× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a5926fb2c08e0180e74c4e0df617a9bc9a39d2a9d6e6f91201125423e5ab9f5
File name: XdFpVLS7qAVn6N2Ws.exe
Detection ratio: 36 / 66
Analysis date: 2018-11-12 06:31:10 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40744227 20181112
AegisLab Trojan.Win32.Generic.4!c 20181112
ALYac Trojan.GenericKD.40744227 20181112
Arcabit Trojan.Generic.D26DB523 20181112
Avast Win32:BankerX-gen [Trj] 20181112
AVG Win32:BankerX-gen [Trj] 20181112
BitDefender Trojan.GenericKD.40744227 20181112
Bkav HW32.Packed. 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.e41ead 20180225
Cylance Unsafe 20181112
Cyren W32/Trojan.UFNL-6794 20181112
Emsisoft Trojan.GenericKD.40744227 (B) 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQOV 20181112
F-Secure Trojan.GenericKD.40744227 20181112
Fortinet W32/GenKryptik.CQOV!tr 20181112
GData Trojan.GenericKD.40744227 20181112
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053b6a31 ) 20181112
K7GW Trojan ( 0053b6a31 ) 20181109
Kaspersky Trojan-Banker.Win32.Emotet.bpka 20181112
Malwarebytes Trojan.Emotet 20181112
MAX malware (ai score=100) 20181112
McAfee GenericRXGO-VQ!97CA157BFA5C 20181112
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181112
Microsoft Trojan:Win32/Emotet.AC!bit 20181112
eScan Trojan.GenericKD.40744227 20181112
Palo Alto Networks (Known Signatures) generic.ml 20181112
Panda Trj/CI.A 20181111
Qihoo-360 Win32/Trojan.56a 20181112
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181112
Sophos AV Mal/EncPk-ANX 20181112
Symantec Trojan.Gen.2 20181111
Webroot W32.Trojan.Emotet 20181112
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpka 20181112
AhnLab-V3 20181111
Alibaba 20180921
Antiy-AVL 20181112
Avast-Mobile 20181111
Avira (no cloud) 20181111
Babable 20180918
Baidu 20181112
CAT-QuickHeal 20181111
ClamAV 20181111
CMC 20181112
DrWeb 20181112
F-Prot 20181112
Ikarus 20181111
Jiangmin 20181112
Kingsoft 20181112
NANO-Antivirus 20181112
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181112
TheHacker 20181108
TotalDefense 20181111
TrendMicro 20181112
TrendMicro-HouseCall 20181112
Trustlook 20181112
VBA32 20181109
ViRobot 20181112
Yandex 20181109
Zillya 20181109
Zoner 20181112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Sola Plug-in
Original name msiltcfg.dl
Internal name Aban Plug-in
File version 1, 4, 2, 50
Description Window I Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-06-10 08:02:18
Entry Point 0x00001649
Number of sections 6
PE sections
PE imports
RegGetKeySecurity
RegDisablePredefinedCache
CryptCreateHash
GetArcDirection
StrokeAndFillPath
SetViewportOrgEx
GetProcessId
SetPriorityClass
GetSystemInfo
ReOpenFile
GlobalAlloc
GetCommandLineA
AllocConsole
GlobalMemoryStatusEx
FlushFileBuffers
GetDynamicTimeZoneInformation
VARIANT_UserMarshal
VarI2FromDate
StrToIntW
IsWindow
GetTitleBarInfo
OpenIcon
IsDlgButtonChecked
DrawIcon
CreateIconIndirect
GetMenuCheckMarkDimensions
GetClassWord
CharPrevExA
CryptCATAdminEnumCatalogFromHash
Number of PE resources by type
RT_DIALOG 20
RT_STRING 10
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ITALIAN NEUTRAL 3
SWEDISH NEUTRAL 3
CHINESE TRADITIONAL 3
SPANISH NEUTRAL 3
GERMAN NEUTRAL 3
CHINESE SIMPLIFIED 3
JAPANESE DEFAULT 3
FRENCH NEUTRAL 3
KOREAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
143360

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.2.50

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Window I Stub

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
11.0

EntryPoint
0x1649

OriginalFileName
msiltcfg.dl

MIMEType
application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.4|application/x-java-bean;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-bean;version=1.4.1

LegalCopyright
Microsoft

FileExtents
|||||

FileOpenName
Aban Applet|JavaBeans|Sola Applet|SolaBeans|Sola Applet|SolaBeans

FileVersion
1, 4, 2, 50

TimeStamp
1995:06:10 09:02:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Aban Plug-in

ProductVersion
1, 4, 2, 50

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AbanSoft / Sun Microsystems, Inc.

CodeSize
8192

ProductName
Sola Plug-in

ProductVersionNumber
1.4.2.50

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 97ca157bfa5c7ba08d74532c68f2857e
SHA1 3157d1ee41ead5ea0931e184db1274582209c6eb
SHA256 2a5926fb2c08e0180e74c4e0df617a9bc9a39d2a9d6e6f91201125423e5ab9f5
ssdeep
3072:lb4bl5TmSlJRizC+ihLwpf3soEDnf3D6vqke0fENQzty:dklpmKPizy0pf8nfBk/Ea

authentihash 540a702c5bbdcba7b321907ed04652032ffcdf7382a6d94c921d70a3201caaf8
imphash aec508fc859d59267ec55828f80f51da
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 23:32:38 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-09 23:32:38 UTC ( 3 months, 2 weeks ago )
File names inRAoYEPD.exe
aPwDY0D4OcGi.exe
Aban Plug-in
msiltcfg.dl
XdFpVLS7qAVn6N2Ws.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!