× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d5ed25787db07b723fb4efc961f8af9b8370bff87aab74414b2b1d3d7ecf45a
File name: aff88a4decde9b8fe4c2e3f2e4b38fcd
Detection ratio: 42 / 70
Analysis date: 2019-02-20 01:01:43 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190219
Ad-Aware Trojan.GenericKD.41025353 20190219
AhnLab-V3 Malware/Gen.Generic.C3026599 20190219
ALYac Trojan.GenericKD.41025353 20190219
Arcabit Trojan.Generic.D271FF49 20190219
Avast Win32:TrojanX-gen [Trj] 20190219
AVG Win32:TrojanX-gen [Trj] 20190219
BitDefender Trojan.GenericKD.41025353 20190219
Comodo Malware@#3bjh14o4as1ks 20190219
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.b444a3 20190109
Cylance Unsafe 20190219
Cyren W32/Agent.AVU.gen!Eldorado 20190219
Emsisoft Trojan.GenericKD.41025353 (B) 20190219
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPUV 20190219
Fortinet W32/Kryptik.GPUV!tr 20190219
GData Trojan.GenericKD.41025353 20190219
Ikarus Trojan.Win32.Crypt 20190219
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190219
K7GW Riskware ( 0040eff71 ) 20190219
Kaspersky Trojan-Banker.Win32.Emotet.chcf 20190219
Malwarebytes Trojan.Emotet 20190219
McAfee Emotet-FLY!AFF88A4DECDE 20190219
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20190219
Microsoft Trojan:Win32/Emotet.AC!bit 20190219
eScan Trojan.GenericKD.41025353 20190219
Palo Alto Networks (Known Signatures) generic.ml 20190219
Panda Trj/Emotet.C 20190219
Qihoo-360 Trojan.Generic 20190219
Rising Trojan.Kryptik!8.8 (CLOUD) 20190219
Sophos AV Troj/Emotet-AZF 20190219
Symantec Trojan.Emotet 20190219
Tencent Win32.Trojan-banker.Emotet.Lsvw 20190219
Trapmine suspicious.low.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THBAIAI 20190219
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THBAIAI 20190219
VBA32 BScope.Malware-Cryptor.Emotet 20190219
ViRobot Trojan.Win32.Z.Emotet.155648.CV 20190219
Webroot W32.Trojan.Emotet 20190219
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.chcf 20190219
AegisLab 20190219
Alibaba 20180921
Antiy-AVL 20190219
Avast-Mobile 20190219
Avira (no cloud) 20190219
Babable 20180917
Baidu 20190214
Bkav 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190219
DrWeb 20190219
eGambit 20190219
F-Prot 20190219
F-Secure 20190219
Jiangmin 20190219
Kingsoft 20190219
MAX 20190225
NANO-Antivirus 20190219
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TACHYON 20190219
TheHacker 20190217
TotalDefense 20190219
Trustlook 20190219
Yandex 20190218
Zillya 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 1991-2001 LEAD Technologies, Inc.

Product LEADTOOLS(r) DLL for Win32
Original name LFMSP13N.DLL
Internal name LFMSP13N
File version 13.0.0.047
Description LEADTOOLS(r) DLL for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-13 20:26:08
Entry Point 0x00002DC1
Number of sections 5
PE sections
PE imports
EnumServicesStatusW
LookupPrivilegeDisplayNameW
SetTextJustification
FlattenPath
SetPixelV
GetCurrentProcess
GetProcessHandleCount
GetLargePageMinimum
GetCommandLineW
SetConsoleHistoryInfo
CancelWaitableTimer
CloseHandle
GetStringTypeExA
GetVersion
SysFreeString
VarCyCmp
VarCyFromR8
Ord(29)
GetUserNameExW
FindWindowExA
GetMenuInfo
CreateIconIndirect
GetClientRect
UserHandleGrantAccess
GetKeyboardType
strncmp
memset
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
16384

SubsystemVersion
6.1

LinkerVersion
4.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
13.0.0.47

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LEADTOOLS(r) DLL for Win32

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2dc1

OriginalFileName
LFMSP13N.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1991-2001 LEAD Technologies, Inc.

FileVersion
13.0.0.047

TimeStamp
1995:11:13 12:26:08-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
LFMSP13N

ProductVersion
13.0.0.047

UninitializedDataSize
131072

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LEAD Technologies, Inc.

LegalTrademarks
LEADTOOLS(r) is a trademark of LEAD Technologies, Inc.

ProductName
LEADTOOLS(r) DLL for Win32

ProductVersionNumber
13.0.0.47

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 aff88a4decde9b8fe4c2e3f2e4b38fcd
SHA1 4694164b444a36f4a7aba74fd0144338f4de490f
SHA256 2d5ed25787db07b723fb4efc961f8af9b8370bff87aab74414b2b1d3d7ecf45a
ssdeep
3072:dlZ5BG5DJTmZymPnLguCE71/915R62cfdWWe:dvG5DJClPsu//k22d

authentihash 053407af7038bc4c1e0fe25b871549d7252eb4d465dc5ad1afbe2c022abae276
imphash c470a0429280977aab806529b39ba6ed
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-18 09:28:59 UTC ( 2 months, 1 week ago )
Last submission 2019-02-19 00:05:29 UTC ( 2 months ago )
File names LFMSP13N
540.exe
LFMSP13N.DLL
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!