× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d997555910e8ccdbe
File name: emotet_e1_2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d9975559...
Detection ratio: 24 / 65
Analysis date: 2019-03-15 06:40:49 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
AVG FileRepMalware 20190315
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190315
CAT-QuickHeal Trojan.Zenshirsh.SL7 20190314
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.5c9d3e 20190109
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190315
Fortinet W32/Kryptik.CPES!tr 20190315
Sophos ML heuristic 20190313
Kaspersky UDS:DangerousObject.Multi.Generic 20190315
McAfee Artemis!697B75A5C9D3 20190315
McAfee-GW-Edition Artemis!Trojan 20190315
Microsoft Trojan:Win32/Fuerboos.C!cl 20190315
Palo Alto Networks (Known Signatures) generic.ml 20190315
Qihoo-360 HEUR/QVM20.1.D9E7.Malware.Gen 20190315
Rising Trojan.Kryptik!8.8 (TFE:3:ZX5GbKnV1a) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Tencent Win32.Trojan.Falsesign.Wptr 20190315
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.Malware-Cryptor.Emotet 20190314
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190315
Ad-Aware 20190315
AegisLab 20190315
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190315
Antiy-AVL 20190315
Arcabit 20190315
Avast 20190315
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
BitDefender 20190315
Bkav 20190314
ClamAV 20190314
CMC 20190314
Comodo 20190315
Cyren 20190315
DrWeb 20190315
eGambit 20190315
Emsisoft 20190315
F-Secure 20190315
GData 20190315
Ikarus 20190314
Jiangmin 20190315
K7AntiVirus 20190315
K7GW 20190315
Kingsoft 20190315
Malwarebytes 20190315
MAX 20190315
eScan 20190315
NANO-Antivirus 20190315
Panda 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
ViRobot 20190315
Yandex 20190314
Zillya 20190314
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 Qihu 360 Software Co., Ltd.

Product 360 Internet Security
Original name WDSafeDown.exe
Internal name WDSafeDown.exe
File version 2, 0, 0, 1200
Description 360 Internet Security Internet Protection
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:40 AM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 02:38:24
Entry Point 0x000013B0
Number of sections 4
PE sections
Overlays
MD5 195b93569797b3707768f6d177af0a04
File type data
Offset 204288
Size 3336
Entropy 7.32
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetTimeFormatW
FindNextFileW
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
IsBadReadPtr
VirtualAlloc
GetOEMCP
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SendDlgItemMessageA
SendMessageTimeoutA
DdeCreateStringHandleA
PeekMessageA
EnableMenuItem
LoadStringA
DispatchMessageA
GetTopWindow
TranslateAccelerator
CharNextExA
CreateIconFromResource
MessageBoxA
GetSystemMenu
SetForegroundWindow
CreateDialogParamA
GetDCEx
GetMessageTime
InvalidateRgn
FlashWindow
DestroyWindow
Number of PE resources by type
RT_STRING 21
RT_ICON 3
RT_VERSION 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 26
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
97280

ImageVersion
0.0

ProductName
360 Internet Security

FileVersionNumber
2.0.0.1200

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
WDSafeDown.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 0, 0, 1200

TimeStamp
2019:03:15 03:38:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WDSafeDown.exe

ProductVersion
2, 0, 0, 1200

FileDescription
360 Internet Security Internet Protection

OSVersion
5.0

FileOS
Win32

LegalCopyright
(C) 2014 Qihu 360 Software Co., Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
Qihu 360 Software Co., Ltd.

CodeSize
105984

FileSubtype
0

ProductVersionNumber
2.0.0.1200

EntryPoint
0x13b0

ObjectFileType
Executable application

File identification
MD5 697b75a5c9d3e71fe43f3753ea9d6440
SHA1 b37f4b6587255d400d451b41ba9a4c295008d018
SHA256 2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d997555910e8ccdbe
ssdeep
3072:M2B7dBvk2GgrQCz+VGUbqPM902yHydV1ekT5rHxaEXT:bs29z+VGUQM9UHQ4kFrxJ

authentihash 7ff7303b479225938093db73774e8938bd72b03ce52f4d6058aab6b0a4604520
imphash 328640538d6f73e862407524df1d6c95
File size 202.8 KB ( 207624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 02:48:10 UTC ( 1 month, 1 week ago )
Last submission 2019-03-15 06:40:49 UTC ( 1 month, 1 week ago )
File names WDSafeDown.exe
emotet_e1_2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d997555910e8ccdbe_2019-03-15__024503.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs