× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f21df4b0eae6cf8d7b7d12b531e9a106f29fe8b94456219dea50b0b93c0f6c3
File name: QQ8uAsYCvFO.exe
Detection ratio: 49 / 71
Analysis date: 2019-01-02 14:19:28 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ser.Razy.985 20190102
AegisLab Trojan.Win32.Emotet.4!c 20190102
ALYac Gen:Variant.Ser.Razy.985 20190102
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190102
Arcabit Trojan.Ser.Razy.985 20190102
Avast Win32:MalwareX-gen [Trj] 20190102
AVG Win32:MalwareX-gen [Trj] 20190102
Avira (no cloud) TR/AD.Emotet.uobsr 20190101
BitDefender Gen:Variant.Ser.Razy.985 20190102
CAT-QuickHeal Trojan.Emotet.X4 20190102
Comodo Malware@#1azwi3z5hm1ce 20190102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.9979c8 20180225
Cylance Unsafe 20190102
Cyren W32/Trojan.COAM-7726 20190102
Emsisoft Gen:Variant.Ser.Razy.985 (B) 20190102
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190102
F-Secure Gen:Variant.Ser.Razy.985 20190102
Fortinet W32/GenKryptik.CVIB!tr 20190102
GData Gen:Variant.Ser.Razy.985 20190102
Ikarus Trojan.Win32.Krypt 20190101
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.eyn 20190102
K7AntiVirus Trojan ( 005449951 ) 20190102
K7GW Trojan ( 005449951 ) 20190102
Kaspersky Trojan-Banker.Win32.Emotet.bxfp 20190102
Malwarebytes Trojan.Emotet 20190102
MAX malware (ai score=100) 20190102
McAfee RDN/Generic.dx 20190102
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh 20190102
Microsoft Trojan:Win32/Emotet.AC!bit 20190102
eScan Gen:Variant.Ser.Razy.985 20190102
NANO-Antivirus Trojan.Win32.Emotet.flqglb 20190102
Palo Alto Networks (Known Signatures) generic.ml 20190102
Panda Trj/GdSda.A 20190101
Qihoo-360 HEUR/QVM20.1.42F9.Malware.Gen 20190102
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190102
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20190102
Symantec Trojan.Emotet 20190101
TACHYON Banker/W32.Emotet.315904 20190102
Tencent Win32.Trojan-banker.Emotet.Wrgj 20190102
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R004C0OLU18 20190102
TrendMicro-HouseCall TROJ_GEN.R004C0OLU18 20190102
ViRobot Trojan.Win32.Z.Agent.315904.FU 20190102
Webroot W32.Trojan.Emotet 20190102
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxfp 20190102
Acronis 20181227
Alibaba 20180921
Avast-Mobile 20190102
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20190102
ClamAV 20190102
CMC 20190101
DrWeb 20190102
eGambit 20190102
F-Prot 20190102
Kingsoft 20190102
SUPERAntiSpyware 20181226
TheHacker 20181230
TotalDefense 20190102
Trustlook 20190102
VBA32 20181229
VIPRE 20190102
Yandex 20181229
Zillya 20181231
Zoner 20190102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporati

Product Micros
Internal name kbdughr
File version 6.1.7601.17514
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x000168A5
Number of sections 8
PE sections
PE imports
CryptReleaseContext
OpenProcessToken
LookupPrivilegeNameA
GetColorAdjustment
GetViewportOrgEx
GetPixel
GetFontUnicodeRanges
WaitForMultipleObjectsEx
SetFileIoOverlappedRange
FlsFree
GetFileSize
FillConsoleOutputCharacterA
GetDiskFreeSpaceW
ProcessIdToSessionId
RegisterApplicationRestart
GetNLSVersionEx
SetEndOfFile
GetDynamicTimeZoneInformation
VerifyScripts
GetModuleHandleW
GetNamedPipeClientSessionId
NetLocalGroupGetInfo
VarI4FromCy
RpcBindingSetAuthInfoW
ShellAboutW
PathIsSameRootW
SetCapture
DdeAddData
GetForegroundWindow
GetGuiResources
AddPrinterDriverA
CryptCATAdminAcquireContext
setsockopt
iswlower
RtlFirstEntrySList
OleTranslateAccelerator
CoGetTreatAsClass
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
95232

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
226304

EntryPoint
0x168a5

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporati

FileVersion
6.1.7601.17514

TimeStamp
2004:08:04 08:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdughr

ProductVersion
1.4: 2003062408

SubsystemVersion
5.1

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 da39b079979c8ad63ba1ae0105baf1d2
SHA1 21d1f8fb8abe2bf6605b515f2f150a6e86da583a
SHA256 2f21df4b0eae6cf8d7b7d12b531e9a106f29fe8b94456219dea50b0b93c0f6c3
ssdeep
3072:MqPKbk9eSYQesVI5/9wIUvE2pNRGTNr2FMRvGWyhf0oALLE1HBH3:5P9rt1pLGxr2FuGnhnuCHBH

authentihash e938fd7d4ddebe3923f6ddfbfa925de260889373dac5d0aacae912dfba11760e
imphash 5d54dfecfe5c52bbe1a91bfd1e4e09bf
File size 308.5 KB ( 315904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-28 18:03:25 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-28 18:03:25 UTC ( 1 month, 3 weeks ago )
File names kbdughr
QQ8uAsYCvFO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!