× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a36ceeb42092c4c23a64d0ff04e63eee7bfae3476b4594810317e1a8dd67ae8
File name: emotet_e1_2a36ceeb42092c4c23a64d0ff04e63eee7bfae3476b4594810317e1...
Detection ratio: 44 / 68
Analysis date: 2019-02-26 03:35:51 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Ransom.Xdata.11 20190226
AegisLab Trojan.Win32.Xdata.4!c 20190226
AhnLab-V3 Trojan/Win32.Emotet.R256597 20190225
ALYac Gen:Variant.Ransom.Xdata.11 20190226
Arcabit Trojan.Ransom.Xdata.11 20190226
Avast Win32:BankerX-gen [Trj] 20190226
AVG Win32:BankerX-gen [Trj] 20190226
Avira (no cloud) TR/Crypt.Agent.nyoxx 20190226
BitDefender Gen:Variant.Ransom.Xdata.11 20190226
ClamAV Win.Trojan.Emotet-6867663-0 20190225
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.b69dc6 20190109
Cylance Unsafe 20190226
eGambit Unsafe.AI_Score_53% 20190226
Emsisoft Gen:Variant.Ransom.Xdata.11 (B) 20190226
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQBJ 20190226
Fortinet W32/Kryptik.GQBJ!tr 20190226
GData Gen:Variant.Ransom.Xdata.11 20190226
Ikarus Trojan.Win32.Crypt 20190225
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005485311 ) 20190225
K7GW Trojan ( 005485311 ) 20190225
Kaspersky Trojan-Banker.Win32.Emotet.chzk 20190226
Malwarebytes Trojan.Emotet 20190226
MAX malware (ai score=87) 20190226
McAfee RDN/Generic.grp 20190226
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190225
Microsoft Trojan:Win32/Skeeyah.A!rfn 20190226
eScan Gen:Variant.Ransom.Xdata.11 20190226
Palo Alto Networks (Known Signatures) generic.ml 20190226
Panda Trj/GdSda.A 20190225
Qihoo-360 HEUR/QVM20.1.7A4D.Malware.Gen 20190226
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgOYVk/hhBS1yA) 20190226
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190225
Symantec Packed.Generic.517 20190225
Tencent Win32.Trojan-banker.Emotet.Edet 20190226
TrendMicro TROJ_GEN.R049C0OBP19 20190226
TrendMicro-HouseCall TROJ_GEN.R049C0OBP19 20190226
VBA32 BScope.Malware-Cryptor.Emotet 20190225
Webroot W32.Trojan.Emotet 20190226
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.chzk 20190226
Alibaba 20180921
Antiy-AVL 20190226
Avast-Mobile 20190225
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190225
CMC 20190225
Comodo 20190226
Cyren 20190226
DrWeb 20190226
F-Secure 20190226
Jiangmin 20190226
Kingsoft 20190226
NANO-Antivirus 20190226
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190226
TheHacker 20190225
TotalDefense 20190225
Trapmine 20190123
Trustlook 20190226
ViRobot 20190225
Yandex 20190225
Zillya 20190225
Zoner 20190226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name IEDKCS32.DLL
Internal name IEDKCS32
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft Internet Explorer Customization DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-24 01:00:38
Entry Point 0x00002E0F
Number of sections 5
PE sections
PE imports
SetThreadToken
JetRetrieveColumn
OpenFile
SetProcessWorkingSetSize
FreeLibraryAndExitThread
IsValidLocaleName
GetProfileSectionW
GetCommandLineW
SetEvent
GetVolumePathNameW
CloseHandle
GetCommState
GetLocalTime
VarCyFromR8
VarCyFromI1
VarCyCmpR8
RasGetAutodialAddressA
SHAutoComplete
InsertMenuA
GetListBoxInfo
GetOpenClipboardWindow
ShowWindowAsync
SendInput
GetDesktopWindow
GetWindowInfo
GetMenuContextHelpId
OpenClipboard
mixerGetDevCapsW
DeletePrinterDriverExW
Number of PE resources by type
RT_STRING 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
16.0.2900.2180

UninitializedDataSize
131072

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
IEDKCS32.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2019:02:24 02:00:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEDKCS32

ProductVersion
6.00.2900.2180

FileDescription
Microsoft Internet Explorer Customization DLL

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
0

ProductVersionNumber
6.0.2900.2180

EntryPoint
0x2e0f

ObjectFileType
Dynamic link library

File identification
MD5 1ed78d5b69dc6a2152cb0b0b49f05aad
SHA1 852e131f9593120f681293b1550e86b9e0e7f24f
SHA256 2a36ceeb42092c4c23a64d0ff04e63eee7bfae3476b4594810317e1a8dd67ae8
ssdeep
3072:A1Tj1Zhnrd4uzz1hvof8F/uF6KQjr3qUBxDCSVmOqA:A1nzfAImzQ6UPDCq

authentihash a9cd16e95d1b7961743a9d1b57718b2a38995f14e48db44960395ae94c654d0d
imphash f683ab10bc02f68221ec9f3e002b4fe9
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-23 17:06:20 UTC ( 1 month, 4 weeks ago )
Last submission 2019-02-26 03:35:51 UTC ( 1 month, 3 weeks ago )
File names IEDKCS32
emotet_e1_2a36ceeb42092c4c23a64d0ff04e63eee7bfae3476b4594810317e1a8dd67ae8_2019-02-23__171003.exe_
IEDKCS32.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!