextW
GetDlgItemInt
GetMenuBarInfo
CharNextExA
GetMenuItemRect
RegisterClassW
ScrollWindow
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
OemToCharBuffA
EnableMenuItem
TrackPopupMenuEx
GetScrollPos
GetSubMenu
GetDCEx
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
GetDialogBaseUnits
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetGUIThreadInfo
GetMenuItemInfoW
IsChild
MapWindowPoints
RegisterWindowMessageW
DrawAnimatedRects
LockWindowUpdate
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetAltTabInfo
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
CreatePopupMenu
CheckMenuItem
GetClassLongW
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SystemParametersInfoW
BringWindowToTop
ClientToScreen
TrackPopupMenu
GetMenuItemCount
SetParent
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
GetMenuStringW
CreateDialogIndirectParamW
DrawTextExW
EndDialog
SetProcessDefaultLayout
ModifyMenuW
GetCapture
RealGetWindowClass
ScreenToClient
SetWindowLongW
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
SetMenu
MoveWindow
DdePostAdvise
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
wsprintfW
IsWindowVisible
WinHelpW
UnpackDDElParam
GetWindowContextHelpId
GetWindowInfo
UnionRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
GetClientRect
UnregisterDeviceNotification
IsRectEmpty
GetFocus
InsertMenuItemW
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Dism Image Servicing Utility

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
83456

EntryPoint
0x1d950

OriginalFileName
DISM.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:24 02:13:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dism

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
119808

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a8a2a7d13bfb43c4b19e9f78b96ff38b
SHA1 b2e1cf2499b8e7029e8b494361d1e67fef88c819
SHA256 1fc927dc11bdc29774e77ad9102d43a9f7de08dffde78b05506255a35ed27492
ssdeep
3072:0W7kCAvUgI5sYU1GTStPrOKARkxEwSMmwVBEbLg4R+erGSFz52p0Wf6L5CnrtZ6:CC9sY4Gu1gdMmwVBE/Ier0CVerK

authentihash 3a60dd8ca7c565fa834ce0b858e0dd6824f086d058deeddf5edfe2eb4f5c102d
imphash 9e0d1d6f6388e8cd99ce5b32481f8f3f
File size 202.8 KB ( 207624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-24 01:21:12 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-26 05:01:34 UTC ( 1 month, 3 weeks ago )
File names emotet_e2_1fc927dc11bdc29774e77ad9102d43a9f7de08dffde78b05506255a35ed27492_2019-03-24__012003.exe_
dism
DISM.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections