× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c0f75dc2dc661748c0dca8f5e78d8c3c4fc04dff28860b9d07d3e11caa48238
File name: fCj0PWo.exe
Detection ratio: 49 / 66
Analysis date: 2018-10-15 10:43:53 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.48289 20181015
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181015
ALYac Trojan.GenericKDZ.48289 20181015
Antiy-AVL Trojan/Win32.Fuerboos 20181015
Arcabit Trojan.Generic.DBCA1 20181015
Avast Win32:GenMalicious-NYM [Trj] 20181015
AVG Win32:GenMalicious-NYM [Trj] 20181015
BitDefender Trojan.GenericKDZ.48289 20181015
Bkav HW32.Packed. 20181014
CAT-QuickHeal Trojan.Emotet.X4 20181013
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.ec6d04 20180225
Cylance Unsafe 20181015
Cyren W32/Emotet.HD.gen!Eldorado 20181015
DrWeb Trojan.EmotetENT.283 20181015
Emsisoft Trojan.Emotet (A) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLHZ 20181015
F-Prot W32/Emotet.HD.gen!Eldorado 20181015
F-Secure Trojan.GenericKDZ.48289 20181015
Fortinet W32/Kryptik.GLHZ!tr 20181015
GData Trojan.GenericKDZ.48289 20181015
Ikarus Trojan.Win32.Crypt 20181015
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dce 20181015
K7AntiVirus Riskware ( 0040eff71 ) 20181015
K7GW Riskware ( 0040eff71 ) 20181015
Kaspersky Trojan-Banker.Win32.Emotet.bgaz 20181015
MAX malware (ai score=99) 20181015
McAfee RDN/Generic.grp 20181015
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181015
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181015
eScan Trojan.GenericKDZ.48289 20181015
NANO-Antivirus Trojan.Win32.Emotet.firrtp 20181015
Palo Alto Networks (Known Signatures) generic.ml 20181015
Panda Trj/Genetic.gen 20181014
Qihoo-360 Win32/Trojan.428 20181015
Rising Trojan.Emotet!8.B95 (CLOUD) 20181015
Sophos AV Mal/EncPk-ANY 20181015
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181015
Symantec Trojan.Gen.2 20181015
Tencent Win32.Trojan-banker.Emotet.Wqnj 20181015
TrendMicro TSPY_EMOTET.THJODAH 20181015
TrendMicro-HouseCall TSPY_EMOTET.THJODAH 20181015
VBA32 Malware-Cryptor.Limpopo 20181015
ViRobot Trojan.Win32.Z.Symmi.139264.OY 20181015
Webroot W32.Trojan.Gen 20181015
Zillya Trojan.Emotet.Win32.4742 20181012
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bgaz 20181015
AegisLab 20181015
Alibaba 20180921
Avast-Mobile 20181015
Avira (no cloud) 20181015
Babable 20180918
Baidu 20181015
ClamAV 20181015
CMC 20181014
Comodo 20181015
eGambit 20181015
Kingsoft 20181015
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181011
TotalDefense 20181015
Trustlook 20181015
Yandex 20181012
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x00001454
Number of sections 7
PE sections
PE imports
GetTokenInformation
RegEnumValueW
WriteEncryptedFileRaw
ImpersonateAnonymousToken
SetServiceObjectSecurity
RegisterEventSourceA
OpenBackupEventLogA
RegQueryValueW
ClusterRegCloseKey
ReplaceTextW
CertGetSubjectCertificateFromStore
CertOpenSystemStoreA
CertSetEnhancedKeyUsage
JetIntersectIndexes
SetTextAlign
PlayEnhMetaFileRecord
CreatePen
GetTextColor
CreateEllipticRgn
ImmGetConversionStatus
ImmGetContext
BuildCommDCBA
GlobalGetAtomNameW
SetCurrentDirectoryW
GetThreadPriority
SizeofResource
GetTimeZoneInformation
SetSystemTime
UnregisterWait
GetNamedPipeServerProcessId
ReadFile
GetConsoleWindow
ConvertDefaultLocale
GetProcessPriorityBoost
Sleep
FlsGetValue
GetCommandLineA
PrepareTape
WriteConsoleInputW
PulseEvent
GetCurrentThread
MprConfigInterfaceTransportGetHandle
MprAdminMIBEntryGet
VarBstrFromCy
VarI2FromR8
VarCyFromR8
DispGetParam
GetCurrentPowerPolicies
RpcErrorAddRecord
SetupDiGetDeviceInterfaceDetailW
SetupGetMultiSzFieldW
SetupDiEnumDeviceInfo
SetupDefaultQueueCallbackW
SHEnumValueW
PathRemoveExtensionA
UrlGetPartW
SHReleaseThreadRef
LoadAcceleratorsA
GetCapture
CharNextExA
GetScrollInfo
SetDlgItemInt
BroadcastSystemMessageA
SetProcessDPIAware
WindowFromPoint
WinHelpA
FindWindowA
IsWindowEnabled
GetWindow
SetCursor
ActivateKeyboardLayout
PtInRect
mixerOpen
waveOutMessage
midiInOpen
GetDriverModuleHandle
waveInClose
waveInUnprepareHeader
EnumMonitorsW
CryptCATPutMemberInfo
getprotobyname
SCardSetCardTypeProviderNameA
SCardGetProviderIdW
fgetpos
isxdigit
StgCreateStorageEx
HBITMAP_UserMarshal
HMENU_UserUnmarshal
OleDestroyMenuDescriptor
OleMetafilePictFromIconAndLabel
CoFreeLibrary
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:10:31 22:05:43-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1454

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 6a8b2fa4499c0449d8171e2fba3fdc27
SHA1 5d5c20dec6d042098ba51f2053d3247fd3c6bebd
SHA256 4c0f75dc2dc661748c0dca8f5e78d8c3c4fc04dff28860b9d07d3e11caa48238
ssdeep
3072:w7VWgLil3+0QocCB/Z3p7gK39SyKjBe42:wLxtCtgKE9

authentihash 18d23a0c675c624288aea9cef062e48bfe285f3f389fc6b69dc63a97dca8e1f3
imphash 7a4931f076d6b452c12b1f32dfb43a66
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-03 08:47:42 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-05 22:34:10 UTC ( 4 months, 2 weeks ago )
File names fCj0PWo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!