× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e852f5d5cb8444e3a1d88fc0a574072109a2d495504020fc275d582c0b3ec1e
File name: Emulator
Detection ratio: 49 / 70
Analysis date: 2018-12-10 10:07:28 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40588852 20181210
AhnLab-V3 Malware/Win32.Generic.C2753080 20181210
ALYac Trojan.GenericKD.40588852 20181210
Antiy-AVL Trojan/Win32.AGeneric 20181210
Arcabit Trojan.Generic.D26B5634 20181210
Avast Win32:Malware-gen 20181210
AVG Win32:Malware-gen 20181210
Avira (no cloud) TR/Spy.Agent.eip 20181209
BitDefender Trojan.GenericKD.40588852 20181210
CAT-QuickHeal Trojan.IGENERIC 20181210
Comodo Packed.Win32.MUPX.Gen@24tbus 20181210
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181210
Cyren W32/Downloader.EHNQ-8071 20181210
DrWeb Trojan.PWS.Stealer.24791 20181210
Emsisoft Trojan.GenericKD.40588852 (B) 20181210
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Spy.Agent.PNJ 20181210
F-Prot W32/Downldr2.JAAH 20181210
F-Secure Trojan.GenericKD.40588852 20181210
Fortinet W32/Agent.PNJ!tr 20181210
GData Win32.Packed.Kryptik.F0UOEH 20181210
Ikarus Trojan-Banker.UrSnif 20181209
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.crpif 20181210
K7AntiVirus Spyware ( 0053e2c11 ) 20181210
K7GW Spyware ( 0053e2c11 ) 20181210
Kaspersky Trojan.Win32.Agentb.jfql 20181210
McAfee RDN/Generic PWS.y 20181210
McAfee-GW-Edition BehavesLike.Win32.Dropper.cc 20181210
Microsoft TrojanSpy:Win32/Aenjaris!bit 20181210
eScan Trojan.GenericKD.40588852 20181210
NANO-Antivirus Trojan.Win32.Stealer.fizpgf 20181210
Palo Alto Networks (Known Signatures) generic.ml 20181210
Panda Trj/WLT.D 20181209
Qihoo-360 Win32/Trojan.e6d 20181210
Rising Trojan.Win32.Generic.1A0BE700 (RDM+:cmRtazrKhLr98Feuszo2N7Ub3eeu) 20181210
Sophos AV Mal/Generic-L 20181210
Symantec ML.Attribute.HighConfidence 20181209
Tencent Win32.Trojan.Agentb.Jcu 20181210
Trapmine suspicious.low.ml.score 20181205
TrendMicro TROJ_GEN.R002C0WJD18 20181210
TrendMicro-HouseCall TROJ_GEN.R002C0WJD18 20181210
VBA32 BScope.TrojanSpy.Stealer 20181207
VIPRE Win32.Malware!Drop 20181209
Webroot W32.Adware.Installcore 20181210
Yandex Trojan.Agentb!LiUslr0eUls 20181207
Zillya Trojan.Generic.Win32.174344 20181208
ZoneAlarm by Check Point Trojan.Win32.Agentb.jfql 20181210
AegisLab 20181210
Alibaba 20180921
Avast-Mobile 20181209
Babable 20180918
Baidu 20181207
Bkav 20181208
ClamAV 20181210
CMC 20181209
Cybereason 20180225
eGambit 20181210
Kingsoft 20181210
Malwarebytes 20181210
MAX 20181210
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181210
TheHacker 20181202
TotalDefense 20181209
Trustlook 20181210
ViRobot 20181209
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©TODO: <Company name> 2016 All rights reserved.

Product Emulator
Internal name Emulator
File version 4.3.66.5
Description Navigator Establish Debugger Chesin Internet2
Comments Navigator Establish Debugger Chesin Internet2
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-08 13:19:16
Entry Point 0x00048330
Number of sections 3
PE sections
PE imports
Ord(412)
Escape
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
OleCreatePictureIndirect
SHBrowseForFolderA
StrCmpNIA
OpenThemeData
FtpCommandA
mmioClose
connect
StgOpenStorage
Number of PE resources by type
RT_BITMAP 12
RT_ICON 6
PNG 6
RT_GROUP_CURSOR 5
RT_RCDATA 4
RT_CURSOR 3
RT_DIALOG 2
TXT 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 45
PE resources
ExifTool file metadata
CodeSize
139264

SubsystemVersion
5.0

Comments
Navigator Establish Debugger Chesin Internet2

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.66.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Navigator Establish Debugger Chesin Internet2

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
57344

EntryPoint
0x48330

MIMEType
application/octet-stream

LegalCopyright
Copyright TODO: <Company name> 2016 All rights reserved.

FileVersion
4.3.66.5

TimeStamp
2018:10:08 14:19:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Emulator

ProductVersion
4.3.66.5

UninitializedDataSize
155648

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

LegalTrademarks
Copyright TODO: <Company name> 2016 All rights reserved.

ProductName
Emulator

ProductVersionNumber
4.3.66.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0eaca5cb55e7d24ef5b7fd0dbb467535
SHA1 b55249add6bfef48e1c0b7569acebef48d0cab8c
SHA256 4e852f5d5cb8444e3a1d88fc0a574072109a2d495504020fc275d582c0b3ec1e
ssdeep
3072:/belNo3X3sDEPpBjlHxFTxULS9s1UrkSih63mw1fe:/wq3X8QPpziLws2kqu

authentihash d4845d89197f705dcc9bee8b7844b487d6a689ffb361726a379c10d0c720ec83
imphash 5b70a8f05f51274c916aca0d090365ee
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (38.4%)
UPX compressed Win32 Executable (37.6%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-08 20:52:49 UTC ( 2 months, 1 week ago )
Last submission 2018-10-14 03:11:51 UTC ( 2 months ago )
File names Emulator
IC-0.7ACA390109888C.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections