× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4096d855ac5a0d8ef82624f081f68223651e0638b84de790a8e39ea71b26f2a9
File name: 2018-11-28-Emotet-malware-binary-retrieved-by-Word-macro.exe
Detection ratio: 49 / 69
Analysis date: 2018-12-04 14:03:47 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40792869 20181204
AhnLab-V3 Trojan/Win32.Emotet.R246797 20181204
ALYac Trojan.Agent.Emotet 20181204
Arcabit Trojan.Generic.D26E7325 20181204
Avast Win32:BankerX-gen [Trj] 20181204
AVG Win32:BankerX-gen [Trj] 20181204
Avira (no cloud) TR/AD.Emotet.avslj 20181204
BitDefender Trojan.GenericKD.40792869 20181204
CAT-QuickHeal Trojan.Fuerboos 20181203
Comodo Malware@#34kqy3tiwosxr 20181204
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.50318b 20180225
Cylance Unsafe 20181204
Cyren W32/Trojan.IWGW-7616 20181204
DrWeb Trojan.EmotetENT.312 20181204
eGambit Unsafe.AI_Score_82% 20181204
Emsisoft Trojan.GenericKD.40792869 (B) 20181204
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNHG 20181204
F-Prot W32/Emotet.KB.gen!Eldorado 20181204
F-Secure Trojan.GenericKD.40792869 20181204
Fortinet Malicious_Behavior.SB 20181204
GData Win32.Trojan-Spy.Emotet.TV 20181204
Ikarus Trojan-Banker.Emotet 20181203
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054293f1 ) 20181204
K7GW Trojan ( 0054293f1 ) 20181204
Kaspersky Trojan-Banker.Win32.Emotet.bsho 20181204
Malwarebytes Trojan.Emotet 20181204
MAX malware (ai score=90) 20181204
McAfee RDN/Generic.hra 20181204
McAfee-GW-Edition BehavesLike.Win32.Generic.ht 20181204
Microsoft Trojan:Win32/Emotet.BN 20181204
eScan Trojan.GenericKD.40792869 20181204
NANO-Antivirus Trojan.Win32.Emotet.fkrwhx 20181204
Palo Alto Networks (Known Signatures) generic.ml 20181204
Panda Trj/RnkBend.A 20181203
Qihoo-360 HEUR/QVM20.1.8426.Malware.Gen 20181204
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181204
Sophos AV Troj/Emotet-AMS 20181204
Symantec Trojan.Emotet 20181204
Tencent Win32.Trojan-banker.Emotet.Wmst 20181204
Trapmine malicious.moderate.ml.score 20181128
TrendMicro TROJ_FRS.VSN1CK18 20181204
TrendMicro-HouseCall TROJ_FRS.VSN1CK18 20181204
VBA32 BScope.Trojan.Emotet 20181204
ViRobot Trojan.Win32.Z.Emotet.524288.L 20181204
Webroot W32.Trojan.Emotet 20181204
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bsho 20181204
AegisLab 20181204
Alibaba 20180921
Antiy-AVL 20181204
Avast-Mobile 20181204
Babable 20180918
Baidu 20181204
Bkav 20181203
ClamAV 20181203
CMC 20181204
Jiangmin 20181204
Kingsoft 20181204
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181204
TACHYON 20181204
TheHacker 20181202
TotalDefense 20181204
Trustlook 20181204
Yandex 20181204
Zillya 20181203
Zoner 20181204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft®
Internal name kbdusa
File version 3.00.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 19:15:15
Entry Point 0x000029F0
Number of sections 4
PE sections
PE imports
DeregisterEventSource
FileEncryptionStatusW
AVIFileGetStream
GetClipRgn
FillRgn
GetCharacterPlacementA
Rectangle
GetCharWidth32A
GetNamedPipeClientProcessId
WriteProcessMemory
GetCurrentProcess
GetUserDefaultLangID
GetModuleHandleA
GetFileTime
GetConsoleWindow
GetVolumeInformationW
GetTimeFormatW
GetTickCount
FreeEnvironmentStringsW
GetSystemWindowsDirectoryW
SetMailslotInfo
GetDiskFreeSpaceA
GetSystemPowerStatus
FillConsoleOutputAttribute
GetPrivateProfileStringW
LZSeek
NetLocalGroupAddMembers
CM_Get_Next_Log_Conf
CallMsgFilterA
GetCursorInfo
GetDlgItemInt
DrawStateA
GetProcessWindowStation
DrawFrameControl
timeGetTime
FindFirstPrinterChangeNotification
GetPrintProcessorDirectoryW
SCardListReadersA
fputc
malloc
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:28 20:15:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
495616

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x29f0

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 65371ec50318b872b05050c57958be64
SHA1 d740141f00cf27f753f941fdb011bc34bfecbedb
SHA256 4096d855ac5a0d8ef82624f081f68223651e0638b84de790a8e39ea71b26f2a9
ssdeep
3072:MoEnyrL4l+cclzVxHf0Xdb2nu/x548/L6tVwsjkCHEB7S3:MsLqcvxsXdNf43tOCkB7

authentihash 1d2bcf6b4da2b0d566d0253980259d3b851938a21178a6754f9827b6e01a6e21
imphash 40b23a5443073d56eaf1fdf5b9c57a3f
File size 512.0 KB ( 524288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 19:21:33 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-16 07:23:13 UTC ( 2 months, 1 week ago )
File names agPfCWYA.exe
2018-11-28-Emotet-malware-binary-retrieved-by-Word-macro.exe
kbdusa
tU7djianI.exe
componlpio.exe
PeYTkJLUE.exe
hepxjY5tTM.exe
Emotet-malware-binary-retrieved-by-Word-macro.exe
LEy3fWaqjr7.exe
352.exe
8kQ5gBU3aM.exe
wtTWv4QO.exe
fUx1g5tDNWQ.exe
pdPlG7K8N2M.exe
pcz.exe
cbgndmtpbt.exe
GwmMSQFDt.exe
M4RIWmPhu.exe
sddlpass.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!