× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a1385a61deaac0a6f925609225fd4efc22c1331d41a43481f75f3b915e3025a
File name: 9JBTS8onb
Detection ratio: 48 / 67
Analysis date: 2018-12-05 17:12:02 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.OU 20181205
AegisLab Trojan.Win32.Emotet.4!c 20181205
AhnLab-V3 Trojan/Win32.Emotet.R246574 20181205
ALYac Trojan.Agent.Emotet 20181205
Arcabit Trojan.Emotet.OU 20181205
Avast Win32:BankerX-gen [Trj] 20181205
AVG Win32:BankerX-gen [Trj] 20181205
Avira (no cloud) HEUR/AGEN.1037186 20181205
BitDefender Trojan.Emotet.OU 20181205
CAT-QuickHeal Trojan.Fuerboos 20181205
ClamAV Win.Trojan.Emotet-6748800-0 20181203
Comodo Malware@#1buppzunt6mdi 20181205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181205
Cyren W32/Trojan.SPRQ-7131 20181205
DrWeb Trojan.EmotetENT.311 20181205
Emsisoft Trojan.Emotet.OU (B) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNFE 20181205
F-Prot W32/Emotet.JZ.gen!Eldorado 20181205
F-Secure Trojan.Emotet.OU 20181205
Fortinet W32/Kryptik.GMOJ!tr 20181205
GData Win32.Trojan-Spy.Emotet.TS 20181205
Ikarus Trojan-Banker.Emotet 20181205
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005425301 ) 20181205
K7GW Trojan ( 005425301 ) 20181205
Kaspersky Trojan-Banker.Win32.Emotet.brzx 20181205
Malwarebytes Trojan.Emotet 20181205
McAfee Emotet-FJR!786C28DD7180 20181205
McAfee-GW-Edition Emotet-FJR!786C28DD7180 20181205
Microsoft Trojan:Win32/Emotet.AC!bit 20181205
eScan Trojan.Emotet.OU 20181205
NANO-Antivirus Trojan.Win32.Emotet.fkrnbk 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181205
Panda Trj/RnkBend.A 20181205
Qihoo-360 Win32/Trojan.d77 20181205
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-AMI 20181205
Symantec Trojan.Gen.2 20181205
Trapmine malicious.high.ml.score 20181128
TrendMicro TSPY_EMOTET.THAABHAH 20181205
TrendMicro-HouseCall TSPY_EMOTET.THAABHAH 20181205
VBA32 Trojan.Emotet 20181205
ViRobot Trojan.Win32.S.Agent.176128.AWF 20181205
Webroot W32.Rimecud.Gen 20181205
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.brzx 20181205
Alibaba 20180921
Antiy-AVL 20181205
Avast-Mobile 20181205
Babable 20180918
Baidu 20181205
Bkav 20181203
CMC 20181204
eGambit 20181205
Jiangmin 20181205
Kingsoft 20181205
MAX 20181205
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
Tencent 20181205
TheHacker 20181202
Trustlook 20181205
Yandex 20181204
Zillya 20181204
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 Nexon Corp.

Product NexonMessenger Game Service
Original name nmcogame.dll
Internal name nmcogame
File version 2, 5, 24, 0
Description NexonMessenger Game Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-12-08 17:15:52
Entry Point 0x000016EE
Number of sections 8
PE sections
PE imports
LookupAccountSidA
AllocateLocallyUniqueId
GetViewportExtEx
OffsetRgn
WidenPath
ColorCorrectPalette
OpenMutexA
DosDateTimeToFileTime
GetConsoleFontSize
GetCommandLineW
GetConsoleDisplayMode
GetFileType
GetUserDefaultLCID
WinExec
GetCurrentThread
VarUI2FromBool
IsClipboardFormatAvailable
LockSetForegroundWindow
CountClipboardFormats
GetMenuInfo
DdeAddData
CloseDesktop
DdeGetData
DestroyCursor
AddClipboardFormatListener
GetMessageW
NotifyWinEvent
GetClipboardSequenceNumber
CopyStgMedium
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KOREAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.5.24.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
NexonMessenger Game Service

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x16ee

OriginalFileName
nmcogame.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 Nexon Corp.

FileVersion
2, 5, 24, 0

TimeStamp
1994:12:08 09:15:52-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
nmcogame

ProductVersion
2, 5, 24, 0

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nexon Corp.

CodeSize
8192

ProductName
NexonMessenger Game Service

ProductVersionNumber
2.5.24.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 786c28dd71807e8e9defa0f357965a46
SHA1 8ac1279afd99e6f1f4118e2ea30e8cb452ba3694
SHA256 4a1385a61deaac0a6f925609225fd4efc22c1331d41a43481f75f3b915e3025a
ssdeep
3072:jEdgVlp9WFeBMYdElSKbBSkYlFI2zTWrcjgvyq8sAV:QgfjtBMYdtlaATDjgvv8

authentihash dee20bb0419ad88810accad6adb6ca0b315a583260e017fdf7e026da556dba8e
imphash 387ad8d44af73e28bf615733e1fbe3ed
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-27 16:03:49 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-27 16:46:36 UTC ( 2 months, 3 weeks ago )
File names nmcogame.dll
GMuok0WKVvsm.exe
xwPPIJmPP4.exe
4aZUsGPbYQW9.exe
wXrK45eIC.exe
7cSJ4o7NfXD.exe
bj2iHH8mpJL.exe
58PQ27gAJS.exe
0xVOyVJsK.exe
oBuaVZwxT.exe
elementsame.exe
nmcogame
R6zy3Ieox4.exe
hxXAOxCtjQlkBvxS5d.exe
pwdavi.exe
NDJakM7X2.exe
cbgndmtpbt.exe
sddlpass.exe
extplain.exe
lHSy1NWI.exe
knownplain.exe
9JBTS8onb
INJFSclZcY.exe
wbo.exe
j2f0p43z8yB.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!