× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3cd191b9e8bf6b7c0850f801888be51eb151555a4a4f17b241ceddfc023912c3
File name: bundletabbtn.exe
Detection ratio: 22 / 66
Analysis date: 2018-11-06 12:35:42 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181106
AVG FileRepMalware 20181106
CAT-QuickHeal Trojan.Emotet.X4 20181105
ClamAV Win.Trojan.Emotet-6707392-0 20181106
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181106
Endgame malicious (high confidence) 20180730
Ikarus Win32.Outbreak 20181106
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053c2ba1 ) 20181106
K7GW Trojan ( 0053c2ba1 ) 20181106
Kaspersky UDS:DangerousObject.Multi.Generic 20181106
McAfee Artemis!78F625E451ED 20181106
McAfee-GW-Edition BehavesLike.Win32.Emotet.jt 20181106
Palo Alto Networks (Known Signatures) generic.ml 20181106
Panda Trj/Emotet.C 20181105
Qihoo-360 HEUR/QVM20.1.060D.Malware.Gen 20181106
Rising Trojan.Kryptik!1.B4A3 (CLASSIC) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181106
Webroot W32.Trojan.Emotet 20181106
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181106
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast-Mobile 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
Bkav 20181106
CMC 20181106
Cybereason 20180225
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
ESET-NOD32 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Jiangmin 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
Microsoft 20181106
eScan 20181106
NANO-Antivirus 20181106
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TrendMicro 20181106
TrendMicro-HouseCall 20181106
Trustlook 20181106
VBA32 20181106
ViRobot 20181106
Yandex 20181102
Zillya 20181105
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(c) 2003 Corel Corporation

Product Corel Graphics Applications
Original name ZoomPanTool.DLL
Internal name ZoomPanTool
File version 12.0.0.458
Description Corel Graphics Applications Zoom and Pan Tool Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-06 10:15:44
Entry Point 0x00093777
Number of sections 4
PE sections
PE imports
RegSaveKeyA
ObjectPrivilegeAuditAlarmA
RegQueryReflectionKey
ImageList_GetIconSize
SetTextJustification
SetWindowOrgEx
UpdateColors
StartPage
GetNumberOfInterfaces
SetCommConfig
GetPrivateProfileStringA
LoadResource
GetSystemDirectoryW
WriteConsoleOutputCharacterA
GetModuleHandleW
NetGroupAddUser
VarBoolFromDate
RasGetAutodialAddressW
RasGetEntryPropertiesA
RpcRevertToSelfEx
RpcMgmtEpEltInqBegin
SetupDiGetDeviceInstallParamsW
SHGetUnreadMailCountW
SHQueryValueExW
SHGetThreadRef
BeginPaint
GetUserObjectSecurity
RetrieveUrlCacheEntryFileA
towlower
HWND_UserSize
OleFlushClipboard
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries.

SubsystemVersion
5.0

InitializedDataSize
73728

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.0.458

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Corel Graphics Applications Zoom and Pan Tool Library

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
12.0

EntryPoint
0x93777

FileType
Win32 EXE

OriginalFileName
ZoomPanTool.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright(c) 2003 Corel Corporation

FileVersion
12.0.0.458

TimeStamp
2018:11:06 02:15:44-08:00

LanguageBuildID
0

PEType
PE32

InternalName
ZoomPanTool

ProductVersion
12.0.0.458

UninitializedDataSize
0

Builton
Thu 12/04/2003 1:34:13.68

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
610304

ProductName
Corel Graphics Applications

ProductVersionNumber
12.0.0.458

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
Compressed bundles
File identification
MD5 78f625e451edf00694233be28a9ed6ee
SHA1 c7e463cb8c5f1bb054517fe97e00584950e1a081
SHA256 3cd191b9e8bf6b7c0850f801888be51eb151555a4a4f17b241ceddfc023912c3
ssdeep
3072:pa325FE+kRT9mrJTNCOUb6tNAxZdAZ0kjAgkmeukhu82fQN33X5G5V7ft5H3QCDX:ZY+6ApWme/uVfs3X5GnX3QCf8yuYGB

authentihash de51206ae0bede49cf9c1c338fb45774948cf62a8cfef089471955790e4c9e7b
imphash 39930d2c72ee2c04960addfa04ebe6d1
File size 668.0 KB ( 684032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 10:18:31 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-14 07:24:31 UTC ( 3 months, 1 week ago )
File names mYRyFn1vUc.exe
7o7yeMvGaJX.exe
DTBIWFARKAHJR9.EXE
AFryf0eGAw92.exe
invoice.exe
OgQMVR893q.exe
w3zIOnnym.exe
wZjuYsktBII.exe
p5aW3g4xlacf.exe
488381CD.exe.virus
ZoomPanTool.DLL
ZoomPanTool
78f625e451edf00694233be28a9ed6ee_exe
78f625e451edf00694233be28a9ed6ee
oXIsVV6opyk.exe
s9mpsrDQV.exe
aerosearcha.exe
818.exe
SI4XdWI.exe
XypuK7sAQ.exe
S0mYkSoI1.exe
7LuSGHWo.exe
HPAOmuDXh.exe
soIreiwrx.exe
bundletabbtn.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!