× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3af125524d2c300cc14ccbde97cc65053bf84318fa6f96b13aa7c55549ce3b0c
File name: iHHHKwaFk.exe
Detection ratio: 16 / 64
Analysis date: 2019-03-10 11:20:10 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
AegisLab Hacktool.Win32.Krap.lKMc 20190310
Avast Win32:BankerX-gen [Trj] 20190310
AVG Win32:BankerX-gen [Trj] 20190310
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.6f6060 20190109
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.EEPQ 20190310
Sophos ML heuristic 20181128
McAfee GenericRXHC-WN!520DC8AA032D 20190310
Microsoft Trojan:Win32/Emotet 20190307
Qihoo-360 HEUR/QVM20.1.BFA5.Malware.Gen 20190310
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazrsfvGJrKuxltLGZ+GbvFKn) 20190310
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.high.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Emotet 20190307
Ad-Aware 20190310
AhnLab-V3 20190310
Alibaba 20190306
ALYac 20190310
Antiy-AVL 20190310
Arcabit 20190310
Avast-Mobile 20190310
Avira (no cloud) 20190309
Babable 20180918
Baidu 20190306
BitDefender 20190310
Bkav 20190308
CAT-QuickHeal 20190309
ClamAV 20190310
CMC 20190310
Comodo 20190310
Cyren 20190310
DrWeb 20190310
eGambit 20190310
Emsisoft 20190310
F-Secure 20190309
Fortinet 20190310
GData 20190310
Ikarus 20190310
Jiangmin 20190310
K7AntiVirus 20190310
K7GW 20190310
Kaspersky 20190310
Kingsoft 20190310
Malwarebytes 20190310
MAX 20190310
McAfee-GW-Edition 20190310
eScan 20190310
NANO-Antivirus 20190310
Palo Alto Networks (Known Signatures) 20190310
Panda 20190310
Sophos AV 20190310
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190310
Tencent 20190310
TheHacker 20190308
TotalDefense 20190310
TrendMicro-HouseCall 20190310
Trustlook 20190310
ViRobot 20190309
Yandex 20190310
ZoneAlarm by Check Point 20190310
Zoner 20190310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:54 AM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-10 11:17:05
Entry Point 0x00001810
Number of sections 4
PE sections
Overlays
MD5 7bd553e50f1dd4844849c17744de607d
File type data
Offset 263168
Size 3336
Entropy 7.34
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
RegQueryValueExA
InitializeAcl
CheckTokenMembership
RegQueryValueExW
SetSecurityDescriptorDacl
RegOpenKeyA
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
GetTokenInformation
DuplicateTokenEx
GetUserNameW
IsValidSid
RegDeleteValueW
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EngGradientFill
GdiFullscreenControl
GetWindowOrgEx
CreateHalftonePalette
CreatePen
CreateFontIndirectA
ColorMatchToTarget
EngCheckAbort
SetGraphicsMode
EngMarkBandingSurface
EngReleaseSemaphore
RemoveFontResourceExW
CreateBitmapIndirect
FONTOBJ_pvTrueTypeFontFile
GdiEntry15
PolyPatBlt
AbortPath
SetTextAlign
GetDCOrgEx
STROBJ_bEnum
GetCharWidth32A
BRUSHOBJ_pvGetRbrush
SelectBrushLocal
DeleteObject
CloseMetaFile
CreateColorSpaceW
CreateSolidBrush
SetBitmapDimensionEx
CombineTransform
GdiTransparentBlt
AbortDoc
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
ReleaseMutex
GetOverlappedResult
WaitForSingleObject
GetDriveTypeA
EncodePointer
GenerateConsoleCtrlEvent
GetFileAttributesW
GetCommandLineW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetVolumeInformationW
_llseek
SetDefaultCommConfigA
ReadFileScatter
SetStdHandle
GetCommModemStatus
WideCharToMultiByte
GetFileAttributesA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
GetOEMCP
HeapLock
GetExitCodeProcess
CreateEventW
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InterlockedDecrement
FindNextVolumeA
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RemoveDirectoryA
VerSetConditionMask
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
DeleteTimerQueue
GetModuleHandleA
GetSystemDirectoryW
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
IsProcessorFeaturePresent
GetDateFormatA
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
EndUpdateResourceW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
ClearCommError
FlushFileBuffers
LoadLibraryA
RtlUnwind
DeleteVolumeMountPointA
FreeLibrary
GetProcessIoCounters
GetFileSize
SetCommMask
GetStartupInfoW
GetCPInfo
GetProcAddress
GetNamedPipeHandleStateW
GetProcessHeap
CreateFileMappingW
CompareStringW
WriteFile
FreeEnvironmentStringsW
FindFirstFileA
CreateDirectoryW
InterlockedIncrement
GetPrivateProfileSectionW
GetModuleFileNameA
GetTimeZoneInformation
SetCommState
CreateFileW
GetFileType
TlsSetValue
ExitProcess
OpenJobObjectA
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GetSystemInfo
GetConsoleCP
GetConsoleAliasesLengthW
GetEnvironmentStringsW
lstrlenW
SetupComm
GetCurrentProcessId
GetCompressedFileSizeW
GetCurrentDirectoryA
HeapSize
SetThreadAffinityMask
InterlockedCompareExchange
ExpandEnvironmentStringsW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
BindIoCompletionCallback
CreateProcessA
IsValidCodePage
UnmapViewOfFile
OpenEventW
SetConsoleDisplayMode
CreateProcessW
GetConsoleAliasExesLengthW
Sleep
GetProcessVersion
OpenSemaphoreW
VirtualAlloc
DragQueryFileW
SHPathPrepareForWriteA
SHBrowseForFolderW
SHGetDiskFreeSpaceA
ExtractAssociatedIconExA
Shell_NotifyIcon
ExtractIconW
SHGetFileInfoA
SHFormatDrive
SHInvokePrinterCommandW
ShellExecuteEx
ExtractIconEx
SHGetIconOverlayIndexW
ShellAboutW
SHGetPathFromIDListA
SHGetMalloc
SHEmptyRecycleBinA
DragQueryFile
SHIsFileAvailableOffline
SHFreeNameMappings
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
FindExecutableA
SHGetSettings
ExtractIconExW
SHAppBarMessage
SHGetPathFromIDList
CommandLineToArgvW
StrChrW
PathIsRelativeW
StrRChrW
StrCmpNW
StrCmpNIW
PathIsUNCW
StrChrA
PathStripToRootW
StrCmpNIA
PathIsRootW
CharPrevA
GetMessagePos
SetClassLongW
SetUserObjectSecurity
GetClassInfoExA
ClipCursor
SetMenuContextHelpId
DrawStateW
HiliteMenuItem
IsWindow
GrayStringA
OemToCharBuffW
AdjustWindowRectEx
PostMessageW
GetMenuBarInfo
ShowCaret
CreateMDIWindowW
GetQueueStatus
DefFrameProcA
GetThreadDesktop
wsprintfA
CreateMenu
DrawFrame
GetTopWindow
CloseDesktop
MsgWaitForMultipleObjects
DialogBoxIndirectParamA
GetMenuStringW
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
CZECH DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:10 11:17:05+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
156672

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
105472

SubsystemVersion
5.0

EntryPoint
0x1810

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 520dc8aa032db1930056167db4746101
SHA1 4a76c7e6f606059b151c7758f9a7935167152ba2
SHA256 3af125524d2c300cc14ccbde97cc65053bf84318fa6f96b13aa7c55549ce3b0c
ssdeep
6144:b0CDEvDUi91ggOTMLoJiiA+uVs888888888888W88888888888EP:JQB1gPM0Jib/q888888888888W88888g

authentihash 99de9687fc4a3624b674fbf70ade54a32de09be575d250030d573ddbb0c57c9c
imphash b91cad70183922bd633750893f7ea3f9
File size 260.3 KB ( 266504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-10 11:20:10 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-12 02:08:40 UTC ( 1 month, 2 weeks ago )
File names iHHHKwaFk.exe
emotet_e1_3af125524d2c300cc14ccbde97cc65053bf84318fa6f96b13aa7c55549ce3b0c_2019-03-10__112503.exe_
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections