× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 285657d349eca9fe3ef550bbecee84176e9cae549fed2efb5994d92611478b9c
File name: 285657d349eca9fe3ef550bbecee84176e9cae549fed2efb5994d92611478b9c
Detection ratio: 36 / 68
Analysis date: 2018-08-19 07:46:29 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40410098 20180819
Arcabit Trojan.Generic.D2689BF2 20180819
Avast FileRepMetagen [Malware] 20180819
AVG FileRepMetagen [Malware] 20180819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180818
BitDefender Trojan.GenericKD.40410098 20180819
CAT-QuickHeal Trojan.Drixed.100454 20180818
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.262b65 20180225
Cylance Unsafe 20180819
Emsisoft Trojan.GenericKD.40410098 (B) 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CIMY 20180819
F-Secure Trojan.GenericKD.40410098 20180819
Fortinet W32/Kryptik.GJBH!tr 20180819
GData Gen:Variant.Razy.379652 20180819
Ikarus Trojan.Win32.Krypt 20180818
Sophos ML heuristic 20180717
Jiangmin Trojan/Inject.awre 20180819
K7GW Hacktool ( 700007861 ) 20180819
Kaspersky Trojan-Banker.Win32.Emotet.bazk 20180819
Malwarebytes Trojan.Emotet 20180819
MAX malware (ai score=86) 20180819
McAfee GenericRXGH-PK!B1BC10856970 20180819
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20180819
Microsoft Trojan:Win32/Emotet.AC!bit 20180819
eScan Trojan.GenericKD.40410098 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Qihoo-360 Win32/Trojan.fd6 20180819
Rising Trojan.Kryptik!8.8 (CLOUD) 20180819
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180818
Tencent Win32.Trojan-banker.Emotet.Pezk 20180819
TrendMicro-HouseCall Suspicious_GEN.F47V0818 20180819
VBA32 BScope.TrojanBanker.Emotet 20180817
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bazk 20180819
AegisLab 20180819
AhnLab-V3 20180818
Alibaba 20180713
ALYac 20180819
Antiy-AVL 20180819
Avast-Mobile 20180819
Avira (no cloud) 20180818
AVware 20180819
Babable 20180725
Bkav 20180817
ClamAV 20180819
CMC 20180817
Comodo 20180819
Cyren 20180819
DrWeb 20180819
eGambit 20180819
F-Prot 20180819
K7AntiVirus 20180819
Kingsoft 20180819
NANO-Antivirus 20180819
Panda 20180818
Sophos AV 20180819
SUPERAntiSpyware 20180819
Symantec Mobile Insight 20180814
TACHYON 20180819
TheHacker 20180818
TotalDefense 20180818
TrendMicro 20180819
Trustlook 20180819
VIPRE 20180819
ViRobot 20180818
Webroot 20180819
Yandex 20180818
Zillya 20180817
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation.

Product Microsoft® Windows® Operating S
Internal name hrtEW@!@!@rl;
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-18 09:30:46
Entry Point 0x00022D09
Number of sections 5
PE sections
PE imports
IsValidSid
RegDeleteValueW
GetSecurityDescriptorControl
IsWellKnownSid
CreateWellKnownSid
ImageList_Create
PrintDlgExW
CertDuplicateCRLContext
CryptSIPRemoveSignedDataMsg
CryptInstallOIDFunctionAddress
CryptSignAndEncodeCertificate
CertSetEnhancedKeyUsage
GetMetaFileBitsEx
GetArcDirection
CopyMetaFileW
ScaleWindowExtEx
UnrealizeObject
GetDIBits
Ellipse
ImmDestroyContext
SetFileAttributesA
FindAtomW
GetTimeZoneInformation
DeleteFiber
GetModuleHandleA
GetNamedPipeInfo
EraseTape
GetCurrentDirectoryA
GetTempPathW
FlsGetValue
GetStringTypeExA
FlsFree
SleepEx
DsGetDomainControllerInfoW
VarUI1FromStr
RasGetSubEntryPropertiesA
RasSetAutodialParamA
NdrCorrelationInitialize
I_RpcMapWin32Status
CM_Get_DevNode_Custom_PropertyW
SetupDiCancelDriverInfoSearch
CM_Open_DevNode_Key
SetupDiGetDeviceRegistryPropertyW
DuplicateIcon
SHAppBarMessage
DragFinish
SHGetFolderPathA
PathFindSuffixArrayW
SHDeleteValueA
GetWindowThreadProcessId
wsprintfA
GetClassNameW
SendMessageW
DeferWindowPos
DlgDirSelectComboBoxExW
ScrollWindow
MonitorFromWindow
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersW
CryptCATAdminReleaseContext
SCardIntroduceCardTypeA
strncmp
CoWaitForMultipleHandles
RevokeBindStatusCallback
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
29184

EntryPoint
0x22d09

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation.

TimeStamp
2018:08:18 10:30:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrtEW@!@!@rl;

ProductVersion
666.1.2.4

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
147968

ProductName
Microsoft Windows Operating S

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b1bc10856970788775543d5913cf0c84
SHA1 b638a84262b652956f53f7ccd636cb9a8ffefaf7
SHA256 285657d349eca9fe3ef550bbecee84176e9cae549fed2efb5994d92611478b9c
ssdeep
3072:IpH4SrI0TpHtHMWhX0V80eH2M/qyFx/9:EX1ptHVhXaneH2Myy

authentihash 2e4464e4243a363f6742c45daa83b574b5e696329720f47b8e44fdd3581c239c
imphash 07af240c66ee693f30ab07a6a5bb5321
File size 174.0 KB ( 178176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-18 07:11:31 UTC ( 6 months, 1 week ago )
Last submission 2018-08-19 07:46:29 UTC ( 6 months, 1 week ago )
File names 31516528.EXE
hrtEW@!@!@rl;
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!