× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3457be1a273e30ad85296385ce7936c2f0c3f2e7a7117e54dbdad588879c4570
File name: XjdeGu.exe.bin
Detection ratio: 44 / 68
Analysis date: 2018-07-06 23:34:42 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31049021 20180706
AegisLab Ml.Attribute.Gen!c 20180706
AhnLab-V3 Malware/Gen.Generic.C2597659 20180706
ALYac Trojan.GenericKD.31049021 20180706
Antiy-AVL Trojan/Win32.TSGeneric 20180706
Arcabit Trojan.Generic.D1D9C53D 20180706
Avast Win32:Malware-gen 20180706
AVG Win32:Malware-gen 20180706
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180706
BitDefender Trojan.GenericKD.31049021 20180706
ClamAV Win.Trojan.Agent-6602055-0 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.50f2db 20180225
Cylance Unsafe 20180707
Cyren W32/Trojan.QMPJ-0568 20180706
DrWeb Trojan.EmotetENT.251 20180706
Emsisoft Trojan.GenericKD.31049021 (B) 20180706
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GINH 20180706
F-Prot W32/Emotet.DK.gen!Eldorado 20180706
F-Secure Trojan.GenericKD.31049021 20180706
Fortinet W32/Kryptik.GIBQ!tr 20180706
GData Trojan.GenericKD.31049021 20180706
Ikarus Trojan.Win32.Crypt 20180706
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Dovs.pdg 20180706
Malwarebytes Trojan.Emotet 20180706
MAX malware (ai score=98) 20180707
McAfee Emotet-FHK!7DD55ED26483 20180706
McAfee-GW-Edition Emotet-FHK!7DD55ED26483 20180706
Microsoft Trojan:Win32/Emotet.AC!bit 20180706
eScan Trojan.GenericKD.31049021 20180706
Palo Alto Networks (Known Signatures) generic.ml 20180707
Panda Trj/Genetic.gen 20180705
Qihoo-360 HEUR/QVM20.1.4BB6.Malware.Gen 20180707
Rising Trojan.Kryptik!8.8 (CLOUD) 20180706
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180706
Symantec Trojan.Emotet 20180706
TrendMicro TSPY_EMOTET.TTIBBJH 20180706
TrendMicro-HouseCall TSPY_EMOTET.TTIBBJH 20180706
VBA32 Malware-Cryptor.Limpopo 20180705
Webroot W32.Trojan.Emotet 20180707
ZoneAlarm by Check Point Trojan.Win32.Dovs.pdg 20180706
Avast-Mobile 20180706
Avira (no cloud) 20180706
AVware 20180706
Babable 20180406
Bkav 20180706
CAT-QuickHeal 20180706
CMC 20180706
Comodo 20180706
eGambit 20180707
Jiangmin 20180706
K7AntiVirus 20180706
K7GW 20180706
Kingsoft 20180707
NANO-Antivirus 20180706
SUPERAntiSpyware 20180706
TACHYON 20180706
Tencent 20180707
TheHacker 20180628
TotalDefense 20180706
Trustlook 20180707
VIPRE 20180706
ViRobot 20180706
Yandex 20180706
Zillya 20180706
Zoner 20180706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-07 09:53:15
Entry Point 0x00001C8E
Number of sections 7
PE sections
PE imports
GetClipRgn
SetMapperFlags
CreatePalette
GetWorldTransform
GetSystemTime
GetConsoleScreenBufferInfo
GetSystemTimeAsFileTime
SetHandleCount
GetThreadPriorityBoost
IsSystemResumeAutomatic
GetCommMask
GetThreadUILanguage
DeleteTimerQueue
RequestWakeupLatency
GetConsoleProcessList
GetCommandLineA
GetProcessShutdownParameters
TzSpecificLocalTimeToSystemTime
GetSubMenu
GetParent
IsWindowVisible
SetDlgItemInt
ValidateRect
wvsprintfA
GetMessageTime
GetAncestor
SCardGetStatusChangeA
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:04:07 10:53:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15360

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1c8e

InitializedDataSize
196608

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7dd55ed26483128003467ea981f7d840
SHA1 285439050f2db5f50e6b38e2ea7f5038e2bcc347
SHA256 3457be1a273e30ad85296385ce7936c2f0c3f2e7a7117e54dbdad588879c4570
ssdeep
3072:QOkE1w2GOsuNJNBAhmQDWAc8JPqF+XUs/tg0H:QPE1wNI3NqFfhJfXBg0

authentihash e5ace7dc7ae44e43294f66e0bd2cbc36fe937c20da4b540a37f7cdb3cecbc522
imphash 26905cdb222204f81be14f03d2078029
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-05 07:58:13 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-25 19:30:29 UTC ( 4 months ago )
File names 7dd55ed26483128003467ea981f7d840.vir
7dd55ed26483128003467ea981f7d840.virobj
XjdeGu.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!