Antivirus scan for 3297b50916adf38337216de3a690d4622a9da04e30639d4c09947c5435fa593d at 2018-06-07 22:59:36 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.Emotet.GX	20180607
AhnLab-V3	Trojan/Win32.Emotet.R229762	20180607
Avira (no cloud)	TR/Crypt.ZPACK.AF	20180607
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9994	20180607
BitDefender	Trojan.Emotet.GX	20180607
Cylance	Unsafe	20180608
Cyren	W32/Emotet.CCWC-1969	20180607
DrWeb	Trojan.EmotetENT.234	20180607
Emsisoft	Trojan.Emotet (A)	20180607
Endgame	malicious (high confidence)	20180507
ESET-NOD32	Win32/Emotet.BK	20180607
F-Prot	W32/Emotet.QY	20180607
F-Secure	Trojan.Emotet.GX	20180607
Fortinet	W32/Kryptik.GHLR!tr	20180607
GData	Win32.Trojan-Spy.Emotet.RE	20180607
Ikarus	P2P-Worm.Win32.Palevo	20180607
Sophos ML	heuristic	20180601
Kaspersky	Trojan-Banker.Win32.Emotet.aquc	20180607
MAX	malware (ai score=85)	20180608
McAfee	Emotet-FHK!5E61F845C3EB	20180607
eScan	Trojan.Emotet.GX	20180607
Qihoo-360	HEUR/QVM20.1.AF4B.Malware.Gen	20180607
SentinelOne (Static ML)	static engine - malicious	20180225
Sophos AV	Mal/EncPk-ANR	20180607
Symantec	ML.Attribute.HighConfidence	20180607
Webroot	W32.Trojan.Emotet	20180608
ZoneAlarm by Check Point	UDS:DangerousObject.Multi.Generic	20180607
AegisLab		20180607
Alibaba		20180607
ALYac		20180607
Antiy-AVL		20180607
Arcabit		20180607
Avast		20180607
Avast-Mobile		20180607
AVG		20180607
AVware		20180607
Babable		20180406
Bkav		20180607
CAT-QuickHeal		20180607
ClamAV		20180607
CMC		20180607
Comodo		20180607
CrowdStrike Falcon (ML)		20180202
Cybereason		20180225
eGambit		20180608
Jiangmin		20180607
K7AntiVirus		20180607
K7GW		20180607
Kingsoft		20180608
Malwarebytes		20180607
McAfee-GW-Edition		20180607
Microsoft		20180607
NANO-Antivirus		20180607
Palo Alto Networks (Known Signatures)		20180608
Panda		20180607
Rising		20180607
SUPERAntiSpyware		20180607
Symantec Mobile Insight		20180605
TACHYON		20180607
Tencent		20180608
TheHacker		20180606
TrendMicro		20180607
TrendMicro-HouseCall		20180607
Trustlook		20180607
VBA32		20180607
VIPRE		20180607
ViRobot		20180607
Yandex		20180529
Zillya		20180607
Zoner		20180607

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-06-07 08:22:02

Entry Point 0x000013D8

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 7740 8192 6.05 623363c1f31090939756d16a132ce321

.rdata 12288 61206 61440 5.43 bef155aac78d46624a5b859545b30c43

.pdata 73728 86820 86016 5.81 7dc05a9fb202e28031aeb5efa9fcc789

.rsrc 163840 11320 12288 4.16 fac2523ba359c6f1479ad21c34f3700c

.reloc 176128 3580 4096 5.69 6ae2f09f5396013d6417c3f7d0292903

Overlays

MD5 b863ee1809c92ea23443279039484a2e

File type data

Offset 176128

Size 1074

Entropy 2.82

PE imports

Number of PE resources by type

RT_STRING 3

RT_BITMAP 2

Number of PE resources by language

NEUTRAL 5

PE resources

460532c82070521b09213c1e85cde0ef99fcb0a7a55075b8e1851ea712f00f7b data

86972be5229ebdcab788bb5ec77234a62f7a591aeb34e1e6f25b1f95bab43f34 ASCII text

aa9cb8eca27bd3fc69b9e1f60c9729e4291aa74cc717a7368ffaa15d394bd617 data

cb58180d2d4b0b405daaa4e957d56946a041601ae9084a5c00b69cb9b2d53f76 data

f19acd5a46d79a6ca568d722316468fb040a66b94e6bbdf55363e9e4aaff6d4f ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Thu Jun 7 08:22:02 2018 72580 35 Bytes

12 (12) Thu Jun 7 08:22:02 2018 72704 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:06:07 09:22:02+01:00

FileType

Win32 EXE

PEType

PE32

CodeSize

8192

LinkerVersion

15.1

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x13d8

InitializedDataSize

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

4.0

UninitializedDataSize

131072

File identification

MD5 5e61f845c3eb828f3a44e98dbf54a80b

SHA1 f7d2bac2f0fa91291450f443334f0b05d4f0bb08

SHA256 3297b50916adf38337216de3a690d4622a9da04e30639d4c09947c5435fa593d

ssdeep

1536:buhviCu2MC2PAAn8UsUqLOkSTCD6l1b+7JpdXivWROBzCMylnZAEp/z0ZEKzGQkb:ShJS7U7LuFvWEKZ5r0ZA7QtXg8Plg/

imphash b7d2d120551198985cfdd5edee22b41e

File size 173.0 KB ( 177202 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (34.3%) Win32 Executable (generic) (23.5%) OS/2 Executable (generic) (10.6%) Clipper DOS Executable (10.5%) Generic Win/DOS Executable (10.4%)

VirusTotal metadata

First submission 2018-06-07 22:59:36 UTC ( 8 months, 2 weeks ago )

Last submission 2018-06-07 22:59:36 UTC ( 8 months, 2 weeks ago )

File names

5.exe
5.exe

SHA256:	3297b50916adf38337216de3a690d4622a9da04e30639d4c09947c5435fa593d
File name:	5.exe
Detection ratio:	27 / 67
Analysis date:	2018-06-07 22:59:36 UTC ( 8 months, 2 weeks ago ) View latest

Ciphered bundle