× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f141ae196076a865ad731eb8dedfee31ea459ec742a738ecd9fc8560920fdec
File name: sourcedev.exe
Detection ratio: 19 / 71
Analysis date: 2019-01-21 11:49:57 UTC ( 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
AVG FileRepMalware 20190121
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.544ecc 20190109
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOUV 20190121
Fortinet W32/GenKryptik.CWGN!tr 20190121
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20190121
Malwarebytes Trojan.Emotet 20190121
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20190121
Microsoft Trojan:Win32/Fuerboos.C!cl 20190121
Qihoo-360 HEUR/QVM20.1.B1B4.Malware.Gen 20190121
Rising Trojan.Crypto!8.364/N3#96% (RDM+:cmRtazqU5M27rFezlkLlaslATr9F) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/EncPk-AOI 20190121
Symantec ML.Attribute.HighConfidence 20190121
Trapmine malicious.high.ml.score 20190103
VBA32 BScope.Trojan.Refinka 20190121
Ad-Aware 20190121
AegisLab 20190121
AhnLab-V3 20190121
Alibaba 20180921
ALYac 20190121
Antiy-AVL 20190121
Arcabit 20190121
Avast 20190121
Avast-Mobile 20190121
Avira (no cloud) 20190121
AVware 20180925
Babable 20180918
Baidu 20190121
BitDefender 20190121
Bkav 20190121
CAT-QuickHeal 20190121
ClamAV 20190121
CMC 20190121
Comodo 20190121
Cyren 20190121
DrWeb 20190121
eGambit 20190121
Emsisoft 20190121
F-Prot 20190121
F-Secure 20190121
GData 20190121
Ikarus 20190121
Jiangmin 20190121
K7AntiVirus 20190121
Kaspersky 20190121
Kingsoft 20190121
MAX 20190121
McAfee 20190121
eScan 20190121
NANO-Antivirus 20190121
Palo Alto Networks (Known Signatures) 20190121
Panda 20190120
SUPERAntiSpyware 20190116
TACHYON 20190121
Tencent 20190121
TheHacker 20190118
TotalDefense 20190121
TrendMicro 20190121
TrendMicro-HouseCall 20190121
Trustlook 20190121
VIPRE 20190121
ViRobot 20190121
Webroot 20190121
Yandex 20190120
Zillya 20190118
ZoneAlarm by Check Point 20190121
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product F1j5HfqhrQ3
File version 6.1.760
Description Canadian M
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-21 11:46:45
Entry Point 0x00002881
Number of sections 4
PE sections
PE imports
CreateRestrictedToken
InitializeAcl
ClusterRegCloseKey
CertDuplicateCRLContext
SetTextAlign
EndPage
BitBlt
LCIDToLocaleName
FlushFileBuffers
SetThreadPreferredUILanguages
ResumeThread
GetModuleHandleW
VarI4FromDate
VarI4FromCy
IsPwrHibernateAllowed
CloseDesktop
CreateIconIndirect
DdeAddData
GetScrollPos
WTHelperGetProvCertFromChain
Ord(29)
CoLoadLibrary
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
GERMAN 1
PE resources
ExifTool file metadata
SpecialBuild
6, 3, 0, 2b

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.0.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Canadian M

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
415744

EntryPoint
0x2881

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights res

FileVersion
6.1.760

TimeStamp
2019:01:21 12:46:45+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpo

CodeSize
156672

ProductName
F1j5HfqhrQ3

ProductVersionNumber
6.3.0.2

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 881d2217cb093a5e2fc549d2af702d14
SHA1 d773743544ecc5710721786de93fa246a9150177
SHA256 3f141ae196076a865ad731eb8dedfee31ea459ec742a738ecd9fc8560920fdec
ssdeep
3072:s+dvGj5/3l6ju8qS7oQTr30uLVKhMAaL9duvDFZNm+K:ndstl6S8qS7oQ/hKWNJduvDFZb

authentihash 03c329ea487dcc11fe1201410819a766adfdef574ffbd96ce63c020930cb084c
imphash 5232e31fafd25d9edabec9c7f25fb58f
File size 550.0 KB ( 563200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-21 11:49:57 UTC ( 4 weeks ago )
Last submission 2019-01-21 15:53:46 UTC ( 4 weeks ago )
File names l6W4EfPU.exe
Ki2xKMa2mC.exe
363.exe
tiLfE3Y9cBeuh7gXV.exe
m3fOa7GQoHU_ZqpfKbx.exe
emotet_e2_3f141ae196076a865ad731eb8dedfee31ea459ec742a738ecd9fc8560920fdec_2019-01-21__115502.exe_
sourcedev.exe
137.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!