× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3706971931a9a54fda8bdbf00e7bf8adfb4291c36fe841f2e8a267dbdb106f5c
File name: emotet_e1_3706971931a9a54fda8bdbf00e7bf8adfb4291c36fe841f2e8a267d...
Detection ratio: 47 / 68
Analysis date: 2019-03-13 15:42:36 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Proxy.MWL 20190313
AegisLab Trojan.Win32.Emotet.4!c 20190313
AhnLab-V3 Trojan/Win32.Emotet.C3083547 20190313
ALYac Trojan.Proxy.MWL 20190313
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190313
Arcabit Trojan.Proxy.MWL 20190313
Avast Win32:BankerX-gen [Trj] 20190313
AVG Win32:BankerX-gen [Trj] 20190313
Avira (no cloud) TR/Crypt.Agent.svgih 20190313
BitDefender Trojan.Proxy.MWL 20190313
ClamAV Win.Malware.Emotet-6887994-0 20190313
Cybereason malicious.62e79b 20190109
Cyren W32/Trojan.ATTC-4030 20190313
DrWeb Trojan.Siggen8.14188 20190313
Emsisoft Trojan.Proxy.MWL (B) 20190313
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CPES 20190313
F-Secure Trojan.TR/Crypt.Agent.svgih 20190313
Fortinet W32/Kryptik.CPES!tr 20190313
GData Trojan.Proxy.MWL 20190313
Ikarus Trojan-Banker.Emotet 20190313
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 004bd3231 ) 20190313
K7GW Trojan ( 004bd3231 ) 20190313
Kaspersky Trojan-Banker.Win32.Emotet.cljr 20190313
Malwarebytes Trojan.Bunitu 20190313
MAX malware (ai score=100) 20190313
McAfee GenericRXHC-WN!AE4CCF76B8AE 20190313
McAfee-GW-Edition GenericRXHC-WN!AE4CCF76B8AE 20190313
Microsoft Trojan:Win32/Emotet.AC!bit 20190313
eScan Trojan.Proxy.MWL 20190313
NANO-Antivirus Trojan.Win32.Kryptik.fnvwek 20190313
Palo Alto Networks (Known Signatures) generic.ml 20190313
Panda Trj/GdSda.A 20190313
Qihoo-360 Win32/Trojan.df3 20190313
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazp4oTVQK+7pv9lpmNUgLeHE) 20190313
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190313
Symantec ML.Attribute.HighConfidence 20190311
Tencent Win32.Trojan.Falsesign.Lohw 20190313
Trapmine malicious.moderate.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.THCABAI 20190313
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THCABAI 20190313
VBA32 BScope.Malware-Cryptor.Emotet 20190313
Webroot W32.Trojan.Emotet 20190313
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cljr 20190313
Alibaba 20190306
Avast-Mobile 20190313
Babable 20180918
Baidu 20190306
Bkav 20190313
CAT-QuickHeal 20190313
CMC 20190313
Comodo 20190313
eGambit 20190313
F-Prot 20190313
Jiangmin 20190313
Kingsoft 20190313
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190313
TheHacker 20190308
TotalDefense 20190313
Trustlook 20190313
ViRobot 20190313
Yandex 20190312
Zillya 20190313
Zoner 20190313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:42 PM 3/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-09 13:13:49
Entry Point 0x00001BB0
Number of sections 4
PE sections
Overlays
MD5 903ddb50eb52a2d2f078d079fcd95d31
File type data
Offset 265728
Size 3336
Entropy 7.32
PE imports
RegCreateKeyExW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
DeleteObject
CreateSolidBrush
AbortDoc
CreateHalftonePalette
ImmReleaseContext
ImmGetOpenStatus
ImmSetCompositionWindow
ImmGetContext
GetStdHandle
GetConsoleOutputCP
lstrlenW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleCursorInfo
OpenFileMappingA
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetEvent
InitAtomTable
LoadResource
TlsGetValue
QueryDosDeviceW
OutputDebugStringA
SetLastError
GetSystemTime
GetUserDefaultLangID
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
FlushViewOfFile
FillConsoleOutputCharacterW
QueryPerformanceFrequency
FatalAppExitW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
SetCalendarInfoA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpA
CreateTimerQueueTimer
WriteProfileSectionA
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
GetEnvironmentStrings
CompareFileTime
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
DispatchMessageA
EndPaint
SetDlgItemInt
IntersectRect
PeekMessageA
GetMessageTime
SendMessageW
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetKeyState
DefFrameProcW
TranslateMessage
CharUpperW
IsWindowEnabled
GetClientRect
DefWindowProcW
DrawTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetMenuItemID
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
SetClassLongW
MapVirtualKeyExW
GetMessageW
ShowWindow
GetQueueStatus
DrawFrameControl
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
LockWindowUpdate
LoadIconW
SetParent
GetAsyncKeyState
GetDlgItemTextW
GetMenuDefaultItem
GetDlgItemInt
SetClipboardData
GetIconInfo
GetMenuItemRect
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
DrawFocusRect
OpenClipboard
GetKeyboardLayout
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
GetMessageA
SetCapture
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
CopyIcon
ShowCaret
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
PostMessageA
DrawIcon
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
CharUpperBuffW
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ClientToScreen
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
CheckDlgButton
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
NotifyWinEvent
SetFocus
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
EndDialog
ModifyMenuW
HideCaret
CreateAcceleratorTableW
GetCapture
ScreenToClient
SetWindowTextA
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
GetMenu
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetTopWindow
wsprintfW
IsWindowVisible
WinHelpW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
UnregisterClassW
TranslateMDISysAccel
GetClassInfoW
ValidateRect
IsRectEmpty
IsMenu
GetFocus
BeginDeferWindowPos
CreateMenu
InsertMenuItemW
CloseClipboard
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
CZECH DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:09 14:13:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
157184

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
107520

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1bb0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ae4ccf76b8ae4123e0501692f7cb4ed1
SHA1 0f201e562e79b8e443b7320297734ae51c75a620
SHA256 3706971931a9a54fda8bdbf00e7bf8adfb4291c36fe841f2e8a267dbdb106f5c
ssdeep
6144:cz019wDUi91ggOTMTtMziaJiiAbSX888888888888W88888888888L:hMB1gPMTtMziaJibQ888888888888W8D

authentihash 2ec730966cab5c11f4d80b28984b4750456b1544a385cb0f165f7e296fba57c2
imphash 3edf891818ffe0e5322247854f239fdc
File size 262.8 KB ( 269064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-09 16:17:53 UTC ( 1 month, 1 week ago )
Last submission 2019-03-12 02:22:33 UTC ( 1 month, 1 week ago )
File names emotet_e1_3706971931a9a54fda8bdbf00e7bf8adfb4291c36fe841f2e8a267dbdb106f5c_2019-03-09__162002.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections