× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 3cd9cf347b4df173bbd8e6b2d42adf1a1570ae763f1eeda534cedab14ab937a6
File name: nJASkGAPaPg.exe
Detection ratio: 40 / 68
Analysis date: 2018-09-21 05:43:45 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.31225894 20180921
AhnLab-V3 Malware/Win32.Generic.R237614 20180921
ALYac Trojan.Autoruns.GenericKD.31225894 20180921
Arcabit Trojan.Autoruns.Generic.D1DC7826 20180921
AVG FileRepMalware 20180921
AVware Win32.Malware!Drop 20180921
BitDefender Trojan.Autoruns.GenericKD.31225894 20180921
CAT-QuickHeal Trojan.Emotet.X4 20180918
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180921
Cyren W32/Trojan.PGQB-3021 20180921
Emsisoft Trojan.Emotet (A) 20180921
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKXP 20180921
F-Secure Trojan.Autoruns.GenericKD.31225894 20180921
Fortinet W32/GenKryptik.CLNH!tr 20180921
GData Trojan.Autoruns.GenericKD.31225894 20180921
Ikarus Trojan.Win32.Krypt 20180920
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053cbc11 ) 20180921
Kaspersky Trojan-Banker.Win32.Emotet.beab 20180921
Malwarebytes Trojan.Emotet 20180921
MAX malware (ai score=99) 20180921
McAfee RDN/Generic.grp 20180921
McAfee-GW-Edition RDN/Generic.grp 20180921
Microsoft Trojan:Win32/Emotet 20180921
eScan Trojan.Autoruns.GenericKD.31225894 20180921
Palo Alto Networks (Known Signatures) generic.ml 20180921
Panda Trj/Genetic.gen 20180920
Qihoo-360 HEUR/QVM20.1.F7F3.Malware.Gen 20180921
Rising Trojan.Emotet!8.B95 (CLOUD) 20180921
Sophos AV Mal/EncPk-ANY 20180921
Symantec Trojan.Gen.MBT 20180921
TACHYON Banker/W32.Emotet.408576 20180921
Tencent Win32.Trojan-banker.Emotet.Eawn 20180921
TrendMicro TSPY_EMOTET.THIBOAH 20180921
TrendMicro-HouseCall TSPY_EMOTET.THIBOAH 20180921
VIPRE Win32.Malware!Drop 20180921
Webroot W32.Trojan.Emotet 20180921
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.beab 20180921
AegisLab 20180921
Alibaba 20180912
Antiy-AVL 20180920
Avast 20180921
Avast-Mobile 20180920
Avira (no cloud) 20180921
Babable 20180918
Baidu 20180914
Bkav None
ClamAV 20180921
CMC 20180920
Comodo 20180921
Cybereason 20180225
DrWeb 20180921
eGambit 20180921
F-Prot 20180921
Jiangmin 20180921
Kingsoft 20180921
NANO-Antivirus 20180921
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TheHacker 20180920
TotalDefense 20180920
Trustlook 20180921
VBA32 20180920
ViRobot 20180921
Yandex 20180920
Zillya 20180920
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

