× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d4b55aae260fab4acaf5ab8e328272a3072abdcecad5db201564294468572bf
File name: 3d4b55aae260fab4acaf5ab8e328272a3072abdcecad5db201564294468572bf
Detection ratio: 52 / 64
Analysis date: 2017-09-18 01:54:08 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4831506 20170918
AegisLab Troj.Banker.W32.Emotet!c 20170918
AhnLab-V3 Trojan/Win32.MDA.R198519 20170917
ALYac Trojan.GenericKD.4831506 20170917
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170918
Avast Win32:Malware-gen 20170918
AVG Win32:Malware-gen 20170918
Avira (no cloud) TR/Crypt.Xpack.tkpmo 20170917
AVware Trojan.Win32.Generic!BT 20170917
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170915
BitDefender Trojan.GenericKD.4831506 20170918
CAT-QuickHeal TrojanBanker.Emotet 20170916
ClamAV Win.Ransomware.Globeimposter-6336188-0 20170918
Comodo TrojWare.Win32.Diple.A 20170918
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170918
Cyren W32/Emotet.IRQD-3761 20170918
DrWeb BackDoor.Siggen2.2041 20170918
Emsisoft Trojan.GenericKD.4831506 (B) 20170918
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FRBV 20170918
F-Prot W32/Emotet.AM 20170918
F-Secure Trojan.GenericKD.4831506 20170918
Fortinet W32/Generic.AP.BC0AC!tr 20170918
GData Trojan.GenericKD.4831506 20170918
Ikarus Trojan.Win32.Crypt 20170917
Sophos ML heuristic 20170914
Jiangmin Trojan.Inject.yaa 20170918
K7AntiVirus Trojan ( 0050b5621 ) 20170917
K7GW Hacktool ( 655367771 ) 20170918
Kaspersky Trojan-Banker.Win32.Emotet.vjt 20170918
Malwarebytes Trojan.SpamBot 20170917
MAX malware (ai score=100) 20170918
McAfee RDN/PWS-Banker 20170918
McAfee-GW-Edition BehavesLike.Win32.PUPXBM.dc 20170918
Microsoft Trojan:Win32/Emotet.K 20170918
eScan Trojan.GenericKD.4831506 20170918
NANO-Antivirus Trojan.Win32.Androm.enpgkz 20170918
Palo Alto Networks (Known Signatures) generic.ml 20170918
Panda Trj/GdSda.A 20170917
Rising Trojan.Kryptik!8.8 (cloud:QrxBOUAdGYR) 20170918
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170918
Symantec Ransom.Kovter 20170917
Tencent Win32.Trojan-banker.Emotet.Tdfz 20170918
TrendMicro-HouseCall TSPY_EMOTET.XXSW 20170918
VBA32 TrojanBanker.Emotet 20170915
VIPRE Trojan.Win32.Generic!BT 20170918
Webroot W32.Trojan.Gen 20170918
Yandex TrojanSpy.SpyEyes!3lUk7EyK34s 20170908
Zillya Trojan.Emotet.Win32.798 20170916
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.vjt 20170918
Alibaba 20170911
Arcabit 20170918
Avast-Mobile 20170829
CMC 20170917
Kingsoft 20170918
nProtect 20170918
Qihoo-360 20170918
SUPERAntiSpyware 20170917
Symantec Mobile Insight 20170917
TheHacker 20170916
TotalDefense 20170917
Trustlook 20170918
ViRobot 20170917
WhiteArmor 20170829
Zoner 20170918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-11 01:36:40
Entry Point 0x000011E5
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
LocalAlloc
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
InterlockedCompareExchange
EncodePointer
GetStartupInfoW
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetSystemTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetSystemTimeAdjustment
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
GetWindowTextA
GetWindowTextLengthA
GetWindowWord
GetGuiResources
Number of PE resources by type
RT_ICON 11
RT_BITMAP 3
RT_GROUP_ICON 2
RT_MENU 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:04:11 02:36:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18432

LinkerVersion
10.0

EntryPoint
0x11e5

InitializedDataSize
243712

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cfbfc63d5faa58cb5bf7231e5cd6be05
SHA1 9e3fa354c6b315963887f1bcb5309f23297b2895
SHA256 3d4b55aae260fab4acaf5ab8e328272a3072abdcecad5db201564294468572bf
ssdeep
3072:Fdzmiq+hN9tdCRnYRpzJtG2ZRyKt/6N/6rkGFkrY7uNO5XVcjEZCp:Fdzv9tdEIFTRjSirkGFkrY7uN

authentihash 32f7c8a41e2ce35cca5c69b52410fc795a368aedb1ead419f5f7906a567aec0b
imphash 0929aec5d58f2fb36225bca3920f81f9
File size 250.5 KB ( 256512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-12 00:35:52 UTC ( 6 months, 1 week ago )
Last submission 2017-08-02 21:31:56 UTC ( 2 months, 2 weeks ago )
File names ChappPortrait.exe
aa
3d4b55aae260fab4acaf5ab8e328272a3072abdcecad5db201564294468572bf
742_12_08_2016_01_37_26_1537.exe.malware.mrg
3d4b55aae260fab4acaf5ab8e328272a3072abdcecad5db201564294468572bf
1140.exe
742_12_08_2016_01_37_26_1537.exe.malware.MRG
cfbfc63d5faa58cb5bf7231e5cd6be05
1537.exe
1CXQSUq.dot
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications