× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46ff767169904abcc746fa4f5e6c200bf84d07b8a4375b318a1836f8cf4f8287
File name: c38a6fbb4b987360e6ad05bb9605ae5cf778a343
Detection ratio: 54 / 67
Analysis date: 2018-05-01 17:38:53 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30541954 20180501
AegisLab Ml.Attribute.Gen!c 20180501
AhnLab-V3 Trojan/Win32.Emotet.R224508 20180501
ALYac Trojan.GenericKD.30541954 20180501
Antiy-AVL Trojan/Win32.TSGeneric 20180501
Arcabit Trojan.Generic.D1D20882 20180501
Avast Win32:Malware-gen 20180501
AVG Win32:Malware-gen 20180501
Avira (no cloud) TR/Crypt.ZPACK.yqcxc 20180501
AVware Trojan.Win32.Generic!BT 20180428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180428
BitDefender Trojan.GenericKD.30541954 20180501
CAT-QuickHeal Trojan.Cloxer 20180501
ClamAV Win.Trojan.Emotet-6494788-0 20180501
Comodo UnclassifiedMalware 20180501
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180501
Cyren W32/Patched.S.gen!Eldorado 20180501
Emsisoft Trojan.GenericKD.30541954 (B) 20180501
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of Win32/Kryptik.GFEE 20180501
F-Prot W32/Patched.S.gen!Eldorado 20180501
F-Secure Trojan.GenericKD.30541954 20180501
Fortinet W32/Kryptik.GFEE!tr 20180501
GData Win32.Trojan-Spy.Emotet.OB 20180501
Ikarus Trojan-Banker.Emotet 20180501
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 0052cc791 ) 20180501
K7GW Trojan ( 0052cc791 ) 20180501
Kaspersky Trojan.Win32.Dovs.nfp 20180501
Malwarebytes Trojan.Emotet 20180501
MAX malware (ai score=98) 20180501
McAfee Emotet-FEC!351005B044E6 20180501
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20180425
Microsoft Trojan:Win32/Tiggre!rfn 20180501
eScan Trojan.GenericKD.30541954 20180501
NANO-Antivirus Trojan.Win32.Dovs.fadtdp 20180501
Palo Alto Networks (Known Signatures) generic.ml 20180501
Panda Trj/RnkBend.A 20180501
Qihoo-360 HEUR/QVM19.1.475B.Malware.Gen 20180501
Rising Trojan.Azden!8.F0E3 (TFE:1:t0fdECozrrQ) 20180501
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180501
Symantec Trojan.Emotet 20180501
Tencent Win32.Trojan.Dovs.Lhcy 20180501
TrendMicro TROJ_GEN.R002C0RD518 20180501
TrendMicro-HouseCall TSPY_EMOTET.SMZD33 20180501
VBA32 Trojan.Dovs 20180428
VIPRE Trojan.Win32.Generic!BT 20180501
ViRobot Trojan.Win32.Z.Highconfidence.114688 20180501
Webroot W32.Trojan.Emotet 20180501
Yandex Trojan.Dovs! 20180428
Zillya Trojan.Dovs.Win32.4398 20180430
ZoneAlarm by Check Point Trojan.Win32.Dovs.nfp 20180501
Alibaba 20180428
Avast-Mobile 20180501
Babable 20180406
Bkav 20180426
CMC 20180501
Cybereason None
DrWeb 20180501
eGambit 20180501
Jiangmin 20180501
Kingsoft 20180501
nProtect 20180501
SUPERAntiSpyware 20180501
Symantec Mobile Insight 20180501
TheHacker 20180430
TotalDefense 20180501
Trustlook 20180501
Zoner 20180430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
Internal name CompiledComposition.Microsoft.PowerShell.GPowerShell
File version 0.0.0.0
Description
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00002530
Number of sections 5
PE sections
PE imports
CryptSetProviderA
GetSecurityDescriptorLength
CryptDestroyHash
CertVerifyRevocation
CertSetCTLContextProperty
SelectObject
CreateEnhMetaFileA
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
DosDateTimeToFileTime
SetCriticalSectionSpinCount
GetConsoleOutputCP
LocalSize
GetConsoleCP
GetConsoleWindow
SetDefaultCommConfigA
SetFileApisToOEM
FlsFree
GetCurrentThread
NetShareDelSticky
CreateDispTypeInfo
SysStringByteLen
RasSetSubEntryPropertiesW
RpcServerRegisterIfEx
I_RpcSessionStrictContextHandle
RpcAsyncCancelCall
SetupPromptForDiskA
CM_Get_Next_Res_Des_Ex
SHOpenFolderAndSelectItems
SHBrowseForFolderW
ChrCmpIW
FreeContextBuffer
BlockInput
GetInputState
ChangeDisplaySettingsExA
DdeKeepStringHandle
OemToCharW
GetRawInputDeviceList
SetRect
InternetGetConnectedStateExW
ntohl
inet_addr
Ord(30)
_mktime64
OleQueryLinkFromData
PdhAddCounterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
99669494

LinkerVersion
0.2

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x2530

InitializedDataSize
104960

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1070112495

File identification
MD5 351005b044e6e53e13d99022aaa9939a
SHA1 e07a028456191fccdc9be7973c98934f76ce623b
SHA256 46ff767169904abcc746fa4f5e6c200bf84d07b8a4375b318a1836f8cf4f8287
ssdeep
3072:0ZWzdH5hoJXEkYgwVyxU1sQEnvwPpRO+JU:0Zg5A0/pioPJJ

authentihash fdf58c4844704940ffbbaaf766d93f1735509575f2a72387fdb360fa3734dbd5
imphash a3fec79ec51cb3360ca6d78db8543a39
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-04 11:41:21 UTC ( 1 year ago )
Last submission 2018-05-11 00:02:50 UTC ( 11 months, 2 weeks ago )
File names wToxf3J.exe
21363368.exe
22346408.exe
8475.exe
CompiledComposition.Microsoft.PowerShell.GPowerShell
30271960.exe
c38a6fbb4b987360e6ad05bb9605ae5cf778a343
CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
3601.exe
22079944.exe
75016.exe
3664.exe
50592.exe
30079656.exe
21359064.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!