× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f9ea6867015f7f1eb43250255f95d35c610f4f6741aa39ad1ade181c5dd705d
File name: 2f9ea6867015f7f1eb43250255f95d35c610f4f6741aa39ad1ade181c5dd705d
Detection ratio: 42 / 68
Analysis date: 2018-12-28 22:05:36 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40875178 20181228
AegisLab Trojan.Win32.Cridex.4!c 20181228
AhnLab-V3 Trojan/Win32.Cridex.R250105 20181228
ALYac Trojan.GenericKD.40875178 20181228
Arcabit Trojan.Generic.D26FB4AA 20181228
Avast Win32:Malware-gen 20181228
AVG Win32:Malware-gen 20181228
BitDefender Trojan.GenericKD.40875178 20181228
Bkav HW32.Packed. 20181227
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.fdaa5f 20180225
Cyren W32/Emotet.LL.gen!Eldorado 20181228
eGambit Unsafe.AI_Score_99% 20181228
Emsisoft Trojan.GenericKD.40875178 (B) 20181228
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.CK 20181228
F-Prot W32/Emotet.LL.gen!Eldorado 20181228
F-Secure Trojan.GenericKD.40875178 20181228
Fortinet W32/Cridex.BH!tr 20181228
GData Trojan.GenericKD.40875178 20181228
Ikarus Trojan-Banker.Emotet 20181228
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005447961 ) 20181228
K7GW Trojan ( 005447961 ) 20181228
Kaspersky Trojan-Downloader.Win32.Cridex.bh 20181228
McAfee Emotet-FID!B6476AD4553D 20181228
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20181228
Microsoft Trojan:Win32/Tiggre!plock 20181228
eScan Trojan.GenericKD.40875178 20181228
NANO-Antivirus Trojan.Win32.Generic.flnwju 20181228
Panda Trj/GdSda.A 20181228
Qihoo-360 Win32/Trojan.Downloader.acc 20181228
Rising Downloader.Cridex!8.F70 (CLOUD) 20181228
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181228
Symantec Trojan.Gen.2 20181228
Tencent Win32.Trojan-downloader.Cridex.Pefn 20181228
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00LR18 20181228
TrendMicro-HouseCall TROJ_GEN.F0C2C00LR18 20181228
Webroot W32.Trojan.Emotet 20181228
ZoneAlarm by Check Point Trojan-Downloader.Win32.Cridex.bh 20181228
Acronis 20181227
Alibaba 20180921
Antiy-AVL 20181228
Avast-Mobile 20181228
Avira (no cloud) 20181228
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181228
ClamAV 20181228
CMC 20181228
Comodo 20181228
DrWeb 20181228
Jiangmin 20181228
Kingsoft 20181228
Malwarebytes 20181228
MAX 20181228
Palo Alto Networks (Known Signatures) 20181228
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181228
TheHacker 20181225
Trustlook 20181228
VBA32 20181228
ViRobot 20181228
Yandex 20181227
Zillya 20181228
Zoner 20181228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-25 16:41:42
Entry Point 0x00004780
Number of sections 6
PE sections
PE imports
GetTokenInformation
InitializeSid
IsTokenRestricted
InitializeSecurityDescriptor
GetTextCharsetInfo
GetCurrentPositionEx
GetCharWidth32W
GetFontData
GetCharWidthA
GetFontLanguageInfo
EnumResourceTypesA
GetLargePageMinimum
GetTimeZoneInformation
EnumSystemLocalesW
FindVolumeClose
GetDriveTypeA
GetSystemDefaultLCID
LoadLibraryExW
GetProfileStringA
FreeConsole
VirtualProtect
GetCommandLineA
GetVersion
WritePrivateProfileStructW
lstrcatW
GetProcessHeap
VarCyFromI2
CanUserWritePwrScheme
ExtractAssociatedIconExW
DeleteSecurityContext
GetPriorityClipboardFormat
GetCaretBlinkTime
GetDoubleClickTime
GetRawInputDeviceInfoW
GetMenuStringA
LockWindowUpdate
GetKeyboardLayout
GetMenuItemCount
EqualRect
SetCapture
DrawIcon
LoadKeyboardLayoutW
GetMenuState
GetClassInfoW
GetDlgItem
GetRawInputDeviceList
GetWindowLongW
LoadKeyboardLayoutA
GetMenuContextHelpId
GetClassLongA
LockWorkStation
FindFirstUrlCacheEntryExW
SCardConnectW
GetColorProfileHeader
MkParseDisplayName
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:25 17:41:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
16.3

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x4780

InitializedDataSize
53248

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b6476ad4553d6527dd0e63f5471fa28a
SHA1 c57277efdaa5f7d475f2bc0964833fad2f5aa68d
SHA256 2f9ea6867015f7f1eb43250255f95d35c610f4f6741aa39ad1ade181c5dd705d
ssdeep
3072:4uA6Xbjbbbbbbmbkbbbbwbbbyqbbbbbbb9bbbbbbnZExXiytUTK4J6BaeJtSzGo:BXbjbbbbbbmYbbbbwbbbDbbbbbbb9bbp

authentihash c97a5a9c30ffac0e084a3c2be499eae6e956cf1abba246208d7b28a2b565e1e9
imphash e125b9dca323e662578f91059169f243
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-26 15:20:35 UTC ( 3 months, 3 weeks ago )
Last submission 2018-12-27 15:55:08 UTC ( 3 months, 3 weeks ago )
File names 832d124add4964e37c6e4f5bbd94f373
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!