× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22774e830d493ce27dff0d500aba5171e1240f564da3b57def8030fb685cfd1f
File name: 9rfwnYjXKwI.exe
Detection ratio: 21 / 68
Analysis date: 2018-08-01 12:04:19 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R232549 20180801
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180801
CAT-QuickHeal Trojan.Emotet.X4 20180801
Comodo .UnclassifiedMalware 20180801
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180801
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJKT 20180801
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180801
McAfee Artemis!99E71C359A02 20180801
McAfee-GW-Edition BehavesLike.Win32.Adware.ch 20180801
Microsoft Trojan:Win32/Emotet.AC!bit 20180801
Palo Alto Networks (Known Signatures) generic.ml 20180801
Qihoo-360 HEUR/QVM20.1.E44B.Malware.Gen 20180801
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180801
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180801
Symantec Packed.Generic.517 20180731
Webroot W32.Trojan.Emotet 20180801
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180801
Ad-Aware 20180801
AegisLab 20180801
Alibaba 20180713
ALYac 20180801
Antiy-AVL 20180801
Arcabit 20180801
Avast 20180801
Avast-Mobile 20180801
AVG 20180801
Avira (no cloud) 20180801
AVware 20180727
Babable 20180725
BitDefender 20180801
Bkav 20180801
ClamAV 20180801
CMC 20180801
Cybereason 20180225
Cyren 20180801
DrWeb 20180801
eGambit 20180801
Emsisoft 20180801
F-Prot 20180801
F-Secure 20180801
Fortinet 20180801
GData 20180801
Ikarus 20180801
Jiangmin 20180801
K7AntiVirus 20180801
K7GW 20180801
Kingsoft 20180801
Malwarebytes 20180801
MAX 20180801
eScan 20180801
NANO-Antivirus 20180801
Panda 20180801
SUPERAntiSpyware 20180801
Symantec Mobile Insight 20180801
TACHYON 20180801
Tencent 20180801
TheHacker 20180730
TotalDefense 20180801
TrendMicro 20180801
TrendMicro-HouseCall 20180801
Trustlook 20180801
VBA32 20180801
VIPRE 20180801
ViRobot 20180801
Yandex 20180731
Zillya 20180731
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Description qqqqqqqqqqqqqqqqq
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001B20E
Number of sections 6
PE sections
PE imports
CertAddCertificateLinkToStore
EqualRgn
GetTextCharset
ConvertFiberToThread
lstrlenA
SwitchToThread
GetModuleHandleA
GetCurrentThreadId
GetNamedPipeClientSessionId
VarUI1FromStr
DispatchMessageA
SendMessageTimeoutA
GetDC
PostThreadMessageA
DeviceCapabilitiesW
g_rgSCardT1Pci
strncmp
realloc
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
qqqqqqqqqqqqqqqqq

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1b20e

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:22 19:20:06-08:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
114688

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 99e71c359a0278a11fd3702d51157997
SHA1 503216273f39b2b15f1eb571efddb07cf1a615c4
SHA256 22774e830d493ce27dff0d500aba5171e1240f564da3b57def8030fb685cfd1f
ssdeep
3072:7UZ3w56olvSXqY6IH3X/eQ24HMi+wGyI3:i3w5zvgqYu54X+wGJ

authentihash ddb95af93cf6514157349e8fb90885d3cf7d52a1e9eef87c7cd1275fb2df0d86
imphash 6f6c1b79e091f2a287b88e95ce4930d5
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-01 10:41:32 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-23 11:38:40 UTC ( 6 months ago )
File names 721.exe
9rfwnYjXKwI.exe
71074.exe
58.exe
SGJLAIO2CIUHU.EXE
6.exe
9.exe
26340861.exe
7532.exe
2.exe
5842373.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!