| SHA256: | 27075cbcb2ad6543172cd7f4baebc58e7dce91f2b005612907accd61ab55d6ef |
| File name: | QJ6BFO.EXE |
| Detection ratio: | 46 / 69 |
| Analysis date: | 2018-12-07 05:42:47 UTC ( 2 months, 2 weeks ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.GenericKD.40715600 | 20181207 |
| AhnLab-V3 | Spyware/Win32.Emotet.C2818300 | 20181207 |
| ALYac | Trojan.Agent.Emotet | 20181207 |
| Antiy-AVL | Trojan[Banker]/Win32.Emotet | 20181207 |
| Arcabit | Trojan.Generic.D26D4550 | 20181207 |
| Avast | Win32:Malware-gen | 20181207 |
| AVG | Win32:Malware-gen | 20181207 |
| Avira (no cloud) | TR/AD.Emotet.wsjlu | 20181206 |
| BitDefender | Trojan.GenericKD.40715600 | 20181207 |
| CAT-QuickHeal | Trojan.Emotet.X4 | 20181206 |
| ClamAV | Win.Trojan.Emotet-6707392-0 | 20181207 |
| Comodo | Malware@#r8nuomfgzz88 | 20181207 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (W) | 20181022 |
| Cylance | Unsafe | 20181207 |
| Cyren | W32/Trojan.EWSI-6893 | 20181207 |
| Emsisoft | Trojan.GenericKD.40715600 (B) | 20181207 |
| Endgame | malicious (high confidence) | 20181108 |
| ESET-NOD32 | a variant of Win32/Kryptik.GMKF | 20181207 |
| F-Secure | Trojan.GenericKD.40715600 | 20181206 |
| Fortinet | W32/Kryptik.GMKF!tr | 20181207 |
| GData | Trojan.GenericKD.40715600 | 20181206 |
| Ikarus | Trojan-Banker.Emotet | 20181206 |
| Sophos ML | heuristic | 20181128 |
| K7AntiVirus | Trojan ( 0053c2ba1 ) | 20181207 |
| K7GW | Trojan ( 0053c2ba1 ) | 20181207 |
| Kaspersky | Trojan-Banker.Win32.Emotet.bodu | 20181207 |
| Malwarebytes | Trojan.Emotet | 20181207 |
| McAfee | RDN/Generic.grp | 20181207 |
| McAfee-GW-Edition | RDN/Generic.grp | 20181207 |
| Microsoft | Trojan:Win32/Emotet | 20181207 |
| eScan | Trojan.GenericKD.40715600 | 20181207 |
| Palo Alto Networks (Known Signatures) | generic.ml | 20181207 |
| Panda | Trj/GdSda.A | 20181206 |
| Qihoo-360 | Win32/Trojan.5ae | 20181207 |
| Rising | Trojan.Kryptik!1.B4A3 (CLOUD) | 20181207 |
| SentinelOne (Static ML) | static engine - malicious | 20181011 |
| Sophos AV | Mal/EncPk-ANY | 20181207 |
| Symantec | Trojan.Gen.2 | 20181207 |
| Tencent | Win32.Trojan-banker.Emotet.Hwwh | 20181207 |
| Trapmine | malicious.moderate.ml.score | 20181205 |
| TrendMicro | TSPY_EMOTET.THAAOGAH | 20181207 |
| TrendMicro-HouseCall | TSPY_EMOTET.THAAOGAH | 20181207 |
| VBA32 | BScope.Trojan.Refinka | 20181206 |
| Webroot | W32.Trojan.Emotet | 20181207 |
| Zillya | Trojan.Emotet.Win32.7256 | 20181206 |
| ZoneAlarm by Check Point | Trojan-Banker.Win32.Emotet.bodu | 20181207 |
| AegisLab | 20181207 | |
| Alibaba | 20180921 | |
| Avast-Mobile | 20181206 | |
| Babable | 20180918 | |
| Baidu | 20181206 | |
| Bkav | 20181206 | |
| CMC | 20181206 | |
| Cybereason | 20180225 | |
| DrWeb | 20181207 | |
| eGambit | 20181207 | |
| F-Prot | 20181207 | |
| Jiangmin | 20181206 | |
| Kingsoft | 20181207 | |
| MAX | 20181207 | |
| NANO-Antivirus | 20181207 | |
| SUPERAntiSpyware | 20181205 | |
| Symantec Mobile Insight | 20181204 | |
| TACHYON | 20181207 | |
| TheHacker | 20181202 | |
| TotalDefense | 20181206 | |
| Trustlook | 20181207 | |
| ViRobot | 20181207 | |
| Yandex | 20181204 | |
| Zoner | 20181207 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005 CACE Technologies. Copyright © 2003-2005 NetGroup, Politecnico di Torino.
Product WinPcap low level NetMon wrapper library
Original name WanPacket.dll
Internal name WanPacket
File version 3, 1, 0, 27
Description WanPacket
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-06 13:15:18
Entry Point 0x000931FF
Number of sections 4
PE sections
PE imports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0
LinkerVersion
12.0
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
3.1.0.27
LanguageCode
Neutral
FileFlagsMask
0x003f
FileDescription
WanPacket
ImageFileCharacteristics
No relocs, Executable, 32-bit
CharacterSet
Unicode
InitializedDataSize
73728
EntryPoint
0x931ff
OriginalFileName
WanPacket.dll
MIMEType
application/octet-stream
LegalCopyright
Copyright 2005 CACE Technologies. Copyright 2003-2005 NetGroup, Politecnico di Torino.
FileVersion
3, 1, 0, 27
TimeStamp
2018:11:06 14:15:18+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
WanPacket
ProductVersion
3, 1, 0, 27
SubsystemVersion
5.0
OSVersion
5.0
FileOS
Windows NT 32-bit
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
CACE Technologies
CodeSize
606208
ProductName
WinPcap low level NetMon wrapper library
ProductVersionNumber
3.1.0.27
FileTypeExtension
exe
ObjectFileType
Dynamic link library
File identification
MD5 9f73d0a76c68911decc80256aed66c3c
SHA1 57c79a47a810a097dac315bd9d6d7f8a066dc6af
SHA256 27075cbcb2ad6543172cd7f4baebc58e7dce91f2b005612907accd61ab55d6ef
ssdeep
3072:PLTbK1zkHsKazKc/ZccurNQUSgyQ08oyK/bXfELFm6V3KxPmy1kkp4ZJ5qvpm:jKa08oP+mPxuy1ke4zIh
File size
660.0 KB ( 675840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Dynamic Link Library (generic) (34.2%) Win32 Executable (generic) (23.4%) Win16/32 Executable Delphi generic (10.7%) OS/2 Executable (generic) (10.5%) Generic Win/DOS Executable (10.4%) |
Tags
peexe
VirusTotal metadata
First submission
2018-11-06 13:18:16 UTC ( 3 months, 2 weeks ago )
Last submission
2018-11-16 19:00:15 UTC ( 3 months, 1 week ago )
| File names |
WanPacket.dll uRRmSqhV2KQCOdZz.exe C94AC922.exe QJ6BFO.EXE 4JPXLTBGZKPAWQ6E.EXE 7ZSOOUYDVCN4D.EXE WanPacket dynamicattrib.exe 1OAQCCZ4MY.EXE |
Advanced heuristic and reputation engines
F-Secure Deepguard
Suspicious:W32/Malware!Online
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!