× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3891142e2ea49775435634975a7e37955f94ff2162bdeff98574899fbb7680c7
File name: duplexplugins.exe
Detection ratio: 32 / 68
Analysis date: 2018-08-02 01:46:30 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180802
AhnLab-V3 Trojan/Win32.Emotet.R232549 20180801
Avast Win32:Malware-gen 20180801
AVG Win32:Malware-gen 20180801
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9885 20180801
CAT-QuickHeal Trojan.Emotet.X4 20180801
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180802
Cyren W32/Emotet.EK.gen!Eldorado 20180802
Emsisoft Trojan.Emotet (A) 20180802
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJKT 20180802
F-Prot W32/Emotet.EK.gen!Eldorado 20180802
Fortinet W32/Kryptik.GJKT!tr 20180801
GData Win32.Trojan-Spy.Emotet.GH9SK5 20180802
Ikarus Trojan.Win32.Crypt 20180801
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.baat 20180802
Malwarebytes Trojan.Emotet 20180801
McAfee Artemis!EAD0140C45E5 20180802
McAfee-GW-Edition BehavesLike.Win32.Adware.ch 20180802
Microsoft Trojan:Win32/Emotet.AC!bit 20180801
Palo Alto Networks (Known Signatures) generic.ml 20180802
Panda Trj/Genetic.gen 20180801
Qihoo-360 HEUR/QVM20.1.E34D.Malware.Gen 20180802
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:W1YRfT4UWhF) 20180802
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180802
Symantec Packed.Generic.517 20180802
TrendMicro-HouseCall TROJ_GEN.R020H05H118 20180802
Webroot W32.Trojan.Emotet 20180802
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.baat 20180802
Ad-Aware 20180802
Alibaba 20180713
ALYac 20180801
Antiy-AVL 20180802
Arcabit 20180801
Avast-Mobile 20180801
Avira (no cloud) 20180801
AVware 20180727
Babable 20180725
BitDefender 20180802
Bkav 20180801
ClamAV 20180802
CMC 20180801
Comodo 20180801
Cybereason 20180225
DrWeb 20180802
eGambit 20180802
F-Secure 20180801
Jiangmin 20180801
K7AntiVirus 20180801
K7GW 20180802
Kingsoft 20180802
MAX 20180802
eScan 20180802
NANO-Antivirus 20180802
SUPERAntiSpyware 20180801
Symantec Mobile Insight 20180801
TACHYON 20180802
Tencent 20180802
TheHacker 20180730
TotalDefense 20180801
TrendMicro 20180802
Trustlook 20180802
VBA32 20180801
VIPRE 20180802
ViRobot 20180801
Yandex 20180731
Zillya 20180801
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001B340
Number of sections 6
PE sections
PE imports
CertAddCertificateLinkToStore
GetTextCharset
EqualRgn
ConvertFiberToThread
lstrlenA
SwitchToThread
GetModuleHandleA
GetCurrentThreadId
GetNamedPipeClientSessionId
VarUI1FromStr
DispatchMessageA
SendMessageTimeoutA
PostThreadMessageA
GetDC
DeviceCapabilitiesW
g_rgSCardT1Pci
realloc
strncmp
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1b340

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
114688

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ead0140c45e5658cf8815b982dd7af0c
SHA1 a48d312125a5f38bbe89197f2fd07e11cc2a66bd
SHA256 3891142e2ea49775435634975a7e37955f94ff2162bdeff98574899fbb7680c7
ssdeep
3072:ULVyS/YIy1Is3UOAaxwSIzgH4z+gzVIH2Zff+OHct:ZS/xy1jA5SIzO+CHkGQc

authentihash 5d5645ba84d6294962c4a897836fe4c50f223eb93116aad217956be57e191311
imphash 1794470e973134bb506e97fbfda37767
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-01 07:53:50 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-01 07:53:50 UTC ( 6 months, 3 weeks ago )
File names duplexplugins.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!