× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fd30f03429e963d30d445debfd6b076fddca29e6fc9d89c3a8773412a75cf7d
File name: faFIPfAf.exe
Detection ratio: 46 / 70
Analysis date: 2018-11-26 15:49:24 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40780016 20181126
AhnLab-V3 Trojan/Win32.Emotet.R245745 20181126
ALYac Trojan.Agent.Emotet 20181126
Arcabit Trojan.Generic.D26E40F0 20181126
Avast Win32:Malware-gen 20181126
AVG Win32:Malware-gen 20181126
BitDefender Trojan.GenericKD.40780016 20181126
CAT-QuickHeal Trojan.Fuerboos 20181126
ClamAV Win.Trojan.Emotet-6748801-0 20181126
Comodo Malware@#2ojeahnvidrbn 20181126
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.a02d1f 20180225
Cylance Unsafe 20181126
Cyren W32/Emotet.JL.gen!Eldorado 20181126
DrWeb Trojan.EmotetENT.302 20181126
Emsisoft Trojan.Emotet (A) 20181126
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNAS 20181126
F-Prot W32/Emotet.JL.gen!Eldorado 20181126
F-Secure Trojan.GenericKD.40780016 20181126
Fortinet W32/Kryptik.GMOJ!tr 20181126
GData Trojan.GenericKD.40780016 20181126
Ikarus Trojan-Banker.Emotet 20181126
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b6a31 ) 20181126
K7GW Trojan ( 0053b6a31 ) 20181126
Kaspersky Trojan-Banker.Win32.Emotet.brfj 20181126
Malwarebytes Trojan.Emotet 20181126
MAX malware (ai score=100) 20181126
McAfee Emotet-FJR!0A1CC74A02D1 20181126
McAfee-GW-Edition Emotet-FJR!0A1CC74A02D1 20181126
Microsoft Trojan:Win32/Emotet.AC!bit 20181126
eScan Trojan.GenericKD.40780016 20181126
NANO-Antivirus Trojan.Win32.Emotet.fkoqnt 20181126
Palo Alto Networks (Known Signatures) generic.ml 20181126
Panda Trj/RnkBend.A 20181125
Qihoo-360 Win32/Trojan.9b2 20181126
Rising Trojan.GenKryptik!8.AA55 (TFE:2:7uazmMYLFVE) 20181126
Sophos AV Troj/Emotet-ALF 20181126
Symantec Trojan.Emotet 20181126
Trapmine malicious.high.ml.score 20181126
TrendMicro TSPY_EMOTET.THAABCAH 20181126
TrendMicro-HouseCall TSPY_EMOTET.THAABCAH 20181126
VBA32 BScope.TrojanBanker.Emotet 20181126
Webroot W32.Trojan.Emotet 20181126
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.brfj 20181126
AegisLab 20181126
Alibaba 20180921
Antiy-AVL 20181126
Avast-Mobile 20181126
Avira (no cloud) 20181126
Babable 20180918
Baidu 20181126
Bkav 20181126
CMC 20181126
eGambit 20181126
Jiangmin 20181126
Kingsoft 20181126
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181126
Tencent 20181126
TheHacker 20181126
TotalDefense 20181126
Trustlook 20181126
VIPRE None
ViRobot 20181126
Yandex 20181123
Zillya 20181123
Zoner 20181126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Sola Plug-in
Original name c_gb18030.
Internal name Loft Plug-in
File version 1, 5, 2, 50
Description Lynx 64 OPPD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-12-21 05:03:18
Entry Point 0x0000180F
Number of sections 8
PE sections
PE imports
ImpersonateAnonymousToken
RegDisableReflectionKey
RegOverridePredefKey
ResizePalette
GetTextCharsetInfo
SelectClipRgn
OffsetRgn
PtVisible
GetProcessIoCounters
GetThreadPriority
GetSystemInfo
GetSystemDefaultLCID
AllocConsole
TerminateJobObject
IsProcessorFeaturePresent
GetConsoleProcessList
GetCommandLineA
SetConsoleOutputCP
AllocateUserPhysicalPagesNuma
RpcBindingInqAuthInfoExW
SHFormatDrive
MapDialogRect
GetLastInputInfo
AddClipboardFormatListener
EnableWindow
ChildWindowFromPoint
GetComboBoxInfo
TranslateMessage
GetSysColor
SetWindowPos
iswalpha
MkParseDisplayName
CoFreeLibrary
CoRevokeMallocSpy
Number of PE resources by type
RT_DIALOG 19
RT_STRING 10
RT_VERSION 1
Number of PE resources by language
ITALIAN NEUTRAL 3
SWEDISH NEUTRAL 3
CHINESE TRADITIONAL 3
SPANISH NEUTRAL 3
GERMAN NEUTRAL 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
FRENCH NEUTRAL 3
ENGLISH US 3
KOREAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.2.50

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Lynx 64 OPPD

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
14.0

EntryPoint
0x180f

OriginalFileName
c_gb18030.

MIMEType
application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.4|application/x-java-bean;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-bean;version=1.4.1

LegalCopyright
Microsoft

FileExtents
|||||

FileOpenName
Lync Applet|JavaBeans|Lynx Applet|LunxMings|Ming Applet|SolaBeans

FileVersion
1, 5, 2, 50

TimeStamp
1994:12:21 06:03:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Loft Plug-in

ProductVersion
3, 4, 2, 50

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LyncSoft / Sun Microsystems, Inc.

CodeSize
12288

ProductName
Sola Plug-in

ProductVersionNumber
1.4.2.50

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0a1cc74a02d1fe481c08e22f914395e8
SHA1 31df0b6efd53991b361b403c7d38fbc7e293564a
SHA256 1fd30f03429e963d30d445debfd6b076fddca29e6fc9d89c3a8773412a75cf7d
ssdeep
3072:yv13dWOO9AUcZIhmVwKxNtiLq2Z1B1cyaxQ:oPWOAJc0m5im2Z1MyY

authentihash a7ca4e937e589fcc83761f60d0236dfd08e373d4c325e6f70502af1fadb1c5fe
imphash 35661aac5972e4a677c35a7f523609d2
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-21 22:25:40 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-28 01:37:59 UTC ( 2 months, 2 weeks ago )
File names Loft Plug-in
23390680.exe
c_gb18030.
faFIPfAf.exe
43FQ0NnuQ9fj.exe
bjtsGZJvmOQI.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!