× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b689227af501bb
File name: emotet_e1_49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b6892...
Detection ratio: 38 / 66
Analysis date: 2019-03-15 17:39:47 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Agent.DRNE 20190315
AhnLab-V3 Malware/Win32.Trojanspy.C3093878 20190315
ALYac Trojan.Agent.DRNE 20190315
Arcabit Trojan.Agent.DRNE 20190315
Avast Win32:BankerX-gen [Trj] 20190315
AVG Win32:BankerX-gen [Trj] 20190315
BitDefender Trojan.Agent.DRNE 20190315
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.825ce4 20190109
Cyren W32/Trojan.KGJN-0629 20190315
DrWeb Trojan.DownLoader27.33753 20190315
Emsisoft Trojan.Agent.DRNE (B) 20190315
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPCF 20190315
Fortinet W32/Kryptik.GPCF!tr 20190315
GData Trojan.Agent.DRNE 20190315
Ikarus Trojan-Banker.Emotet 20190315
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 005469181 ) 20190315
K7GW Trojan ( 005469181 ) 20190315
Kaspersky Trojan-Banker.Win32.Emotet.cnry 20190315
MAX malware (ai score=100) 20190315
McAfee Emotet-FMI!B6C4DBD825CE 20190315
McAfee-GW-Edition Artemis!Trojan 20190315
Microsoft Trojan:Win32/Emotet.AC!bit 20190315
eScan Trojan.Agent.DRNE 20190315
Palo Alto Networks (Known Signatures) generic.ml 20190315
Panda Trj/GdSda.A 20190315
Qihoo-360 HEUR/QVM20.1.D785.Malware.Gen 20190315
Rising Trojan.Kryptik!8.8 (TFE:3:ZX5GbKnV1a) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Tencent Win32.Trojan.Falsesign.Phge 20190315
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.Malware-Cryptor.Emotet 20190315
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cnry 20190315
AegisLab 20190315
Alibaba 20190306
Antiy-AVL 20190315
Avast-Mobile 20190315
Avira (no cloud) 20190315
Babable 20180918
Baidu 20190306
Bkav 20190314
CAT-QuickHeal 20190315
ClamAV 20190315
CMC 20190315
Comodo 20190315
eGambit 20190315
F-Prot 20190315
F-Secure 20190315
Jiangmin 20190315
Kingsoft 20190315
Malwarebytes 20190315
NANO-Antivirus 20190315
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
ViRobot 20190315
Yandex 20190315
Zillya 20190315
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product HTML Help
Original name HH.exe
Internal name HH 1.41
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft® HTML Help Executable
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:39 PM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-14 13:38:52
Entry Point 0x00001A70
Number of sections 4
PE sections
Overlays
MD5 ffdd0a28da18fd2dc3e28a65a63f9352
File type data
Offset 181760
Size 3336
Entropy 7.33
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
HeapAlloc
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
HeapSize
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
GetACP
FindFirstFileExW
GetStringTypeW
GetModuleHandleW
GetOEMCP
LocalFree
TerminateProcess
ResumeThread
TlsGetValue
GetModuleHandleExW
IsValidCodePage
OpenEventW
CreateFileW
CreateProcessW
FindClose
IsDebuggerPresent
GetFileType
TlsSetValue
CloseHandle
EncodePointer
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
SendDlgItemMessageA
CharNextExA
DdeCreateStringHandleA
MessageBoxW
PeekMessageA
EnableMenuItem
DispatchMessageA
GetTopWindow
TranslateAccelerator
CreateIconFromResource
GetSystemMenu
CreateDialogParamA
GetDCEx
GetMessageTime
InvalidateRgn
FlashWindow
DestroyWindow
Number of PE resources by type
RT_ICON 3
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft HTML Help Executable

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
58880

EntryPoint
0x1a70

OriginalFileName
HH.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:14 14:38:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HH 1.41

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
121856

ProductName
HTML Help

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b6c4dbd825ce4b202f94f0d8ffce0620
SHA1 8f756c78071889609a5c304ee8f70aab0292981d
SHA256 49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b689227af501bb
ssdeep
3072:JImQgNtmlphxLDTMcbHjqgm3BS8DVMkyXBe1UmyB:JImQg/gp3TPDrm3Bp8Re1q

authentihash ce77168ebbdfc3371c1eb9725de3985671df7e2e7e2a7008596f76410874ab21
imphash ce63d741dd5e16eba5e79ab5d6d789d0
File size 180.8 KB ( 185096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-14 13:43:46 UTC ( 1 month ago )
Last submission 2019-03-15 06:20:59 UTC ( 1 month ago )
File names HH.exe
emotet_e1_49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b689227af501bb_2019-03-14__134505.exe_
HH 1.41
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections