× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a6099334bf6bda6d5b6fe5a131f13e825413d30fecd1153c1938534c40233a4
File name: Ox82hzO8Cy.exe
Detection ratio: 49 / 71
Analysis date: 2019-01-04 11:49:42 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40750992 20190104
AhnLab-V3 Trojan/Win32.Generic.R244332 20190104
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190104
Arcabit Trojan.Generic.D26DCF90 20190104
Avast Win32:BankerX-gen [Trj] 20190104
AVG Win32:BankerX-gen [Trj] 20190104
Avira (no cloud) TR/Emotet.fxt 20190104
BitDefender Trojan.GenericKD.40750992 20190104
CAT-QuickHeal Trojan.IGENERIC 20190103
Comodo Malware@#1hnvcre0zee97 20190104
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20190104
Cyren W32/Emotet.IX.gen!Eldorado 20190104
DrWeb Trojan.EmotetENT.292 20190104
Emsisoft Trojan.Emotet (A) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190104
F-Prot W32/Emotet.IX.gen!Eldorado 20190104
F-Secure Trojan.GenericKD.40750992 20190104
Fortinet W32/Emotet.BN!tr 20190104
GData Win32.Trojan-Spy.Emotet.EVS8IX 20190104
Ikarus Trojan.Win32.Emotet 20190104
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c4bc1 ) 20190104
K7GW Trojan ( 0053c4bc1 ) 20190104
Kaspersky Trojan-Banker.Win32.Emotet.bpmy 20190104
Malwarebytes Trojan.Emotet 20190104
MAX malware (ai score=100) 20190104
McAfee RDN/Generic.grp 20190104
McAfee-GW-Edition BehavesLike.Win32.Upatre.gt 20190104
Microsoft Trojan:Win32/Emotet.AC!bit 20190104
eScan Trojan.GenericKD.40750992 20190104
NANO-Antivirus Virus.Win32.Gen.ccmw 20190104
Palo Alto Networks (Known Signatures) generic.ml 20190104
Panda Trj/WLT.E 20190103
Qihoo-360 HEUR/QVM20.1.2722.Malware.Gen 20190104
Rising Trojan.Win32.Generic.1A0C7038 (RDM+:cmRtazoWqU8FVjnavLJJbsKGt40M) 20190104
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190104
Symantec Trojan.Gen.2 20190104
Tencent Win32.Trojan-banker.Emotet.Pept 20190104
TrendMicro TSPY_EMOTET.THAAACAH 20190104
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMK 20190104
VBA32 BScope.Trojan.Refinka 20190104
VIPRE Trojan.Win32.Generic!BT 20190103
Webroot W32.Trojan.Emotet 20190104
Yandex Trojan.PWS.Emotet! 20181229
Zillya Trojan.Emotet.Win32.7591 20190103
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpmy 20190104
Acronis 20181227
AegisLab 20190104
Alibaba 20180921
Avast-Mobile 20190103
AVware 20180925
Babable 20180918
Baidu 20190104
Bkav 20190103
ClamAV 20190104
CMC 20190103
Cybereason 20180225
eGambit 20190104
Jiangmin 20190104
Kingsoft 20190104
SUPERAntiSpyware 20190102
TACHYON 20190104
TheHacker 20181230
TotalDefense 20190104
Trapmine 20190103
Trustlook 20190104
ViRobot 20190104
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdkor.dll
Internal name kbdkor
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description KO Hangeul Keyboard Layout Stub driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-12 08:19:51
Entry Point 0x0000DB5D
Number of sections 6
PE sections
PE imports
CertRegisterPhysicalStore
SetTextJustification
WaitNamedPipeA
GetModuleHandleA
FlsFree
MprAdminInterfaceTransportRemove
SetupDiClassNameFromGuidW
CreateCaret
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294963199

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
KO Hangeul Keyboard Layout Stub driver

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
381952

EntryPoint
0xdb5d

OriginalFileName
kbdkor.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:11:12 00:19:51-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdkor

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
57344

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 47b1b5795a7c3df4f6126b10379d86cb
SHA1 0546ecc9cfba88f0ea9228963fbc285838dfe5b4
SHA256 3a6099334bf6bda6d5b6fe5a131f13e825413d30fecd1153c1938534c40233a4
ssdeep
3072:1xNbM4IvQAV8mv0dp6RbAaewfrOJY83qNrPd4bP+37zqwFOWpNd8sFmQ:re9vv8mwINAbwfr8YIqNTumrzqUNhF

authentihash 72cd48dcb67691c7604f645d5f481dc0214a6f5f6f2e04ed87ea57a9f51c1d29
imphash 8c90827f7eca70b7fbf17ec48a0ca013
File size 421.5 KB ( 431616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-12 08:35:22 UTC ( 3 months, 1 week ago )
Last submission 2018-11-12 08:35:22 UTC ( 3 months, 1 week ago )
File names kbdkor.dll
Ox82hzO8Cy.exe
kbdkor
8Eyt512aE11V.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!