× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 254066aca4e5234cdcd399a96b2a111f78f0e013476d12b3aba8b1335d8f0fee
File name: 254066aca4e5234cdcd399a96b2a111f78f0e013476d12b3aba8b1335d8f0fee
Detection ratio: 38 / 65
Analysis date: 2019-03-14 14:38:39 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Agent.DRJQ 20190314
AhnLab-V3 Trojan/Win32.Emotet.R258572 20190314
ALYac Trojan.Agent.DRJQ 20190314
Arcabit Trojan.Agent.DRJQ 20190314
Avast Win32:BankerX-gen [Trj] 20190314
AVG Win32:BankerX-gen [Trj] 20190314
Avira (no cloud) TR/Crypt.Agent.tqriu 20190314
BitDefender Trojan.Agent.DRJQ 20190314
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cyren W32/Filecoder.G.gen!Eldorado 20190314
DrWeb Trojan.Siggen8.15821 20190314
Emsisoft Trojan.Emotet (A) 20190314
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQUQ 20190314
Fortinet W32/Emotet.GQUQ!tr 20190314
GData Trojan.Agent.DRJQ 20190314
Ikarus Trojan-Banker.Emotet 20190314
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 00549b621 ) 20190314
K7GW Trojan ( 00549b621 ) 20190314
Kaspersky not-a-virus:HEUR:Downloader.Win32.Generic 20190314
Malwarebytes Trojan.Emotet 20190314
MAX malware (ai score=93) 20190314
McAfee Emotet-FMI!8D49E1F6E39F 20190314
McAfee-GW-Edition Artemis!Trojan 20190314
Microsoft Trojan:Win32/Emotet!rfn 20190314
eScan Trojan.Agent.DRJQ 20190314
Palo Alto Networks (Known Signatures) generic.ml 20190314
Panda Trj/GdSda.A 20190314
Qihoo-360 Win32/Virus.Downloader.c27 20190314
Rising Trojan.Azden!8.F0E3 (TFE:2:Np065QMh2MH) 20190314
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190314
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TROJ_GEN.R020H0DCD19 20190314
VBA32 BScope.TrojanBanker.Chthonic 20190314
ZoneAlarm by Check Point not-a-virus:HEUR:Downloader.Win32.Generic 20190314
AegisLab 20190314
Alibaba 20190306
Antiy-AVL 20190314
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
Bkav 20190314
CAT-QuickHeal 20190314
ClamAV 20190314
CMC 20190314
Comodo 20190314
Cybereason 20190109
eGambit 20190314
F-Secure 20190314
Jiangmin 20190314
Kingsoft 20190314
NANO-Antivirus 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190314
Tencent 20190314
TheHacker 20190308
TotalDefense 20190314
Trustlook 20190314
ViRobot 20190314
Yandex 20190314
Zillya 20190313
Zoner 20190314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Information Services
Original name InetMgr.exe
Internal name InetMgr.exe
File version 7.5.7600.16385 (win7_rtm.090713-1255)
Description IIS Manager
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:21 AM 4/7/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-13 02:33:03
Entry Point 0x000010C0
Number of sections 4
PE sections
Overlays
MD5 6c9c374fcd4d8d29595df02a09ac1620
File type data
Offset 308736
Size 3336
Entropy 7.34
PE imports
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
OpenThreadToken
RegSetValueExA
EqualSid
AllocateAndInitializeSid
RegCreateKeyExA
RegQueryValueExW
GdiFixUpHandle
SetGraphicsMode
PolyPolyline
SetBitmapBits
SetColorSpace
STROBJ_dwGetCodePage
GetObjectType
XLATEOBJ_piVector
GdiRealizationInfo
GdiSetPixelFormat
SetLayout
SetPixel
GetRegionData
CreateDCW
GdiConvertBitmapV5
CreatePatternBrush
SetAbortProc
GetTextFaceW
EnumObjects
RectVisible
bInitSystemAndFontsDirectoriesW
GetTextAlign
StretchDIBits
GdiSwapBuffers
EngDeletePalette
GetClipRgn
PolyTextOutA
GdiEntry4
GdiStartDocEMF
ResetDCA
GetGlyphIndicesW
EnumICMProfilesW
GdiEntry6
UpdateICMRegKeyW
BeginPath
GetTextCharacterExtra
