× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42ba3eda54de8c60ddbe609c91739d3286103ece732a0990dc3c6380b764dff1
File name: emotet_exe_e2_42ba3eda54de8c60ddbe609c91739d3286103ece732a0990dc3...
Detection ratio: 44 / 66
Analysis date: 2019-04-17 13:39:55 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190415
Ad-Aware Trojan.GenericKD.31888746 20190417
AegisLab Trojan.Win32.Malicious.4!c 20190417
Alibaba Trojan:Win32/Emotet.b28225df 20190402
ALYac Trojan.Agent.Emotet 20190417
Arcabit Trojan.Generic.D1E6956A 20190417
Avast Win32:DangerousSig [Trj] 20190417
AVG Win32:DangerousSig [Trj] 20190417
Avira (no cloud) TR/Crypt.XPACK.Gen 20190417
BitDefender Trojan.GenericKD.31888746 20190417
ClamAV Win.Packed.Rundll-6907441-0 20190416
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.bd25ac 20190417
Cyren W32/Trojan.NRZU-0803 20190417
DrWeb Trojan.Emotet.686 20190417
Emsisoft Trojan.GenericKD.31888746 (B) 20190417
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GSEC 20190417
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190416
FireEye Generic.mg.18328c1bd25acc76 20190417
Fortinet W32/Lockscreen.LOA!tr 20190417
GData Win32.Trojan-Spy.Emotet.X2O2NS 20190417
Ikarus Win32.Outbreak 20190416
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0051cd171 ) 20190417
K7GW Trojan ( 0051cd171 ) 20190417
Kaspersky Trojan-Banker.Win32.Emotet.cyko 20190417
McAfee Trojan-FQMJ!18328C1BD25A 20190417
McAfee-GW-Edition Trojan-FQMJ!18328C1BD25A 20190416
Microsoft Trojan:Win32/Emotet.PA!MTB 20190417
eScan Trojan.GenericKD.31888746 20190417
Palo Alto Networks (Known Signatures) generic.ml 20190417
Panda Trj/GdSda.A 20190416
Qihoo-360 HEUR/QVM20.1.95DB.Malware.Gen 20190417
Rising Trojan.GenKryptik!8.AA55 (TFE:3:x05w1K9Dt2L) 20190417
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Emotet-Q 20190417
Tencent Win32.Trojan.Falsesign.Dxda 20190417
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHF 20190417
VBA32 BScope.Malware-Cryptor.Emotet 20190416
ViRobot Trojan.Win32.Z.Emotet.90936.E 20190417
Yandex Trojan.PWS.Emotet! 20190416
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cyko 20190417
AhnLab-V3 20190417
Antiy-AVL 20190417
Avast-Mobile 20190415
Babable 20180918
Baidu 20190318
Bkav 20190416
CAT-QuickHeal 20190416
CMC 20190321
Comodo 20190417
eGambit 20190417
Jiangmin 20190417
Kingsoft 20190417
Malwarebytes 20190417
MAX 20190417
NANO-Antivirus 20190417
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190417
TheHacker 20190411
TotalDefense 20190416
Trustlook 20190417
Zillya 20190416
Zoner 20190417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 3:39 PM 4/17/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-15 17:54:54
Entry Point 0x00012B70
Number of sections 4
PE sections
Overlays
MD5 0acd5009d35c11b0c3ca94698e8b5717
File type data
Offset 87552
Size 3384
Entropy 7.32
PE imports
RegQueryValueExA
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
SetThreadLocale
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
VirtualAllocEx
lstrlenA
GetModuleFileNameW
GetVersionExW
SetEvent
HeapAlloc
GetThreadLocale
GetVersionExA
DeleteCriticalSection
GetStartupInfoA
GetWindowsDirectoryW
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
WaitForMultipleObjects
GetProcessHeap
GetComputerNameW
CreateMutexA
SetFilePointer
RaiseException
WideCharToMultiByte
LoadLibraryW
MoveFileExW
GetModuleHandleA
InterlockedExchange
WriteFile
CloseHandle
lstrcmpW
HeapReAlloc
GetProcAddress
SetThreadExecutionState
SetFileAttributesA
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
lstrcpyA
CreateProcessW
CreateEventA
Sleep
FormatMessageA
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragFinish
SHGetSpecialFolderLocation
ShellExecuteExW
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW
FindExecutableW
RedrawWindow
