× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 4a695300eed53ef703282ff8b25c662c83eca283a183716d4e3751848fd82140
File name: .
Detection ratio: 50 / 68
Analysis date: 2018-09-11 12:42:00 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31162176 20180911
AhnLab-V3 Trojan/Win32.Emotet.R233699 20180911
ALYac Trojan.Agent.Emotet 20180911
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180911
Arcabit Trojan.Autoruns.GenericS.D1DB7F40 20180911
Avast Win32:BankerX-gen [Trj] 20180911
AVG Win32:BankerX-gen [Trj] 20180911
Avira (no cloud) HEUR/AGEN.1034429 20180911
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180910
BitDefender Trojan.Autoruns.GenericKDS.31162176 20180911
CAT-QuickHeal Trojan.Emotet.X4 20180909
ClamAV Win.Trojan.Agent-6641241-0 20180911
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.08c2e7 20180225
Cylance Unsafe 20180911
Cyren W32/Trojan.CAKD-0759 20180911
DrWeb Trojan.EmotetENT.265 20180911
Emsisoft Trojan.Autoruns.GenericKDS.31162176 (B) 20180911
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJWS 20180911
F-Secure Trojan.Autoruns.GenericKDS.31162176 20180911
Fortinet W32/GenKryptik.CHQW!tr 20180911
GData Trojan.Autoruns.GenericKDS.31162176 20180911
Ikarus Trojan-Banker.Emotet 20180911
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.cdp 20180911
K7AntiVirus Riskware ( 0040eff71 ) 20180911
K7GW Riskware ( 0040eff71 ) 20180911
Kaspersky Trojan-Banker.Win32.Emotet.bamn 20180911
Malwarebytes Trojan.Emotet 20180911
McAfee RDN/Generic.dx 20180911
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180910
Microsoft Trojan:Win32/Emotet.AC!bit 20180911
eScan Trojan.Autoruns.GenericKDS.31162176 20180911
Palo Alto Networks (Known Signatures) generic.ml 20180911
Panda Trj/Genetic.gen 20180910
Qihoo-360 Win32/Trojan.c84 20180911
Rising Malware.Heuristic.MLite(100%) (AI-LITE) 20180911
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180911
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180907
Symantec Trojan.Emotet 20180911
TACHYON Trojan/W32.Agent.163840.CUC 20180911
Tencent Win32.Trojan-banker.Emotet.Lkdt 20180911
TrendMicro TSPY_EMOTET.THHAOAH 20180911
TrendMicro-HouseCall TSPY_EMOTET.THHAOAH 20180911
VBA32 BScope.Trojan.Emotet 20180911
ViRobot Trojan.Win32.Z.Agent.163840.BYZ 20180911
Webroot W32.Trojan.Emotet 20180911
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bamn 20180911
AegisLab 20180911
Alibaba 20180713
Avast-Mobile 20180911
AVware 20180911
Babable 20180907
Bkav 20180911
CMC 20180911
Comodo 20180911
eGambit 20180911
F-Prot 20180911
Kingsoft 20180911
MAX 20180911
NANO-Antivirus 20180911
Symantec Mobile Insight 20180905
TheHacker 20180907
TotalDefense 20180911
Trustlook 20180911
VIPRE 20180911
Yandex 20180910
Zillya 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-09 14:00:14
Entry Point 0x00001864
Number of sections 6
PE sections
PE imports
[+] ADVAPI32.dll
GetSidSubAuthority
[+] GDI32.dll
GetObjectType
CreateBitmapIndirect
GetPixel
EndPage
DeleteDC
[+] KERNEL32.dll
GetSystemTime
ReleaseSemaphore
GlobalFree
TryEnterCriticalSection
CreateMemoryResourceNotification
CreateHardLinkW
IsProcessorFeaturePresent
GetCommandLineA
GetStringTypeW
AllocateUserPhysicalPagesNuma
GetThreadLocale
[+] SHLWAPI.dll
Ord(29)
[+] USER32.dll
GetNextDlgTabItem
TrackPopupMenu
GetTitleBarInfo
SetForegroundWindow
PhysicalToLogicalPoint
ChildWindowFromPoint
GetMenuCheckMarkDimensions
GetMessageTime
CharUpperA
[+] WINMM.dll
waveInGetDevCapsA
mmioOpenA
[+] WS2_32.dll
setsockopt
Number of PE resources by type
RT_BITMAP 13
RT_STRING 13
Number of PE resources by language
NEUTRAL 19
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:09 07:00:14-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1864

InitializedDataSize
151552

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 3a418729ec1efd80a915f70f1e2b0620
SHA1 9c55ec608c2e7f574685a82987efb71d5c16bf7f
SHA256 4a695300eed53ef703282ff8b25c662c83eca283a183716d4e3751848fd82140
ssdeep
3072:8zR5bvXrMkkfDlYYu2PrOtViHyzycHdSwUR3VL42:gRZIkoGYNzvSzy

authentihash 47ae754f9343f098a93f811047ce6283f1420aca880d66dd5bce44a18c9f3db4
imphash e46fe3acb29e8f125c7940d28b5f82de
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-09 14:06:46 UTC ( 6 months, 1 week ago )
Last submission 2018-08-09 19:26:40 UTC ( 6 months, 1 week ago )
File names 13099720.exe
21030832.exe
.
31843808.exe
27910800.exe
34203320.exe
xinputputil.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy