× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e852f5d5cb8444e3a1d88fc0a574072109a2d495504020fc275d582c0b3ec1e
File name: Emulator
Detection ratio: 36 / 68
Analysis date: 2018-10-14 03:11:51 UTC ( 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40588852 20181014
AhnLab-V3 Malware/Win32.Generic.C2753080 20181013
ALYac Trojan.GenericKD.40588852 20181014
Antiy-AVL Trojan/Win32.AGeneric 20181014
Arcabit Trojan.Generic.D26B5634 20181014
Avast Win32:Malware-gen 20181014
AVG Win32:Malware-gen 20181014
BitDefender Trojan.GenericKD.40588852 20181014
Cylance Unsafe 20181014
Cyren W32/Trojan.ZYGQ-8189 20181014
DrWeb Trojan.PWS.Stealer.24791 20181014
Emsisoft Trojan.GenericKD.40588852 (B) 20181014
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/Spy.Agent.PNJ 20181014
Fortinet W32/Agent.PNJ!tr 20181014
GData Trojan.GenericKD.40588852 20181014
Ikarus Trojan-Banker.Ramnit 20181013
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.crpif 20181014
K7AntiVirus Spyware ( 0053e2c11 ) 20181014
K7GW Spyware ( 0053e2c11 ) 20181013
Kaspersky Trojan.Win32.Agentb.jfql 20181014
McAfee Artemis!0EACA5CB55E7 20181014
McAfee-GW-Edition BehavesLike.Win32.PUPXEU.cc 20181014
Microsoft Trojan:Win32/Occamy.C 20181013
eScan Trojan.GenericKD.40588852 20181014
NANO-Antivirus Trojan.Win32.Stealer.fizpgf 20181014
Palo Alto Networks (Known Signatures) generic.ml 20181014
Panda Trj/CI.A 20181013
Qihoo-360 Win32/Trojan.e6d 20181014
Sophos AV Mal/Generic-S 20181014
Symantec Trojan.Gen.2 20181012
VBA32 BScope.TrojanSpy.Stealer 20181012
VIPRE Win32.Malware!Drop 20181013
Webroot W32.Adware.Installcore 20181014
ZoneAlarm by Check Point Trojan.Win32.Agentb.jfql 20181014
AegisLab 20181014
Alibaba 20180921
Avast-Mobile 20181013
Avira (no cloud) 20181013
Babable 20180918
Baidu 20181012
Bkav 20181013
CAT-QuickHeal 20181013
ClamAV 20181013
CMC 20181013
Comodo 20181014
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20181014
F-Prot 20181014
F-Secure 20181014
Kingsoft 20181014
Malwarebytes 20181014
MAX 20181014
Rising 20181012
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181013
Symantec Mobile Insight 20181001
TACHYON 20181014
Tencent 20181014
TheHacker 20181011
TotalDefense 20181013
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181014
ViRobot 20181013
Yandex 20181012
Zillya 20181012
Zoner 20181013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©TODO: <Company name> 2016 All rights reserved.

Product Emulator
Internal name Emulator
File version 4.3.66.5
Description Navigator Establish Debugger Chesin Internet2
Comments Navigator Establish Debugger Chesin Internet2
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-08 13:19:16
Entry Point 0x00048330
Number of sections 3
PE sections
PE imports
Ord(412)
Escape
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
OleCreatePictureIndirect
SHBrowseForFolderA
StrCmpNIA
OpenThemeData
FtpCommandA
mmioClose
connect
StgOpenStorage
Number of PE resources by type
RT_BITMAP 12
RT_ICON 6
PNG 6
RT_GROUP_CURSOR 5
RT_RCDATA 4
RT_CURSOR 3
RT_DIALOG 2
TXT 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 45
PE resources
ExifTool file metadata
CodeSize
139264

SubsystemVersion
5.0

Comments
Navigator Establish Debugger Chesin Internet2

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.66.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Navigator Establish Debugger Chesin Internet2

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
57344

EntryPoint
0x48330

MIMEType
application/octet-stream

LegalCopyright
Copyright TODO: <Company name> 2016 All rights reserved.

FileVersion
4.3.66.5

TimeStamp
2018:10:08 14:19:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Emulator

ProductVersion
4.3.66.5

UninitializedDataSize
155648

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

LegalTrademarks
Copyright TODO: <Company name> 2016 All rights reserved.

ProductName
Emulator

ProductVersionNumber
4.3.66.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0eaca5cb55e7d24ef5b7fd0dbb467535
SHA1 b55249add6bfef48e1c0b7569acebef48d0cab8c
SHA256 4e852f5d5cb8444e3a1d88fc0a574072109a2d495504020fc275d582c0b3ec1e
ssdeep
3072:/belNo3X3sDEPpBjlHxFTxULS9s1UrkSih63mw1fe:/wq3X8QPpziLws2kqu

authentihash d4845d89197f705dcc9bee8b7844b487d6a689ffb361726a379c10d0c720ec83
imphash 5b70a8f05f51274c916aca0d090365ee
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (38.4%)
UPX compressed Win32 Executable (37.6%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-08 20:52:49 UTC ( 1 week, 4 days ago )
Last submission 2018-10-14 03:11:51 UTC ( 6 days ago )
File names Emulator
IC-0.7ACA390109888C.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections