× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e5a08a0956b5c89adcb29299572ed63d203081f416f6e6a0e560ef861544528
File name: DEFB6CC3.exe
Detection ratio: 24 / 66
Analysis date: 2018-07-26 00:14:40 UTC ( 7 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Generic!c 20180725
Avast FileRepMalware 20180725
AVG FileRepMalware 20180725
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180725
Bkav HW32.Packed.772D 20180725
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180726
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GJFO 20180725
Fortinet W32/GenKryptik.CFYN!tr 20180726
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20180725
MAX malware (ai score=95) 20180726
McAfee Artemis!E8673ADE6321 20180725
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180726
Microsoft Trojan:Win32/Dynamer!ac 20180725
Palo Alto Networks (Known Signatures) generic.ml 20180726
Qihoo-360 HEUR/QVM20.1.BEEB.Malware.Gen 20180726
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgJUt7g6UlyBQA) 20180725
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180725
VBA32 BScope.TrojanBanker.Emotet 20180725
Webroot W32.Trojan.Emotet 20180726
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180725
Ad-Aware 20180726
AhnLab-V3 20180725
Alibaba 20180713
ALYac 20180725
Antiy-AVL 20180726
Arcabit 20180725
Avast-Mobile 20180725
Avira (no cloud) 20180725
AVware 20180725
Babable 20180725
BitDefender 20180725
CAT-QuickHeal 20180725
ClamAV 20180725
CMC 20180725
Comodo 20180726
Cybereason 20180225
Cyren 20180725
DrWeb 20180725
eGambit 20180726
Emsisoft 20180725
F-Prot 20180725
F-Secure 20180725
GData 20180725
Ikarus 20180725
Jiangmin 20180725
K7AntiVirus 20180725
K7GW 20180726
Kingsoft 20180726
Malwarebytes 20180725
eScan 20180725
NANO-Antivirus 20180725
Panda 20180725
Sophos AV 20180725
SUPERAntiSpyware 20180725
TACHYON 20180725
Tencent 20180726
TheHacker 20180725
TrendMicro 20180725
TrendMicro-HouseCall 20180725
Trustlook 20180726
VIPRE 20180725
ViRobot 20180725
Yandex 20180725
Zoner 20180725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001B68A
Number of sections 6
PE sections
PE imports
RevertToSelf
BuildTrusteeWithObjectsAndSidW
CryptStringToBinaryA
JetMakeKey
GetCPInfo
lstrlenA
FlsFree
FlsGetValue
OaBuildVersion
VarDateFromR4
VarCyCmp
VarCyMulI4
glPolygonMode
NdrStubCall2
StrCpyNW
DefMDIChildProcA
ChildWindowFromPointEx
EnumWindowStationsW
waveOutGetErrorTextW
wcsncmp
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
15360

EntryPoint
0x1b68a

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:22 19:20:06-08:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
113152

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 e8673ade6321dffe1de2c9088d95e1aa
SHA1 02f2294f3ebcf371d982e7464c01e787f673b477
SHA256 2e5a08a0956b5c89adcb29299572ed63d203081f416f6e6a0e560ef861544528
ssdeep
3072:drPZmTn5teygkpEy/gS0/gZArMMHAd174A:BPS5teygkpNB0/gnMm

authentihash b3644f74ab54d64f679519b860241112ed26e24a200efb4f29a15829ef854d09
imphash cd76a108528bc542f13c28d701191d7a
File size 122.0 KB ( 124928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-25 20:50:27 UTC ( 7 months ago )
Last submission 2018-07-25 20:50:27 UTC ( 7 months ago )
File names 450.exe
85774.exe
946572.exe
6814990.exe
86.exe
902.exe
6627.exe
648.exe
681431.exe
188790.exe
968.exe
3034117.exe
53310696.exe
992312.exe
31.exe
0.exe
44087.exe
6.exe
DEFB6CC3.exe
0849219.exe
53.exe
38060.exe
597.exe
75530838.exe
7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!