× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 220fe59dbec292f55c82669ff6028e50146534bb8169422d05ce75ae5a94361e
File name: zbetcheckin_tracker_HeoUm
Detection ratio: 16 / 67
Analysis date: 2018-08-14 22:00:17 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R233699 20180814
AVG FileRepMalware 20180814
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180814
CAT-QuickHeal Trojan.Emotet.X4 20180814
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.81b5a2 20180225
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CIDG 20180814
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180814
Microsoft Trojan:Win32/Emotet.AC!bit 20180814
Qihoo-360 HEUR/QVM20.1.3017.Malware.Gen 20180814
Rising Malware.Heuristic!ET#89% (RDM+:cmRtazokoVZUQjYYeNZ4rWiR/LTG) 20180814
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180814
Symantec ML.Attribute.HighConfidence 20180814
Ad-Aware 20180814
AegisLab 20180814
Alibaba 20180713
ALYac 20180814
Antiy-AVL 20180814
Arcabit 20180814
Avast 20180814
Avast-Mobile 20180814
Avira (no cloud) 20180814
AVware 20180814
Babable 20180725
BitDefender 20180814
Bkav 20180814
ClamAV 20180814
CMC 20180812
Comodo 20180814
Cyren 20180814
DrWeb 20180814
eGambit 20180814
Emsisoft 20180814
F-Prot 20180814
F-Secure 20180814
Fortinet 20180814
GData 20180814
Ikarus 20180814
Jiangmin 20180814
K7AntiVirus 20180814
K7GW 20180814
Kaspersky 20180814
Kingsoft 20180814
Malwarebytes 20180814
MAX 20180814
McAfee 20180814
eScan 20180814
NANO-Antivirus 20180814
Palo Alto Networks (Known Signatures) 20180814
Panda 20180814
SUPERAntiSpyware 20180814
Symantec Mobile Insight 20180814
TACHYON 20180814
Tencent 20180814
TheHacker 20180813
TotalDefense 20180814
TrendMicro 20180814
TrendMicro-HouseCall 20180814
Trustlook 20180814
VBA32 20180814
VIPRE 20180814
ViRobot 20180814
Webroot 20180814
Yandex 20180814
Zillya 20180814
ZoneAlarm by Check Point 20180814
Zoner 20180813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-14 21:49:37
Entry Point 0x00001790
Number of sections 6
PE sections
PE imports
CertVerifyValidityNesting
CancelDC
CreateICA
Ellipse
GetNearestColor
GetSystemTime
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
CompareStringW
GetSystemDefaultLocaleName
RtlCaptureStackBackTrace
GetExitCodeThread
GetConsoleDisplayMode
HeapAlloc
GetCommandLineA
GlobalMemoryStatusEx
GetCurrentThreadId
SetProcessWorkingSetSizeEx
GetQueuedCompletionStatusEx
RpcSsDestroyClientContext
SetupDiDestroyDriverInfoList
CM_Get_Next_Res_Des
Ord(29)
GetAsyncKeyState
EnumDesktopsA
IsMenu
GetThreadDesktop
GetCursorInfo
CoGetCurrentProcess
Number of PE resources by type
RT_STRING 13
RT_BITMAP 12
Number of PE resources by language
NEUTRAL 18
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:14 22:49:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1790

InitializedDataSize
151552

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b7c7cfd5a51c2eb2aebee27a968c7a1b
SHA1 d5064de81b5a25d3f9c06da6d23380e4898aaf6e
SHA256 220fe59dbec292f55c82669ff6028e50146534bb8169422d05ce75ae5a94361e
ssdeep
3072:uLtlq30o+p5t2G6QxO3Hpqbodod7tKIG42:gt50pLmb5

authentihash fdba3fa1e970156a9cd570711e8fcef1c784a5554bd8933ccd18f0e5d18a0aea
imphash 0f6f852263656c9c848d226bdef3a2e5
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-14 22:00:17 UTC ( 6 months, 1 week ago )
Last submission 2018-08-14 22:00:17 UTC ( 6 months, 1 week ago )
File names zbetcheckin_tracker_HeoUm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!