× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f1485fe40ad2c4b2dbac87e895550baa915f10d56b5319d24377cb8b3fe4520
File name: 4f1485fe40ad2c4b2dbac87e895550baa915f10d56b5319d24377cb8b3fe4520
Detection ratio: 50 / 69
Analysis date: 2019-01-24 11:08:31 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190124
Ad-Aware Trojan.GenericKD.31545198 20190124
AegisLab Trojan.Win32.Emotet.4!c 20190124
AhnLab-V3 Malware/Gen.Generic.C2948726 20190124
ALYac Trojan.GenericKD.31545198 20190124
Arcabit Trojan.Generic.D1E1576E 20190124
Avast Win32:BankerX-gen [Trj] 20190124
AVG Win32:BankerX-gen [Trj] 20190124
BitDefender Trojan.GenericKD.31545198 20190124
Bkav HW32.Packed. 20190124
CAT-QuickHeal Trojan.Multi 20190124
ClamAV Win.Trojan.Emotet-6823016-0 20190124
Comodo Malware@#133qbzhgwd74r 20190124
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cyren W32/Trojan.FFMA-0359 20190124
DrWeb Trojan.DownLoader27.24056 20190124
eGambit Unsafe.AI_Score_86% 20190124
Emsisoft Trojan.GenericKD.31545198 (B) 20190124
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOUO 20190124
F-Secure Trojan.GenericKD.31545198 20190124
Fortinet W32/GenKryptik.CWZP!tr 20190124
GData Trojan.GenericKD.31545198 20190124
Ikarus Trojan-Banker.Emotet 20190124
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.frm 20190124
K7AntiVirus Trojan ( 00545f821 ) 20190124
Kaspersky Trojan-Banker.Win32.Emotet.carw 20190124
Malwarebytes Trojan.Emotet 20190124
MAX malware (ai score=99) 20190124
McAfee RDN/Generic.hbg 20190124
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.ch 20190124
Microsoft Trojan:Win32/Emotet.AC!bit 20190124
eScan Trojan.GenericKD.31545198 20190124
NANO-Antivirus Trojan.Win32.Kryptik.fmggwj 20190124
Palo Alto Networks (Known Signatures) generic.ml 20190124
Panda Trj/CI.A 20190123
Qihoo-360 HEUR/QVM20.1.A891.Malware.Gen 20190124
Rising Trojan.Emotet!8.B95 (CLOUD) 20190124
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Troj/Emotet-AVV 20190124
Symantec Trojan.Emotet 20190124
Tencent Win32.Trojan-banker.Emotet.Tbif 20190124
Trapmine malicious.moderate.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THOBAAI 20190124
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOBAAI 20190124
VBA32 BScope.Malware-Cryptor.Emotet 20190124
Webroot W32.Trojan.Emotet 20190124
Yandex Trojan.PWS.Emotet! 20190124
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.carw 20190124
Alibaba 20180921
Antiy-AVL 20190124
Avast-Mobile 20190124
Avira (no cloud) 20190124
Babable 20180918
Baidu 20190124
CMC 20190124
Cybereason 20190109
F-Prot 20190124
K7GW 20190124
Kingsoft 20190124
SUPERAntiSpyware 20190123
TACHYON 20190124
TheHacker 20190118
TotalDefense 20190124
Trustlook 20190124
ViRobot 20190124
Zillya 20190123
Zoner 20190124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-09 09:45:28
Entry Point 0x00003D10
Number of sections 10
PE sections
PE imports
IsValidAcl
GetNativeSystemInfo
AttachConsole
GetPriorityClass
GetThreadId
HeapCreate
CreateFileW
GetCommandLineW
SetConsoleTextAttribute
GetCurrentThreadId
SetConsoleScreenBufferSize
GetAsyncKeyState
GetListBoxInfo
IsDlgButtonChecked
MoveWindow
CreateIconIndirect
GetWindowInfo
IsDialogMessageA
SCardListReaderGroupsW
Number of PE resources by type
RT_DIALOG 7
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1994:07:09 11:45:28+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3d10

InitializedDataSize
143360

SubsystemVersion
6.1

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 c6f11533e8f48b5aecccb21fb047d4e3
SHA1 03b5bc5b3e14b19b7d03779ae161a69394bacf7f
SHA256 4f1485fe40ad2c4b2dbac87e895550baa915f10d56b5319d24377cb8b3fe4520
ssdeep
3072:sF1A9DPeiSY6DvweADmjTh4k0TD51bW7pQlIIChmgOF+4C:sF1A9BJeAmjThOD51bx

authentihash 27e9a09657fd8db02f6e489a15455721eb8542bdf3041008183a7a026a7fbe41
imphash db9d654d6f7b92b989d77ece9ff3c36d
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-19 19:33:06 UTC ( 2 months ago )
Last submission 2019-01-21 00:56:02 UTC ( 2 months ago )
File names 5gvJz.exe
477.exe
7BE3C492.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!