× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47d593ff70a0ccd6c5b762ce5397323ca2c2c8b12c5c27ae6dee8ebabbba0bcc
File name: 47d593ff70a0ccd6c5b762ce5397323ca2c2c8b12c5c27ae6dee8ebabbba0bcc
Detection ratio: 14 / 64
Analysis date: 2019-03-10 18:09:14 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
AegisLab Hacktool.Win32.Krap.lKMc 20190310
CMC Trojan.Win32.Swizzor.1!O 20190310
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CPES 20190310
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Fuerboos.C!cl 20190307
Palo Alto Networks (Known Signatures) generic.ml 20190310
Qihoo-360 HEUR/QVM20.1.C13B.Malware.Gen 20190310
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgILWWOoyvTzUw) 20190310
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.TrojanBanker.Chthonic 20190307
Ad-Aware 20190310
AhnLab-V3 20190310
Alibaba 20190306
ALYac 20190310
Antiy-AVL 20190310
Arcabit 20190310
Avast 20190310
Avast-Mobile 20190310
AVG 20190310
Avira (no cloud) 20190310
Babable 20180918
Baidu 20190306
BitDefender 20190310
Bkav 20190308
CAT-QuickHeal 20190310
ClamAV 20190310
Comodo 20190310
Cybereason 20190109
Cyren 20190310
DrWeb 20190310
eGambit 20190310
Emsisoft 20190310
F-Secure 20190310
Fortinet 20190310
GData 20190310
Ikarus 20190310
Jiangmin 20190310
K7AntiVirus 20190310
K7GW 20190310
Kaspersky 20190310
Kingsoft 20190310
Malwarebytes 20190310
MAX 20190310
McAfee 20190310
McAfee-GW-Edition 20190310
eScan 20190310
NANO-Antivirus 20190310
Panda 20190310
Sophos AV 20190310
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190310
Tencent 20190310
TheHacker 20190308
TotalDefense 20190310
TrendMicro-HouseCall 20190310
Trustlook 20190310
ViRobot 20190310
Yandex 20190310
ZoneAlarm by Check Point 20190310
Zoner 20190310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Support.com

Product SUPERAntiSpyware
Original name sas_enum_cookies.exe
Internal name sas_enum_cookies
File version 5, 6, 0, 1030
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:27 PM 3/12/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-10 17:57:42
Entry Point 0x00001690
Number of sections 4
PE sections
Overlays
MD5 11dcca836af4e4851b1ffa3ef2a3e0ad
File type data
Offset 331264
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
GetTokenInformation
RegEnumValueW
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
AllocateAndInitializeSid
RegQueryValueExW
InitCommonControlsEx
PropertySheetW
CreatePatternBrush
DeleteEnhMetaFile
BRUSHOBJ_hGetColorTransform
CloseFigure
RestoreDC
DeleteObject
GetNearestPaletteIndex
BitBlt
SaveDC
GdiConvertMetaFilePict
IntersectClipRect
GetClipBox
SetBkColor
GetObjectType
GetVolumePathNameW
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
PurgeComm
lstrlen
BindIoCompletionCallback
HeapDestroy
SignalObjectAndWait
SetConsoleCursorPosition
GetFileAttributesW
GetCommandLineW
GetPrivateProfileStructW
GetVolumePathNamesForVolumeNameW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InterlockedDecrement
GlobalFindAtomW
GetModuleFileNameW
TryEnterCriticalSection
BeginUpdateResourceA
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GlobalUnfix
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetModuleHandleA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
ClearCommError
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
GlobalAlloc
RtlZeroMemory
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
MulDiv
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
DosDateTimeToFileTime
GetWindowsDirectoryW
GetFileSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
CompareStringW
lstrcpyW
RemoveDirectoryW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GlobalLock
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
ReadConsoleOutputAttribute
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetAtomNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
EnumSystemLocalesW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCompressedFileSizeW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
UnhandledExceptionFilter
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
SizeofResource
lstrcmpiW
IsValidCodePage
HeapCreate
WriteFile
VirtualQuery
VirtualFree
Sleep
OpenSemaphoreW
VirtualAlloc
ShellAboutA
DragQueryFileW
SHGetFolderPathW
SHGetFileInfo
SHIsFileAvailableOffline
ShellExecuteW
SHGetSettings
SHGetSpecialFolderPathA
SHFileOperationW
ShellExecuteExW
SHAppBarMessage
ShellAboutW
CommandLineToArgvW
SHFileOperationA
StrCmpNIW
PathCombineW
SHDeleteKeyW
StrRChrW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrCmpNA
StrStrW
StrChrA
StrRStrIW
SHGetValueW
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
IsWindowUnicode
GetParent
EndDialog
BeginPaint
HideCaret
OffsetRect
MessageBoxTimeoutW
PostQuitMessage
ShowWindow
SetWindowPos
GetListBoxInfo
SetWindowLongW
GetMessageTime
EndPaint
OpenIcon
ReleaseCapture
DialogBoxParamW
GetMessageExtraInfo
LoadIconW
CharNextW
IsWindowEnabled
PostMessageW
GetSysColor
GetDC
ReleaseDC
GetDoubleClickTime
SendMessageW
EndMenu
GetWindowLongW
DlgDirSelectExW
SetWindowTextW
CloseWindow
GetDlgItem
DrawMenuBar
SystemParametersInfoW
IsCharAlphaNumericW
MonitorFromWindow
InSendMessage
CloseWindowStation
InvalidateRect
IsClipboardFormatAvailable
CreateMenu
IsCharUpperA
ToAscii
FillRect
LoadStringW
GetWindowRect
IsDlgButtonChecked
CloseDesktop
ChangeDisplaySettingsExW
GetDialogBaseUnits
IsMenu
GetFocus
MsgWaitForMultipleObjects
EnableWindow
DrawTextW
DestroyWindow
WindowFromDC
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.0.1030

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
218112

EntryPoint
0x1690

OriginalFileName
sas_enum_cookies.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Support.com

FileVersion
5, 6, 0, 1030

TimeStamp
2019:03:10 18:57:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sas_enum_cookies

ProductVersion
5, 6, 0, 1030

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Support.com

CodeSize
112128

ProductName
SUPERAntiSpyware

ProductVersionNumber
5.6.0.1030

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0ef55ecf0bbf949546a49e1271a23a01
SHA1 31ed3c64381f1ca46a574b5be49da0c4a98ee048
SHA256 47d593ff70a0ccd6c5b762ce5397323ca2c2c8b12c5c27ae6dee8ebabbba0bcc
ssdeep
6144:xdwL7EbQf/2kAnKFUfd8CX0KLk368xfMX:xuGQWkXFwSpKL/8xW

authentihash b1e1f6ed875e6767ced4cf30030075ac5d0394b83521c70079556e97b85f60cd
imphash e5afaabd6b608fd655a2745578d69b5c
File size 326.8 KB ( 334600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-10 18:09:14 UTC ( 1 month, 1 week ago )
Last submission 2019-03-12 02:07:28 UTC ( 1 month, 1 week ago )
File names sas_enum_cookies
sas_enum_cookies.exe
emotet_e1_47d593ff70a0ccd6c5b762ce5397323ca2c2c8b12c5c27ae6dee8ebabbba0bcc_2019-03-10__180502.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections