Antivirus scan for 2792aa2d7301151a555409788f5cbb914533a7ea2f8d8310f62f5ea9dce0e12d at 2019-01-18 17:12:05 UTC

Antivirus	Result	Update
Acronis	suspicious	20190118
Avast	FileRepMalware	20190118
AVG	FileRepMalware	20190118
Bkav	HW32.Packed.	20190118
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20181023
Cylance	Unsafe	20190118
Endgame	malicious (high confidence)	20181108
ESET-NOD32	a variant of Win32/GenKryptik.CWXL	20190118
Sophos ML	heuristic	20181128
McAfee-GW-Edition	BehavesLike.Win32.Nymaim.ch	20190118
Microsoft	Trojan:Win32/Fuerboos.A!cl	20190118
Qihoo-360	HEUR/QVM20.1.A229.Malware.Gen	20190118
Rising	Trojan.Crypto!8.364/N3#83% (RDM+:cmRtazqbLbiKTvTBk7kIfCMhC7V8)	20190118
SentinelOne (Static ML)	static engine - malicious	20190118
Symantec	ML.Attribute.HighConfidence	20190118
Trapmine	malicious.moderate.ml.score	20190103
VBA32	BScope.Malware-Cryptor.Emotet	20190118
Webroot	W32.Trojan.Emotet	20190118
Ad-Aware		20190118
AegisLab		20190118
AhnLab-V3		20190118
Alibaba		20180921
ALYac		20190118
Antiy-AVL		20190118
Arcabit		20190118
Avast-Mobile		20190118
Avira (no cloud)		20190118
Babable		20180918
Baidu		20190118
BitDefender		20190118
CAT-QuickHeal		20190118
ClamAV		20190118
CMC		20190118
Comodo		20190118
Cybereason		20190109
Cyren		20190118
DrWeb		20190118
eGambit		20190118
Emsisoft		20190118
F-Prot		20190118
F-Secure		20190118
Fortinet		20190118
GData		20190118
Ikarus		20190118
Jiangmin		20190118
K7AntiVirus		20190118
K7GW		20190118
Kaspersky		20190118
Kingsoft		20190118
Malwarebytes		20190118
MAX		20190118
McAfee		20190118
eScan		20190118
NANO-Antivirus		20190118
Palo Alto Networks (Known Signatures)		20190118
Panda		20190118
Sophos AV		20190118
SUPERAntiSpyware		20190116
TACHYON		20190118
Tencent		20190118
TheHacker		20190118
TotalDefense		20190118
TrendMicro		20190118
TrendMicro-HouseCall		20190118
Trustlook		20190118
VIPRE		20190118
ViRobot		20190118
Yandex		20190118
Zillya		20190118
ZoneAlarm by Check Point		20190118
Zoner		20190118

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1994-07-09 09:45:28

Entry Point 0x00003880

Number of sections 10

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 11140 12288 6.22 bd0f80d15091ab65d79c3dc50268d004

.rdata 16384 1574 4096 2.42 61c27343f35de93348b330145ac499c5

.data 20480 8544 4096 1.28 ea6949242349f412c57e76b2141860d4

.qdata 32768 182 4096 0.53 e30fb13d53e7e73c54736a5a9892f1fd

.code 36864 18804 20480 7.44 db902ff32f990a5f023297e6787d03df

.crt 57344 49045 49152 7.92 42afe886b97b0772eee1e1b913cf893a

.ida 106496 17403 20480 7.23 758e69bcf69ed7100f58d49064a459a6

.crt1 126976 20224 20480 7.89 06ea4050c2287cb328e21e812b948e51

.rsrc 147456 6120 8192 2.83 9e8d1ced764971a9e823640376cae7f1

.reloc 155648 440 4096 1.04 12662695b04780a3fe170be41901abb3

PE imports

Number of PE resources by type

RT_DIALOG 7

Number of PE resources by language

ENGLISH US 7

PE resources

06799ef271eb95801eee3d603673ed73562ee7db5cf029c5b315b8b5d0e00fa7 data

334aec895e44f03ce7c1fef9da813753110db5cb8e4478b087ff90dc079df9f3 data

7356d043b41fb8738874b1e1ce60c7b72d5f9acc237dac647829256b2a862a30 data

a6c0a3c69beaa971d36bc1ce1371346a3fac98e41e7fd59b38d137e65294607a data

d66b75108526af2578bd0410e6578e5508d53400ff02acb4d4e98e9e9ec18191 data

db0bdd35f08ef74fe1f648eb6959de6275ed185fccb8e7f6351067f57bffb42d data

dce9abd4e17c4691ca1fa3f8599e5615f484d5c821f80fb993f15e1e504332ab data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_MISC (4) Fri Jan 18 17:01:13 2019 17300 43 Bytes

12 (12) Fri Jan 18 17:01:13 2019 17404 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

1994:07:09 11:45:28+02:00

FileType

Win32 EXE

PEType

PE32

CodeSize

12288

LinkerVersion

10.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x3880

InitializedDataSize

143360

SubsystemVersion

6.1

ImageVersion

0.0

OSVersion

6.0

UninitializedDataSize

File identification

MD5 efa9e047c8cc2ffab14d5a4e413a63b5

SHA1 94245ad9bba0915fdeeb6e19af5bab851ed21dcc

SHA256 2792aa2d7301151a555409788f5cbb914533a7ea2f8d8310f62f5ea9dce0e12d

ssdeep

3072:W1KdK2EyOkRZIqeEp6CqOZhrnvVGBubetbVCpgOF+4C:AmK27mECg9nvwBnt

authentihash 1133ce1f2bfaf846bdce8b858f5f67549d9d2478ff13ff34afc46139f3193b81

imphash 7bb48f443d98d44dae4a576b8cd261a4

File size 148.0 KB ( 151552 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2019-01-18 17:11:34 UTC ( 1 month ago )

Last submission 2019-01-19 22:59:34 UTC ( 4 weeks, 1 day ago )

File names

8XAka0szm6hDHx2YHYU.exe
04LqmT_x_m.exe
39_gh4OTI.exe
OHiwX9_PjtjuU.exe
NMDFdyGN_Dvy.exe
EZI612_vUw7mN_QNqBdPyX.exe
9So_3l.exe
204.exe
otuDr_lHZOyS.exe
eXAQh_1.exe
JgIW9HTn_0haa04n4_z4rVAQ.exe
xu5x_X98Dw.exe
Nuk0Bb_ue4Ho9nnT_2Ts4.exe
nTKfr7Lr_vnL3.exe

Advanced heuristic and reputation engines

F-Secure Deepguard Suspicious:W32/Malware!Online

SHA256:	2792aa2d7301151a555409788f5cbb914533a7ea2f8d8310f62f5ea9dce0e12d
File name:	8XAka0szm6hDHx2YHYU.exe
Detection ratio:	18 / 71
Analysis date:	2019-01-18 17:12:05 UTC ( 1 month ago ) View latest

Ciphered bundle