Product GTCoach
Internal name keyboard
File version 1, 0, 0, 14
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 17:20:28
Entry Point 0x000226AC
Number of sections 8
PE sections
PE imports
[+] ADVAPI32.dll
InitiateSystemShutdownA
GetSidLengthRequired
EnumServicesStatusA
GetUserNameW
DeregisterEventSource
MakeSelfRelativeSD
InitiateSystemShutdownExW
IsValidSid
LogonUserA
GetWindowsAccountDomainSid
DeleteAce
IsValidSecurityDescriptor
[+] AVIFIL32.dll
AVIStreamStart
[+] COMCTL32.dll
ImageList_SetBkColor
[+] COMDLG32.dll
FindTextA
GetFileTitleW
[+] CRYPT32.dll
CryptMsgSignCTL
CryptStringToBinaryA
[+] GDI32.dll
GetTextMetricsW
GetCharacterPlacementW
DeleteEnhMetaFile
GetSystemPaletteEntries
GetWindowOrgEx
GetRgnBox
FloodFill
GetTextMetricsA
GetClipBox
GetWindowExtEx
GetViewportOrgEx
GetPixel
GetLayout
GetObjectA
PaintRgn
GetPixelFormat
GetTextExtentExPointI
GetTextColor
GetBitmapDimensionEx
GetBkMode
GetTextExtentPointW
ExtTextOutW
DescribePixelFormat
FrameRgn
EqualRgn
GetPath
GetStockObject
GetOutlineTextMetricsW
GetDIBits
GdiFlush
GetCharWidth32W
GetSystemPaletteUse
GetStretchBltMode
Escape
DeleteMetaFile
[+] KERNEL32.dll
GetVolumePathNameW
GetLargestConsoleWindowSize
GetExitCodeProcess
FindNextFileA
GlobalFindAtomA
GetTickCount
GetThreadLocale
GetEnvironmentStringsW
GetModuleFileNameA
GlobalHandle
FillConsoleOutputCharacterW
GetLocalTime
GetVolumePathNamesForVolumeNameW
DeleteCriticalSection
GetAtomNameA
GetVolumeInformationA
GetCurrentDirectoryW
FreeEnvironmentStringsW
GlobalGetAtomNameA
GetDateFormatW
GetConsoleTitleW
GetCompressedFileSizeW
GetCurrentProcess
GetSystemDefaultLCID
GetPrivateProfileStructW
ExpandEnvironmentStringsA
VirtualLock
FindVolumeMountPointClose
GetProcAddress
WriteProfileStringW
DebugBreak
GetLocaleInfoW
ExpandEnvironmentStringsW
GetTempPathA
GetThreadSelectorEntry
GetCPInfo
DeleteVolumeMountPointW
GetModuleHandleA
GetSystemDirectoryW
GetCommTimeouts
GlobalAddAtomA
_lopen
GetVolumeNameForVolumeMountPointW
GetCompressedFileSizeA
GetThreadTimes
WritePrivateProfileStructW
GetStringTypeW
GetUserDefaultLCID
EscapeCommFunction
LocalSize
SetCommConfig
GetEnvironmentVariableA
GetThreadContext
VirtualFree
GetFileAttributesW
ExitProcess
[+] MPRAPI.dll
MprConfigInterfaceGetInfo
[+] NETAPI32.dll
NetLocalGroupGetMembers
NetLocalGroupAddMembers
NetApiBufferReallocate
[+] OLEAUT32.dll
GetErrorInfo
SafeArrayAllocDescriptorEx
[+] RASAPI32.dll
RasGetEntryPropertiesA
[+] SETUPAPI.dll
CM_Get_DevNode_Custom_PropertyW
[+] SHELL32.dll
FindExecutableW
FindExecutableA
ExtractAssociatedIconW
[+] SHLWAPI.dll
StrStrW
SHRegWriteUSValueW
[+] Secur32.dll
EnumerateSecurityPackagesW
GetComputerObjectNameW
FreeCredentialsHandle
[+] USER32.dll
EmptyClipboard
IsWinEventHookInstalled
GetCursorInfo
GetScrollRange
GetScrollPos
GetShellWindow
EnumWindowStationsW
GetMessageW
DefWindowProcA
GetUserObjectInformationW
GetCaretPos
LoadMenuW
GetClipboardSequenceNumber
OemToCharBuffA
DestroyIcon
GetWindowRect
MessageBoxIndirectA
IsWindowUnicode
GetDlgItemTextA
GetMessageExtraInfo
CharLowerW
FindWindowExW
DestroyCaret
GetDlgItemInt
GetTabbedTextExtentW
DrawTextA
GetClassInfoA
GetClipCursor
DefFrameProcW
LoadStringA
GetLastActivePopup
GetRawInputData
IsZoomed
GetClassInfoW
GetKeyboardLayoutList
BringWindowToTop
FrameRect
GetKeyNameTextW
InsertMenuA
GetWindowLongA
FindWindowExA
LoadIconA
InvalidateRect
GetKeyboardLayoutNameW
FillRect
DefDlgProcA
ModifyMenuW
DestroyAcceleratorTable
GetMenuState
CopyAcceleratorTableW
GetWindowTextLengthW
ReleaseDC
GetWindowRgnBox
GetWindowTextA
DestroyMenu
GetMenuStringW
[+] WININET.dll
GetUrlCacheEntryInfoExW
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoW
[+] WINMM.dll
DefDriverProc
[+] WINSPOOL.DRV
GetPrinterDriverDirectoryW
DeletePrinter
[+] WINTRUST.dll
CryptCATCDFEnumAttributes
CryptCATGetMemberInfo
[+] mscms.dll
GetColorProfileHeader
[+] msvcrt.dll
fputc
fputws
fseek
fsetpos
fputwc
setvbuf
vfprintf
[+] ntdll.dll
strncmp
[+] ole32.dll
GetRunningObjectTable
MkParseDisplayName
[+] urlmon.dll
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
268800

ImageVersion
0.0

ProductName
GTCoach

FileVersionNumber
1.0.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 14

TimeStamp
2018:09:19 10:20:28-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
keyboard

ProductVersion
3, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
GTek Technologies Ltd.

CodeSize
0

FileSubtype
0

ProductVersionNumber
3.0.0.1

EntryPoint
0x226ac

ObjectFileType
Dynamic link library

File identification
MD5 f169a6e10534f356e9b80b97c2852aed
SHA1 eca2920ead039dd28c7c26514c28bee605cf31d9
SHA256 3cd9cf347b4df173bbd8e6b2d42adf1a1570ae763f1eeda534cedab14ab937a6
ssdeep
3072:T5zQh2+SyLfGbxQfCeXtdLtRswm3Qfkf7U/XGxGZw9qtQ+EptjR4NEoyvpZXqgXa:TBYtVfGbxWf3GEXaG69qtcjbp

authentihash 380190e2df4410b7ec626e909f9eb268f2816e97b1011125f5e713c3dddf5577
imphash 5766ddc4c9eed876351b1f51f3bf4f15
File size 399.0 KB ( 408576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-19 10:25:06 UTC ( 5 months ago )
Last submission 2018-09-19 10:25:06 UTC ( 5 months ago )
File names nJASkGAPaPg.exe
montanatexas.exe
keyboard
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Blog | Twitter | Contact us | ToS | Privacy policy