× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2452cab73be88f26b778cf5e84dc2f07d4ecc6729d82f74ae44e21b15e93cf2d
File name: 30337496.exe
Detection ratio: 31 / 67
Analysis date: 2018-03-14 03:14:43 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30398009 20180314
AegisLab Filerepmalware.Gen!c 20180314
AhnLab-V3 Trojan/Win32.Emotet.R222527 20180314
Arcabit Trojan.Generic.D1CFD639 20180314
Avast FileRepMalware 20180314
AVG FileRepMalware 20180314
Avira (no cloud) TR/Crypt.ZPACK.qtsmn 20180313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180313
BitDefender Trojan.GenericKD.30398009 20180314
Bkav HW32.Packed.56C7 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180314
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/GenKryptik.BTKD 20180314
F-Secure Trojan.GenericKD.30398009 20180314
Fortinet W32/Kryptik.GDRZ!tr 20180314
GData Trojan.GenericKD.30398009 20180314
Ikarus Win32.Outbreak 20180314
Sophos ML heuristic 20180121
Kaspersky Trojan-Banker.Win32.Emotet.aaxf 20180314
Malwarebytes Trojan.Emotet 20180314
MAX malware (ai score=94) 20180314
McAfee Artemis!91713375C2F5 20180314
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20180314
eScan Trojan.GenericKD.30398009 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180314
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Delf-GPG 20180314
TrendMicro-HouseCall Suspicious_GEN.F47V0313 20180314
Webroot W32.Trojan.Emotet 20180314
Alibaba 20180314
ALYac 20180314
Antiy-AVL 20180314
Avast-Mobile 20180313
AVware 20180314
CAT-QuickHeal 20180313
ClamAV 20180314
CMC 20180313
Comodo 20180314
Cybereason None
Cyren 20180314
DrWeb 20180314
eGambit 20180314
Emsisoft 20180313
F-Prot 20180314
Jiangmin 20180314
K7AntiVirus 20180313
K7GW 20180313
Kingsoft 20180314
Microsoft 20180314
NANO-Antivirus 20180314
nProtect 20180314
Panda 20180313
Qihoo-360 20180314
SUPERAntiSpyware 20180314
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TotalDefense 20180313
TrendMicro 20180314
Trustlook 20180314
VBA32 20180313
VIPRE 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180313
Zillya 20180313
ZoneAlarm by Check Point 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-13 16:51:41
Entry Point 0x00005000
Number of sections 5
PE sections
PE imports
AddAuditAccessAceEx
InitializeAcl
SetServiceStatus
AddFontResourceExW
GetDIBColorTable
GetNearestColor
OffsetClipRgn
GetCurrentProcess
SetCommConfig
CreateEventW
SetEvent
LocalHandle
CloseHandle
GetThreadUILanguage
GetConsoleOutputCP
GetCurrentThreadId
WaitForMultipleObjects
GetVersion
ResetEvent
VarUI4FromUI8
BSTR_UserFree
SafeArrayAllocDescriptor
SetupDiGetSelectedDevice
GetDCEx
CreatePopupMenu
DdeGetData
SetPropA
DdeCmpStringHandles
IsWindowEnabled
ToUnicode
GetShellWindow
GetWindowContextHelpId
GetClipboardSequenceNumber
GetInputState
InvalidateRect
waveInStop
SetPrinterDataExW
SCardGetStatusChangeW
ReadFmtUserTypeStg
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_BITMAP 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:13 17:51:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
13.5

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x5000

InitializedDataSize
121344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 91713375c2f5e55c238d96032e2fad16
SHA1 9a7695b5707479fec1a7206744b00925319af1eb
SHA256 2452cab73be88f26b778cf5e84dc2f07d4ecc6729d82f74ae44e21b15e93cf2d
ssdeep
3072:UweiEfjIBSD53pdXD86p0uCX7zx6sMX9ivYgzspfauKDpJAQGFBhU/:UweiEfjIBSD53pdXD86p0uCvx84vdQSf

authentihash 80a23a42a46464f60cde5819a0b3f3174dfca8adcd6f71ac0e3395dbb29ca708
imphash ba5f3617f59c5221319fbfeb4c2bf4b3
File size 131.5 KB ( 134656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-13 16:59:21 UTC ( 7 months, 1 week ago )
Last submission 2018-05-24 15:27:15 UTC ( 5 months ago )
File names providerstorage.exe
1074.exe
7733.exe
5748.exe
providerstorage.exe
spechome.exe
regdefrag.exe
5068.exe
0703.exe
taskman.exe
54703.exe
nvidiaview.exe
netaudio.exe
netaudio.exe
VirusShare_91713375c2f5e55c238d96032e2fad16
providerstorage.bak
timeproc.exe
30337496.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!