× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25d3280dd90e46dcc07fc40378735c8b6b08685db28a718ec065e6d6b616a4e2
File name: fe9b3163bdfd8043d3588a9ccba61d1e95d32f05
Detection ratio: 38 / 67
Analysis date: 2017-12-25 14:02:09 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12697746 20171225
AhnLab-V3 Trojan/Win32.Emotet.R216444 20171225
ALYac Trojan.GenericKD.12697746 20171225
Arcabit Trojan.Generic.DC1C092 20171225
Avast FileRepMetagen [Malware] 20171225
AVG FileRepMetagen [Malware] 20171225
Avira (no cloud) TR/Crypt.Xpack.osraz 20171225
AVware Trojan.Win32.Generic!BT 20171225
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Trojan.GenericKD.12697746 20171225
Comodo Heur.Packed.Unknown 20171225
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.f50d26 20171103
Cylance Unsafe 20171225
Cyren W32/Trojan.LIYB-6299 20171225
Emsisoft Trojan.GenericKD.12697746 (B) 20171225
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.KDCAZNX 20171225
F-Secure Trojan.GenericKD.12697746 20171225
Fortinet W32/GenKryptik.AZUE!tr 20171225
GData Trojan.GenericKD.12697746 20171225
Ikarus Trojan.Win32.Dovs 20171225
Sophos ML heuristic 20170914
K7GW Trojan ( 005219421 ) 20171225
Kaspersky Trojan.Win32.Dovs.eky 20171225
Malwarebytes Trojan.Emotet 20171225
McAfee Artemis!CEFE78549A36 20171225
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171225
eScan Trojan.GenericKD.12697746 20171225
Palo Alto Networks (Known Signatures) generic.ml 20171225
Panda Trj/RnkBend.A 20171225
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Generic-S 20171225
Tencent Suspicious.Heuristic.Gen.b.0 20171225
TrendMicro-HouseCall TROJ_GEN.R038C0OLP17 20171225
VIPRE Trojan.Win32.Generic!BT 20171225
Webroot W32.Trojan.Emotet 20171225
ZoneAlarm by Check Point Trojan.Win32.Dovs.eky 20171225
AegisLab 20171225
Alibaba 20171225
Avast-Mobile 20171224
Bkav 20171225
CAT-QuickHeal 20171223
ClamAV 20171225
CMC 20171225
DrWeb 20171225
eGambit 20171225
F-Prot 20171225
Jiangmin 20171221
K7AntiVirus 20171225
Kingsoft 20171225
MAX 20171225
Microsoft 20171225
NANO-Antivirus 20171225
nProtect 20171225
Qihoo-360 20171225
Rising 20171225
SUPERAntiSpyware 20171225
Symantec 20171224
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171225
TrendMicro 20171225
Trustlook 20171225
VBA32 20171222
ViRobot 20171225
WhiteArmor 20171204
Yandex 20171222
Zillya 20171225
Zoner 20171225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-24 01:42:32
Entry Point 0x00001BA0
Number of sections 7
PE sections
PE imports
FrameRgn
FlattenPath
GetRasterizerCaps
lstrcmpA
WTSGetActiveConsoleSessionId
FindNextFileA
CreateSymbolicLinkA
FlsFree
GetNumaNodeProcessorMask
GetCursor
GetOpenClipboardWindow
DialogBoxParamW
EnumThreadWindows
VerInstallFileA
WSASetLastError
GetStandardColorSpaceProfileW
Ord(29)
ungetwc
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:24 02:42:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
0.1

EntryPoint
0x1ba0

InitializedDataSize
99328

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 cefe78549a364be80d1a9951e961a7e9
SHA1 4c37a7ff50d2685945b0cc3c817b89e478f91476
SHA256 25d3280dd90e46dcc07fc40378735c8b6b08685db28a718ec065e6d6b616a4e2
ssdeep
1536:LpKOyaHzo1LG7gw+zt9V91/ai6+CulwgrV3UR2xl/Jr4hi:LQa0dG1+ztr9Az+CulwkICl/q

authentihash 83039debe2b2a076721745b4c9860117d55b92cfb882cd4b428d14e4f1d9f5b0
imphash ff5bdb291318c35f36677c20e0650d7a
File size 113.0 KB ( 115712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-23 16:58:46 UTC ( 12 months ago )
Last submission 2017-12-27 15:20:54 UTC ( 11 months, 3 weeks ago )
File names zidaT.exe
fe9b3163bdfd8043d3588a9ccba61d1e95d32f05
49527.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!