× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3820ecdafade1a1b0718d17590b02e8a67adfdc0b69dd342a81e0a893dc4697a
File name: droidmontana.exe
Detection ratio: 26 / 67
Analysis date: 2018-08-06 15:07:21 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R233034 20180806
Arcabit Trojan.PasswordStealer.GenericS.D1DB5E10 20180806
Avast Win32:Malware-gen 20180806
AVG Win32:Malware-gen 20180806
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9972 20180806
BitDefender Trojan.PasswordStealer.GenericKDS.31153680 20180806
CAT-QuickHeal Trojan.Emotet.X4 20180806
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180806
Emsisoft Trojan.PasswordStealer.GenericKDS.31153680 (B) 20180806
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJOC 20180806
Fortinet W32/GenKryptik.CHGG!tr 20180806
GData Trojan.PasswordStealer.GenericKDS.31153680 20180806
Kaspersky Trojan-Banker.Win32.Emotet.bago 20180806
Malwarebytes Trojan.Emotet 20180806
MAX malware (ai score=80) 20180806
Microsoft Trojan:Win32/Fuerboos.A!cl 20180806
eScan Trojan.PasswordStealer.GenericKDS.31153680 20180806
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgI3BdV87KW+GQ) 20180806
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180806
Symantec ML.Attribute.HighConfidence 20180806
TrendMicro TSPY_EMOTET.THHOFAH 20180806
TrendMicro-HouseCall TSPY_EMOTET.THHOFAH 20180806
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bago 20180806
Ad-Aware 20180806
AegisLab 20180806
Alibaba 20180713
ALYac 20180806
Antiy-AVL 20180806
Avast-Mobile 20180806
Avira (no cloud) 20180806
AVware 20180727
Babable 20180725
Bkav 20180806
ClamAV 20180806
CMC 20180806
Comodo 20180806
Cybereason 20180225
Cyren 20180806
DrWeb 20180806
eGambit 20180806
F-Prot 20180806
Ikarus 20180806
Sophos ML 20180717
Jiangmin 20180806
K7AntiVirus 20180806
K7GW 20180806
Kingsoft 20180806
McAfee 20180806
McAfee-GW-Edition 20180806
NANO-Antivirus 20180806
Palo Alto Networks (Known Signatures) 20180806
Panda 20180806
Qihoo-360 20180806
SUPERAntiSpyware 20180806
Symantec Mobile Insight 20180801
TACHYON 20180806
Tencent 20180806
TheHacker 20180805
Trustlook 20180806
VBA32 20180806
VIPRE 20180806
ViRobot 20180806
Webroot 20180806
Yandex 20180805
Zillya 20180803
Zoner 20180806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-05 23:30:20
Entry Point 0x0000333B
Number of sections 5
PE sections
PE imports
PeekNamedPipe
GetFileTime
GetTimeZoneInformation
GetThreadIOPendingFlag
GetCurrentProcessId
SetFilePointer
GetNamedPipeServerProcessId
PostQueuedCompletionStatus
GetCommandLineA
GetWindowThreadProcessId
IsCharAlphaNumericA
GetSystemMetrics
GetLastActivePopup
CheckDlgButton
GetDesktopWindow
GetInputState
SCardLocateCardsW
Number of PE resources by type
RT_BITMAP 29
RT_STRING 24
RT_RCDATA 11
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 50
ENGLISH US 8
ENGLISH NEUTRAL 6
RUSSIAN 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:08:06 00:30:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
11.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
212992

SubsystemVersion
5.0

EntryPoint
0x333b

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
45056

File identification
MD5 b8f69516e129f774b8ad2e16c2e016fc
SHA1 ee0a47a7658d87338d0125293182cb919a761ff6
SHA256 3820ecdafade1a1b0718d17590b02e8a67adfdc0b69dd342a81e0a893dc4697a
ssdeep
3072:xEMYlfJ/X8XI2/7ATQ3pfa5hSajotdKesL8Lgo:xElZX8Y2/7daj9j2EMg

authentihash 9e005bb3d3f6985d02c164652c25522654de4d00cc1f3dc3c15404faed026b79
imphash cf5dd3a75cfd26589696f40163781bf0
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-06 15:07:21 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-06 15:07:21 UTC ( 6 months, 2 weeks ago )
File names droidmontana.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!