× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47ce4a3551cfd77c69cb0615b6e3a40f78a57f8321477654dd6b06512070f1ae
File name: E5fD.exe
Detection ratio: 33 / 69
Analysis date: 2018-09-26 20:04:53 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40521668 20180926
AhnLab-V3 Trojan/Win32.Emotet.R238084 20180926
ALYac Trojan.GenericKD.40521668 20180926
Avast Win32:Malware-gen 20180926
AVG Win32:Malware-gen 20180926
BitDefender Trojan.GenericKD.40521668 20180926
CAT-QuickHeal Trojan.Emotet.X4 20180926
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cylance Unsafe 20180926
Cyren W32/Trojan.PIVD-7305 20180926
Emsisoft Trojan.GenericKD.40521668 (B) 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLBR 20180926
F-Secure Trojan.GenericKD.40521668 20180926
GData Trojan.GenericKD.40521668 20180926
Ikarus Trojan-Banker.Emotet 20180926
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.beta 20180926
Malwarebytes Trojan.Emotet 20180926
McAfee RDN/Generic.hra 20180926
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm 20180926
Microsoft Trojan:Win32/Emotet.AC!bit 20180926
eScan Trojan.GenericKD.40521668 20180926
Palo Alto Networks (Known Signatures) generic.ml 20180926
Panda Trj/Emotet.C 20180926
Qihoo-360 HEUR/QVM20.1.1A43.Malware.Gen 20180926
Rising Trojan.Emotet!8.B95 (CLOUD) 20180926
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20180926
Symantec Packed.Generic.517 20180926
TrendMicro-HouseCall TROJ_GEN.R020H05IP18 20180926
VBA32 Malware-Cryptor.Limpopo 20180926
Webroot W32.Trojan.Emotet 20180926
AegisLab 20180926
Alibaba 20180921
Antiy-AVL 20180926
Arcabit 20180926
Avast-Mobile 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
Bkav 20180925
ClamAV 20180926
CMC 20180926
Comodo 20180926
Cybereason 20180225
DrWeb 20180926
eGambit 20180926
F-Prot 20180926
Fortinet 20180926
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kingsoft 20180926
MAX 20180926
NANO-Antivirus 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180926
Trustlook 20180926
VIPRE 20180926
ViRobot 20180926
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name bjOLk32lkjrw.
Internal name WOLhw;bjOLk32lkjrw;
File version 6.1.7600.16385 (win7_rtm.090713-1255
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-25 12:45:30
Entry Point 0x0002E676
Number of sections 5
PE sections
PE imports
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
QueryUsersOnEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
HeapCompact
DecodePointer
GetModuleHandleA
CreatePipe
GetSystemDefaultLCID
SetProcessShutdownParameters
UnlockFileEx
GetSystemTimes
FillConsoleOutputCharacterW
GetSystemPowerStatus
SetFileBandwidthReservation
CompareStringA
MprAdminInterfaceTransportRemove
MprAdminInterfaceDisconnect
MprConfigInterfaceTransportSetInfo
NetApiBufferSize
SafeArrayCopy
glEvalMesh1
RpcBindingSetAuthInfoW
SetupDiClassNameFromGuidExW
SetupDiSetDeviceInstallParamsA
StrRChrIW
UrlEscapeW
ToUnicodeEx
CharPrevA
BeginDeferWindowPos
SendDlgItemMessageA
RealGetWindowClassW
DrawIconEx
LoadCursorFromFileA
InsertMenuW
PtInRect
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryW
InternetReadFileExA
waveOutSetVolume
mmioWrite
Ord(30)
iswascii
localeconv
StgOpenStorageEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
30720

EntryPoint
0x2e676

OriginalFileName
bjOLk32lkjrw.

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255

TimeStamp
2018:09:25 14:45:30+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
WOLhw;bjOLk32lkjrw;

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
192512

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3135be2c48f42ef0f3540f7434eb9f39
SHA1 6c8773fd797cad0e05ee4c27658d484576bca4f4
SHA256 47ce4a3551cfd77c69cb0615b6e3a40f78a57f8321477654dd6b06512070f1ae
ssdeep
3072:ab0BcuL3AMlr3PVCqOQIr4gmKvbMp3a7Bw:fhkMd3PVS14g1ma7B

authentihash 30f95e7b02deffc3f57479609db3ab705958a61eac2dd825da53b2a54e82c386
imphash 53c073c34c24e5ab0282567c55fadb5b
File size 213.5 KB ( 218624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-25 12:56:19 UTC ( 3 months, 4 weeks ago )
Last submission 2018-09-25 12:56:19 UTC ( 3 months, 4 weeks ago )
File names bjOLk32lkjrw.
WOLhw;bjOLk32lkjrw;
E5fD.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!