× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 244e85139ab5b9d3e28664edcbc2736a78abe3d4a78e4590151d5e6079f8b287
File name: 244e85139ab5b9d3e28664edcbc2736a78abe3d4a78e4590151d5e6079f8b287
Detection ratio: 12 / 66
Analysis date: 2019-03-20 02:28:57 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190320
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
eGambit Unsafe.AI_Score_89% 20190320
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CPES 20190320
Fortinet W32/Kryptik.GPCF!tr 20190319
Sophos ML heuristic 20190313
Microsoft Trojan:Win32/Emotet.LK!ml 20190320
Qihoo-360 HEUR/QVM20.1.F5BE.Malware.Gen 20190320
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Trapmine malicious.high.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Emotet 20190319
Ad-Aware 20190319
AegisLab 20190320
AhnLab-V3 20190319
Alibaba 20190306
Antiy-AVL 20190320
Arcabit 20190320
Avast 20190320
Avast-Mobile 20190319
AVG 20190320
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
BitDefender 20190319
Bkav 20190318
CAT-QuickHeal 20190319
ClamAV 20190319
CMC 20190319
Comodo 20190320
Cybereason 20190314
Cyren 20190319
DrWeb 20190319
Emsisoft 20190319
F-Prot 20190320
F-Secure 20190319
GData 20190320
Ikarus 20190319
Jiangmin 20190320
K7AntiVirus 20190320
K7GW 20190319
Kaspersky 20190320
Kingsoft 20190320
Malwarebytes 20190320
MAX 20190320
McAfee 20190320
McAfee-GW-Edition 20190319
eScan 20190319
NANO-Antivirus 20190319
Palo Alto Networks (Known Signatures) 20190320
Panda 20190319
Rising 20190319
Sophos AV 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190320
Tencent 20190320
TheHacker 20190319
TotalDefense 20190318
TrendMicro-HouseCall 20190319
Trustlook 20190320
VIPRE 20190319
ViRobot 20190320
Yandex 20190318
Zillya 20190319
ZoneAlarm by Check Point 20190319
Zoner 20190320
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Product Microsoft® Office Visio® 2007
Original name Tlimpt.exe
Internal name Tlimpt.exe
File version 12.0.4518.1014
Description Timeline Wizard command line exe
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:09 PM 3/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-20 02:22:52
Entry Point 0x0001EB60
Number of sections 4
PE sections
Overlays
MD5 cf3821ebd8525c04a1bf6033d8e71e30
File type data
Offset 215040
Size 3336
Entropy 7.34
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegQueryValueExA
RegCreateKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegOpenKeyA
ConvertStringSidToSidW
OpenProcessToken
RegEnumKeyW
SetTokenInformation
RegOpenKeyW
RegQueryValueW
GetTokenInformation
DuplicateTokenEx
RegEnumKeyExW
GetLengthSid
CreateProcessAsUserW
RegDeleteValueW
RegSetValueExW
GetFileTitleW
GetTextMetricsW
SetMapMode
CombineRgn
PlayMetaFile
GetObjectType
CreateMetaFileW
SetColorAdjustment
SetWorldTransform
IntersectClipRect
OffsetWindowOrgEx
SetTextAlign
GetDCOrgEx
StretchDIBits
ScaleViewportExtEx
ArcTo
SetWindowExtEx
SetViewportExtEx
ExtCreatePen
SetBkColor
GetBkColor
SetRectRgn
TextOutW
CreateFontIndirectW
GetClipBox
GetCurrentPositionEx
CreateRectRgnIndirect
EnumFontsA
GetPixel
PolyDraw
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
OffsetClipRgn
BitBlt
SelectPalette
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetROP2
ExtEscape
Escape
SetArcDirection
DeleteObject
SetGraphicsMode
PlayMetaFileRecord
GetWindowExtEx
PatBlt
CreatePen
GetCharWidthW
SetStretchBltMode
GetDeviceCaps
LineTo
DeleteDC
GetMapMode
EnumMetaFile
GetObjectW
CreateDCW
CreateHatchBrush
CreateDIBPatternBrushPt
ExtTextOutW
SelectClipPath
RectVisible
GetStockObject
SelectClipRgn
SetWindowOrgEx
SelectObject
GetViewportExtEx
SetTextCharacterExtra
GetTextExtentPoint32W
CreatePatternBrush
PolylineTo
SaveDC
ModifyWorldTransform
RestoreDC
SetMapperFlags
CreateBitmap
SetTextColor
MoveToEx
SetViewportOrgEx
GetDCPenColor
CreateCompatibleDC
PolyBezierTo
CreateFontW
GdiSwapBuffers
CreateRectRgn
GetClipRgn
GetEnhMetaFilePixelFormat
SetPolyFillMode
CopyMetaFileW
SetTextJustification
CreateSolidBrush
DPtoLP
CopyMetaFileA
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
BindIoCompletionCallback
HeapDestroy
DebugBreak
ContinueDebugEvent
GetFileAttributesW
DuplicateHandle
GetLocalTime
CreateJobObjectA
GetAtomNameW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetThreadLocale
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
UnhandledExceptionFilter
OpenFileMappingA
ExitProcess
SetErrorMode
_llseek
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetProcAddress
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLocaleInfoW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
GlobalFindAtomW
WriteProcessMemory
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetSystemDefaultLCID
GetModuleFileNameA
GetStringTypeExW
lstrcmpiW
FoldStringA
EnumSystemLocalesA
EnumResourceLanguagesW
SetConsoleCtrlHandler
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
FlushFileBuffers
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetDateFormatA
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindAtomW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
CreateEventW
SetEndOfFile
DeleteAtom
GetVersion
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
CloseHandle
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetLastError
MoveFileWithProgressW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
CopyFileW
GlobalSize
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
CreateDirectoryA
DeleteFileA
CreateTimerQueueTimer
GetStartupInfoW
VirtualAllocEx
SetVolumeMountPointW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetConsoleAliasesA
AddAtomW
GetProcessHeap
GetComputerNameW
GetTimeFormatW
lstrcpyW
VerifyVersionInfoA
GetFileSizeEx
GlobalReAlloc
CancelTimerQueueTimer
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
WTSGetActiveConsoleSessionId
CreateDirectoryW
HeapValidate
GetTimeFormatA
GetTempFileNameA
FindResourceW
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetUserDefaultLCID
SetCommTimeouts
GetTimeZoneInformation
FindFirstVolumeA
EnumTimeFormatsA
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
GetCurrencyFormatW
LeaveCriticalSection
GlobalGetAtomNameW
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
LCMapStringA
CompareStringW
GetProcessTimes
SetProcessShutdownParameters
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
LockFile
lstrlenW
GetCPInfo
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
WritePrivateProfileStringW
SuspendThread
RaiseException
CompareStringA
GetConsoleMode
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetCommState
GlobalFlags
SetConsoleTitleA
FindFirstFileA
OpenMutexW
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
ProcessIdToSessionId
FindResourceExW
GetLongPathNameW
DeviceIoControl
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
GetCurrentThread
SetThreadPriority
SetComputerNameExW
VirtualAlloc
ResetEvent
SHGetFileInfoA
SHGetFolderPathW
ShellExecuteExA
SHGetFileInfoW
DragQueryFileW
SHQueryRecycleBinW
ExtractIconW
SHInvokePrinterCommandW
ShellHookProc
DragFinish
SHInvokePrinterCommandA
SHGetIconOverlayIndexW
SHGetPathFromIDList
SHGetDesktopFolder
ShellExecuteExW
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
SHGetMalloc
ExtractAssociatedIconA
PathIsUNCW
StrStrIA
StrCmpNA
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrRStrIA
PathAddBackslashW
PathAppendW
PathFindExtensionW
StrCmpIW
PathStripToRootW
SHGetValueW
PathRemoveExtensionW
RedrawWindow
EnumWindowStationsA
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
PostQuitMessage
GetWindowContextHelpId
SetWindowPos
GetClipboardViewer
GetNextDlgTabItem
IsWindow
CountClipboardFormats
GrayStringW
DispatchMessageA
EndPaint
ScrollWindowEx
OpenIcon
DdePostAdvise
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
DdeInitializeA
GetDlgCtrlID
SendMessageW
UnregisterClassA
IsDialogMessageW
EndMenu
CharUpperW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefWindowProcW
GetDlgItemTextW
SetScrollPos
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
SetDlgItemTextW
GetAltTabInfo
GetGUIThreadInfo
LockWindowUpdate
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
DrawTextW
CopyImage
PtInRect
CharUpperBuffW
DrawEdge
GetParent
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMenuState
SetProcessDefaultLayout
ShowWindow
DrawFrameControl
SetPropW
ValidateRect
DefMDIChildProcW
IsCharAlphaW
GetClipboardFormatNameA
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
GetClassInfoW
PeekMessageA
ChildWindowFromPoint
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetDlgItemInt
RegisterClassW
GetMenuBarInfo
CharNextExA
GetIconInfo
LoadAcceleratorsW
PaintDesktop
SetParent
SetClipboardData
FindWindowExW
IsZoomed
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
DrawMenuBar
OemToCharBuffA
IsIconic
TrackPopupMenuEx
GetSubMenu
SetTimer
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
MonitorFromPoint
CopyRect
GetDialogBaseUnits
GetSysColorBrush
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetWindowInfo
GetMenuStringW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
DrawAnimatedRects
EmptyClipboard
PostMessageA
IsCharAlphaNumericW
OffsetRect
SetFocus
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
GetClipboardData
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
CreateDialogIndirectParamW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CreateIconIndirect
SendDlgItemMessageW
ActivateKeyboardLayout
CharLowerW
PostMessageW
GetKeyNameTextW
EndDialog
DrawTextExW
WaitMessage
CreatePopupMenu
ShowCaret
DrawFocusRect
GetClassLongW
CharNextW
GetLastActivePopup
DrawIconEx
GetForegroundWindow
BeginDeferWindowPos
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
BringWindowToTop
GetSystemMenu
ScreenToClient
SetKeyboardState
TrackPopupMenu
CheckRadioButton
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
LoadIconW
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
OpenClipboard
GetAsyncKeyState
EnableWindow
CharLowerBuffW
IntersectRect
GetScrollInfo
GetMessageW
HideCaret
GetKeyboardLayout
FindWindowW
GetCapture
BeginPaint
RealGetWindowClass
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
SetMenu
MoveWindow
LoadKeyboardLayoutW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetMenuItemRect
MsgWaitForMultipleObjectsEx
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
EnableMenuItem
EnumDisplayMonitors
DefFrameProcW
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
DdeQueryConvInfo
CreateIcon
CallWindowProcW
GetClassNameW
EnumClipboardFormats
ReadClassStg
CoInitializeEx
CoUninitialize
OleRegGetUserType
CoTaskMemAlloc
CreateBindCtx
ReleaseStgMedium
CLSIDFromString
SetConvertStg
CoCreateInstance
WriteClassStg
CoInitializeSecurity
StringFromCLSID
ReadFmtUserTypeStg
CoDisconnectObject
CoInitialize
OleDuplicateData
CoTaskMemFree
CoTreatAsClass
StringFromGUID2
WriteFmtUserTypeStg
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Microsoft Office Visio 2007

FileVersionNumber
12.0.4518.1014

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
90112

FileTypeExtension
exe

OriginalFileName
Tlimpt.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
12.0.4518.1014

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2019:03:20 03:22:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tlimpt.exe

SubsystemVersion
5.0

ProductVersion
12.0.4518.1014

FileDescription
Timeline Wizard command line exe

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
123904

FileSubtype
0

ProductVersionNumber
12.0.4518.0

EntryPoint
0x1eb60

ObjectFileType
Executable application

File identification
MD5 72d3ad7a9f2967be9fb06982eaf8699d
SHA1 4eb0a9e1aa1a17e2da20283066c6c828ed667ded
SHA256 244e85139ab5b9d3e28664edcbc2736a78abe3d4a78e4590151d5e6079f8b287
ssdeep
6144:GkLpACxwnnaXYJkp6qp/bNmdtxDFZx+bG1Ni:LpAXncZRbcdJZx+Qw

authentihash 840ac231acb7e071abbcec94799c6df56395a4debbde2832de4ef2622fa8fc1e
imphash b0bd012596bd9a8f5f55c8b069f9b9aa
File size 213.3 KB ( 218376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-20 02:28:57 UTC ( 1 month ago )
Last submission 2019-03-20 05:04:03 UTC ( 1 month ago )
File names Tlimpt.exe
emotet_e1_244e85139ab5b9d3e28664edcbc2736a78abe3d4a78e4590151d5e6079f8b287_2019-03-20__023002.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections