× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22d3266e47093ac41e6f30f40ab58203e3511d2744ba1b99183d33842ea68cc6
File name: GI5a1.exe
Detection ratio: 32 / 66
Analysis date: 2018-10-14 23:44:21 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31282394 20181014
Arcabit Trojan.Autoruns.GenericS.D1DD54DA 20181014
BitDefender Trojan.Autoruns.GenericKDS.31282394 20181014
CAT-QuickHeal Trojan.Emotet.X4 20181013
CMC Trojan.Win32.Obfuscated.en!O 20181014
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20181014
Cyren W32/Trojan.FRPE-2062 20181014
Emsisoft Trojan.Autoruns.GenericKDS.31282394 (B) 20181014
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNVZ 20181014
F-Secure Trojan.Autoruns.GenericKDS.31282394 20181015
Fortinet W32/GenKryptik.CNUY!tr 20181014
GData Trojan.Autoruns.GenericKDS.31282394 20181015
Ikarus Trojan.Win32.Krypt 20181014
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dip 20181015
Kaspersky Trojan-Banker.Win32.Emotet.bicp 20181014
McAfee RDN/Generic.hbg 20181014
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.jt 20181014
Microsoft Trojan:Win32/Occamy.C 20181014
eScan Trojan.Autoruns.GenericKDS.31282394 20181014
NANO-Antivirus Virus.Win32.Gen.ccmw 20181014
Palo Alto Networks (Known Signatures) generic.ml 20181014
Panda Trj/CI.A 20181014
Qihoo-360 HEUR/QVM20.1.7C51.Malware.Gen 20181014
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazqReDcVacvXBQuY8sTWp78w) 20181012
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181014
Symantec Trojan.Emotet 20181014
Webroot W32.Trojan.Emotet 20181014
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bicp 20181014
AegisLab 20181014
AhnLab-V3 20181014
Alibaba 20180921
ALYac 20181014
Antiy-AVL 20181014
Avast 20181014
Avast-Mobile 20181014
AVG 20181014
Avira (no cloud) 20181014
Babable 20180918
Baidu 20181012
Bkav 20181014
ClamAV 20181014
Comodo 20181014
Cybereason 20180225
DrWeb 20181014
eGambit 20181014
F-Prot 20181014
K7AntiVirus 20181014
K7GW 20181013
Kingsoft 20181014
Malwarebytes 20181014
MAX 20181014
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181014
Tencent 20181014
TheHacker 20181011
TotalDefense 20181014
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181014
VBA32 20181012
VIPRE 20181014
ViRobot 20181014
Yandex 20181012
Zillya 20181012
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-01 09:39:18
Entry Point 0x0000EBFF
Number of sections 5
PE sections
PE imports
GdiSetBatchLimit
GetTickCount64
WriteConsoleOutputCharacterA
FileTimeToSystemTime
GetProfileStringW
GetExitCodeThread
MprConfigInterfaceTransportAdd
MprAdminBufferFree
SHCopyKeyW
LookupIconIdFromDirectory
MsgWaitForMultipleObjects
FindCloseUrlCache
RetrieveUrlCacheEntryStreamA
OleRegEnumVerbs
Number of PE resources by type
TEXT 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:01 10:39:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xebff

InitializedDataSize
630784

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ef547641a728e75b739d936c377799c8
SHA1 8c291e404c250a9f8cfa8cd306238d7b8d41ab90
SHA256 22d3266e47093ac41e6f30f40ab58203e3511d2744ba1b99183d33842ea68cc6
ssdeep
6144:kKPhPFPaCiB4WGaRobjILwiY+qAVu6NRw4/zJzgwmQ6J:kWFCBjobjk3YZAVu6NRNJzBm5J

authentihash 95ddf360ebdc7e79d45b184b119109310e73dde6e33bf243f153090a88bcdf86
imphash 0ef9623fca2f635bfa037a5cd38f5feb
File size 680.0 KB ( 696320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-13 00:03:47 UTC ( 4 months, 1 week ago )
Last submission 2018-10-13 00:03:47 UTC ( 4 months, 1 week ago )
File names GI5a1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!