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetStdHandle
GetConsoleOutputCP
EncodePointer
DeleteCriticalSection
GetCurrentProcess
BuildCommDCBAndTimeoutsW
GetConsoleMode
_llseek
FreeEnvironmentStringsW
lstrcatW
HeapSize
SetStdHandle
WideCharToMultiByte
GetSystemTimeAsFileTime
WriteFile
SwitchToFiber
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
OutputDebugStringW
InterlockedDecrement
SetFileAttributesW
SetLastError
TlsGetValue
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetCalendarInfoW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
GetMailslotInfo
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
SetProcessPriorityBoost
GetStartupInfoW
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
GetModuleFileNameW
lstrcmpW
WaitForMultipleObjects
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
lstrlenW
SwitchToThread
SizeofResource
GetCurrentProcessId
GetConsoleTitleW
GetCommandLineW
GetCPInfo
GetAtomNameW
SetThreadAffinityMask
lstrcpynW
Heap32ListNext
TlsFree
GetModuleHandleA
Module32NextW
ReadConsoleOutputCharacterW
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
Sleep
IsBadCodePtr
VirtualAlloc
SHFormatDrive
CheckEscapesW
SHGetDataFromIDListW
SHCreateDirectoryExW
SHBindToParent
DoEnvironmentSubstA
ShellExecuteW
SHGetSettings
SHGetFolderPathW
SHGetInstanceExplorer
FindExecutableW
ShellExecuteExW
SHFreeNameMappings
SHGetSpecialFolderPathW
SHGetFolderLocation
SHFileOperationA
StrChrW
StrChrA
StrChrIW
IMPQueryIMEW
RegisterWindowMessageW
GetForegroundWindow
IsCharAlphaNumericW
SetClassLongW
SetFocus
FindWindowW
KillTimer
DestroyMenu
TranslateAcceleratorW
SetShellWindow
GetWindowThreadProcessId
EnumDisplayMonitors
GetSystemMetrics
MessageBoxW
SendMessageW
OpenIcon
ReleaseCapture
WindowFromPoint
CascadeChildWindows
ChildWindowFromPoint
PostMessageW
CopyImage
ChildWindowFromPointEx
GetDoubleClickTime
CloseWindow
GetListBoxInfo
SetCursor
RegisterClassW
wsprintfW
WindowFromDC
DdeGetLastError
CreateWindowStationW
CloseWindowStation
CreateMenu
GetMenuStringA
GetMenuItemInfoW
CloseDesktop
IsMenu
GetFocus
CreateWindowExW
LoadAcceleratorsW
GetActiveWindow
GetUpdateRect
GetGUIThreadInfo
UnregisterClassA
CharNextW
IsChild
IsDialogMessageA
DestroyWindow
OleUninitialize
OleInitialize
Number of PE resources by type
RT_ICON 13
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.5.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
IIS Manager

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
282112

EntryPoint
0x10c0

OriginalFileName
InetMgr.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
7.5.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:13 03:33:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
InetMgr.exe

ProductVersion
7.5.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
25600

ProductName
Internet Information Services

ProductVersionNumber
7.5.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8d49e1f6e39f4f003819f518e92c7a71
SHA1 1c5dae0625b93d7c8fe304c4680a75d726e7deb6
SHA256 254066aca4e5234cdcd399a96b2a111f78f0e013476d12b3aba8b1335d8f0fee
ssdeep
6144:ZJv5LtKSUTtvh2VuL6g8+fGKVMc3+toJFihLt3A+V:dSTVAuL6gvfG+dJFihLt3A+V

authentihash d276d2053d337a76cd5c425e400144273dc31e285c16f1570397af42a2b268cd
imphash 9e632bd54377cdb3af0b7bc17cafc76b
File size 304.8 KB ( 312072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-13 02:39:05 UTC ( 1 month ago )
Last submission 2019-03-13 02:39:05 UTC ( 1 month ago )
File names InetMgr.exe
hY10foSt985.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections