× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2705d5c9ebb5df631407c375222ad15e300b818b3cda420d1867ac0c2623068d
File name: 2705d5c9ebb5df631407c375222ad15e300b818b3cda420d1867ac0c2623068d
Detection ratio: 50 / 65
Analysis date: 2018-05-10 09:23:21 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Emotet.O 20180510
AegisLab Troj.W32.Generic!c 20180510
AhnLab-V3 Trojan/Win64.Kryptik.R208092 20180510
ALYac Trojan.Emotet.O 20180510
Antiy-AVL Trojan/Win32.Agent 20180510
Avast Win64:Malware-gen 20180510
AVG Win64:Malware-gen 20180510
Avira (no cloud) TR/Crypt.ZPACK.dmswm 20180510
AVware Trojan.Win32.Generic!BT 20180428
BitDefender Trojan.Emotet.O 20180510
CAT-QuickHeal Trojan.IGENERIC 20180510
ClamAV Win.Trojan.Emotet-6484465-0 20180510
Comodo UnclassifiedMalware 20180510
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180510
Cyren W64/Trojan.UAOL-3357 20180510
DrWeb Trojan.KillProc.53827 20180510
Emsisoft Trojan.Emotet.O (B) 20180510
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win64/Dridex.Z 20180510
F-Secure Trojan.Emotet.O 20180510
Fortinet W64/Kryptik.BHC!tr 20180510
GData Trojan.Emotet.O 20180510
Sophos ML heuristic 20180504
Jiangmin Trojan.Agent.ayks 20180510
K7AntiVirus Trojan ( 0051221c1 ) 20180510
K7GW Trojan ( 0051221c1 ) 20180510
Kaspersky HEUR:Trojan.Win32.Generic 20180510
Malwarebytes Trojan.Dridex 20180510
MAX malware (ai score=98) 20180510
McAfee Drixed-FGT!D0436A7E50F3 20180510
McAfee-GW-Edition BehavesLike.Win64.Drixed.gc 20180510
Microsoft Trojan:Win32/Cloxer.D!cl 20180510
eScan Trojan.Emotet.O 20180510
NANO-Antivirus Trojan.Win64.KillProc.ezeqzq 20180510
Palo Alto Networks (Known Signatures) generic.ml 20180510
Panda Trj/CI.A 20180509
Qihoo-360 Win32/Trojan.ae7 20180510
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180510
Symantec Trojan.Cridex 20180510
Tencent Win32.Trojan.Generic.Wnvn 20180510
TrendMicro TSPY64_HPEMOTET.SMDLL1 20180510
TrendMicro-HouseCall TSPY64_HPEMOTET.SMDLL1 20180510
VIPRE Trojan.Win32.Generic!BT 20180510
ViRobot Trojan.Win32.Z.Emotet.446464 20180510
Webroot W32.Trojan.Gen 20180510
Yandex Trojan.Agent!lc9sqQYe1vI 20180508
Zillya Trojan.Agent.Win32.818553 20180508
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180510
Alibaba 20180510
Arcabit 20180510
Avast-Mobile 20180510
Baidu 20180510
Bkav 20180509
CMC 20180510
Cybereason None
eGambit 20180510
F-Prot 20180510
Kingsoft 20180510
nProtect 20180510
Rising 20180510
SUPERAntiSpyware 20180510
Symantec Mobile Insight 20180509
TheHacker 20180509
TotalDefense 20180510
Trustlook 20180510
VBA32 20180508
Zoner 20180510
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-08-27 11:14:58
Entry Point 0x00001390
Number of sections 7
PE sections
PE imports
CloseEncryptedFileRaw
JetSetColumns
GetRegionData
SetICMProfileA
CompareFileTime
SetConsoleCtrlHandler
GetConsoleCP
lstrlenW
LCMapStringA
ExitProcess
MulDiv
ReadConsoleW
GetCurrentThreadId
HeapWalk
GetModuleHandleW
GetModuleFileNameA
GetBinaryTypeA
SetEnvironmentVariableA
DrawDibSetPalette
VarBstrFromUI2
RasGetConnectStatusW
RpcBindingInqAuthClientExW
SetupGetLineTextA
CMP_WaitNoPendingInstallEvents
DispatchMessageA
GetDlgItemTextW
GetWindowPlacement
GetUrlCacheEntryInfoExA
midiOutCacheDrumPatches
WriteClassStm
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2017:08:27 13:14:58+02:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
421888

LinkerVersion
8.0

EntryPoint
0x1390

InitializedDataSize
24576

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d0436a7e50f39e42f00eee73a9ba7be6
SHA1 c2e6fc1946def0690ede7ef4bfe4a33a635f649b
SHA256 2705d5c9ebb5df631407c375222ad15e300b818b3cda420d1867ac0c2623068d
ssdeep
6144:JpcS35b+H1jxsJKkLCEsX4LNk96B263owt8iK5xkTtEo8JP+w4FzU:Ma5b+VjgKkV6q3Ywt8JxieLxuzU

authentihash ca0a2a8b47d4f57e3850d83bea506fa0d1098f09ae73ea6f44fe31f7cf046a72
imphash 38b406340ec63afd84f45b7f6b70d259
File size 436.0 KB ( 446464 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-25 19:33:47 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-10 09:23:21 UTC ( 7 months, 1 week ago )
File names d0436a7e50f39e42f00eee73a9ba7be6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!