ChangeDisplaySettingsW
SetDlgItemTextA
EnumDesktopsA
SetWindowRgn
UnregisterHotKey
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
SetSystemCursor
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
DdeDisconnect
IsWindow
EndPaint
DdeGetData
CopyRect
DdeCreateStringHandleW
GetMessageTime
VkKeyScanW
SetMenuItemInfoW
GetDC
GetAsyncKeyState
MapDialogRect
SendMessageW
EndMenu
DefFrameProcA
UnregisterClassW
GetClientRect
DdeInitializeW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
LoadImageW
keybd_event
DdeQueryStringW
GetActiveWindow
RegisterHotKey
GetUpdateRgn
EnumDesktopsW
GetWindowTextW
CharLowerBuffA
GetWindowTextLengthW
MsgWaitForMultipleObjects
DdeFreeStringHandle
EnumPropsExA
GetMenuItemID
DdeQueryStringA
DestroyWindow
DrawEdge
ShowCursor
GetParent
UpdateWindow
DdeCmpStringHandles
SetClassLongW
GetMessageW
ShowWindow
DrawFrameControl
GetDesktopWindow
CharToOemBuffA
ValidateRgn
PeekMessageW
EnableWindow
GetClipboardFormatNameW
GetSystemMenu
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
InternalGetWindowText
GetIconInfo
SetParent
RegisterClassW
ScrollWindow
CharLowerA
IsZoomed
GetWindowPlacement
DdeConnect
WindowFromPoint
DrawMenuBar
EnableMenuItem
TabbedTextOutA
DrawFocusRect
CreateMenu
DdeClientTransaction
IsDialogMessageW
FillRect
CreateAcceleratorTableW
WaitForInputIdle
DeferWindowPos
GetDialogBaseUnits
EnumPropsW
CreateWindowExW
GetWindowLongW
GetCursorPos
OpenClipboard
GetDoubleClickTime
AppendMenuW
MapWindowPoints
ClientToScreen
BeginPaint
OffsetRect
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CharPrevW
CheckMenuRadioItem
GetClipboardData
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
PostMessageW
CreateDialogParamW
CreateWindowStationA
CreatePopupMenu
CheckMenuItem
ChildWindowFromPointEx
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
CallWindowProcW
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
TileChildWindows
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
EnumDisplaySettingsW
FindWindowExW
DispatchMessageW
InsertMenuW
FlashWindow
SetForegroundWindow
SetFocus
GetMenuItemInfoW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
GetScrollInfo
HideCaret
GetMessagePos
CreateIconIndirect
GetCapture
SetWindowLongW
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
SetMenu
LoadIconW
MoveWindow
DdePostAdvise
ChangeMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SetClassWord
DestroyIcon
wsprintfW
IsWindowVisible
DdeNameService
SetCursorPos
SystemParametersInfoW
UnionRect
SetRect
InvalidateRect
CharNextW
DdeCreateDataHandle
GetClassNameW
TranslateAcceleratorA
DefDlgProcA
ModifyMenuW
ValidateRect
IsRectEmpty
IsCharUpperW
GetFocus
InsertMenuItemW
CloseClipboard
DdeGetLastError
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
SPANISH MODERN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:04:15 19:54:54+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
12288

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x12b70

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 18328c1bd25acc7625310beda9909a65
SHA1 15ab9a9ebab5d53b57ea45ace85f4759630cee6f
SHA256 42ba3eda54de8c60ddbe609c91739d3286103ece732a0990dc3c6380b764dff1
ssdeep
1536:3K8E/YeSR/Y5d2PvLY9PIR5ryiO5g7jWX8OnYNah3r9qRIpTKUwd9mqxHKq:a8ENSRg5KrR52iOG7jWXlnYNav5KLdI8

authentihash 3e4d0782ed9a053b8bf5d0b647920889dc43d0f47686a16706a33918cfc92008
imphash 8a298ae3407bef29f2c6b48b034c9df4
File size 88.8 KB ( 90936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-15 18:08:28 UTC ( 1 month ago )
Last submission 2019-04-15 23:21:03 UTC ( 1 month ago )
File names emotet_exe_e2_42ba3eda54de8c60ddbe609c91739d3286103ece732a0990dc3c6380b764dff1_2019-04-15__180002.exe_
zbetcheckin_tracker_18328c1bd25acc7625310beda9909a65
3b_K0O.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections