× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f04df78d2a99bd1df50646d80570b50d1c83402f18e8648dfc9f52dce1af5d2
File name: 3f04df78d2a99bd1df50646d80570b50d1c83402f18e8648dfc9f52dce1af5d2
Detection ratio: 48 / 68
Analysis date: 2018-10-16 10:59:39 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.BZH 20181016
AhnLab-V3 Trojan/Win32.Emotet.R235587 20181016
ALYac Trojan.Ransom.BZH 20181016
Arcabit Trojan.Ransom.BZH 20181016
Avast Win32:Malware-gen 20181016
AVG Win32:Malware-gen 20181016
Avira (no cloud) TR/PSW.Fareit.spp 20181016
BitDefender Trojan.Ransom.BZH 20181016
CAT-QuickHeal Trojan.Emotet.X4 20181013
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.a49d04 20180225
Cylance Unsafe 20181016
Cyren W32/Trojan.TGRT-8216 20181016
DrWeb Trojan.EmotetENT.269 20181016
Emsisoft Trojan.Ransom.BZH (B) 20181016
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Emotet.BQ 20181016
F-Prot W32/Trojan2.PYSV 20181016
F-Secure Trojan.Ransom.BZH 20181016
Fortinet W32/Emotet.BQ!tr 20181016
GData Win32.Trojan-Spy.Emotet.TB 20181016
Ikarus Trojan.Win32.Emotet 20181016
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053953b1 ) 20181016
K7GW Trojan ( 0053953b1 ) 20181016
Kaspersky Trojan-Banker.Win32.Emotet.bbqz 20181016
Malwarebytes Trojan.Emotet 20181016
MAX malware (ai score=84) 20181016
McAfee Generic.azp 20181016
McAfee-GW-Edition Generic.azp 20181016
Microsoft Trojan:Win32/Emotet.AC!bit 20181016
eScan Trojan.Ransom.BZH 20181016
NANO-Antivirus Trojan.Win32.Emotet.fhkioi 20181016
Palo Alto Networks (Known Signatures) generic.ml 20181016
Panda Trj/WLT.D 20181015
Qihoo-360 Win32/Trojan.78d 20181016
Rising Trojan.Win32.Generic.1A09B439 (RDM+:cmRtazqrEYQL/sEdH2r+7nUQ8bk1) 20181016
Sophos AV Mal/EncPk-ANX 20181016
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181015
Symantec Trojan.Gen.2 20181016
Tencent Win32.Trojan-banker.Emotet.Hwcx 20181016
TrendMicro TROJ_GEN.R045C0DHT18 20181016
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL91.hp 20181016
VBA32 BScope.Trojan.Emotet 20181016
VIPRE Win32.Malware!Drop 20181016
ViRobot Trojan.Win32.S.Agent.401408.WT 20181016
Zillya Trojan.Ransom.Win32.1404 20181015
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bbqz 20181016
AegisLab 20181016
Alibaba 20180921
Antiy-AVL 20181016
Avast-Mobile 20181016
Babable 20180918
Baidu 20181015
Bkav 20181016
ClamAV 20181016
CMC 20181016
Comodo 20181016
eGambit 20181016
Jiangmin 20181016
Kingsoft 20181016
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TACHYON 20181016
TheHacker 20181015
TotalDefense 20181016
Trustlook 20181016
Webroot 20181016
Yandex 20181015
Zoner 20181015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGINI.EXE
Internal name REGINI.EXE
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Initializer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-26 10:47:44
Entry Point 0x00001AD1
Number of sections 6
PE sections
PE imports
BackupEventLogW
AddAuditAccessAceEx
RegDisablePredefinedCache
QueryUsersOnEncryptedFile
SetTextAlign
GetTextCharsetInfo
GetAspectRatioFilterEx
GetDCPenColor
DeleteIpForwardEntry
GetLogicalProcessorInformation
WriteConsoleOutputAttribute
GetModuleHandleA
GetNumberFormatW
WriteFile
UnlockFileEx
GetACP
GetVersionExW
GetSystemPowerStatus
ExitThread
DrawDibClose
DsListSitesW
VarTokenizeFormatString
PathIsDirectoryA
PathIsDirectoryEmptyW
EndDialog
mixerMessage
midiOutUnprepareHeader
CoCreateGuid
OleBuildVersion
PdhEnumObjectItemsW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Registry Initializer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
385024

EntryPoint
0x1ad1

OriginalFileName
REGINI.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:26 12:47:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGINI.EXE

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 97db11c43ed5f57c3d4259e680489083
SHA1 4a611f4a49d04d2949872d3693078a837163e23c
SHA256 3f04df78d2a99bd1df50646d80570b50d1c83402f18e8648dfc9f52dce1af5d2
ssdeep
6144:ngIm0kg29pw/WBQzquaOGMJMSHaG3thzO:ngIZ6peW+zFTqqhhz

authentihash ae733d2fc8ecdc031e1ed122c9089c941f5d0f93fe744bf4bec525e934561f3e
imphash 73e83d1f5718d2adeb54f9cbe9010082
File size 392.0 KB ( 401408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-16 10:59:39 UTC ( 4 months, 1 week ago )
Last submission 2018-10-16 10:59:39 UTC ( 4 months, 1 week ago )
File names REGINI.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs