× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ffa8c279423a6f47e996e9b12e4f3e6d5755d1e95d2b830978bbcee33b482f6
File name: emotet_e2_4ffa8c279423a6f47e996e9b12e4f3e6d5755d1e95d2b830978bbce...
Detection ratio: 43 / 68
Analysis date: 2019-01-29 02:09:32 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190128
Ad-Aware Trojan.Autoruns.GenericKDS.31582896 20190128
AhnLab-V3 Trojan/Win32.Emotet.R253580 20190128
ALYac Trojan.Autoruns.GenericKDS.31582896 20190128
Arcabit Trojan.Autoruns.GenericS.D1E1EAB0 20190128
Avast Win32:BankerX-gen [Trj] 20190128
AVG Win32:BankerX-gen [Trj] 20190128
Avira (no cloud) TR/AD.Emotet.ijyty 20190128
BitDefender Trojan.Autoruns.GenericKDS.31582896 20190128
CAT-QuickHeal Trojan.Emotet.X4 20190128
Comodo Malware@#hvbiydigoivf 20190128
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190128
Cyren W32/Trojan.FHWL-3161 20190128
DrWeb Trojan.DownLoader27.26557 20190128
Emsisoft Trojan.Autoruns.GenericKDS.31582896 (B) 20190128
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOWR 20190128
F-Secure Trojan.Autoruns.GenericKDS.31582896 20190128
Fortinet W32/GenKryptik.CVNU!tr 20190128
GData Trojan.Autoruns.GenericKDS.31582896 20190128
Ikarus Trojan-Banker.Emotet 20190128
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005461fd1 ) 20190128
K7GW Trojan ( 005461fd1 ) 20190128
Kaspersky Trojan-Banker.Win32.Emotet.ccah 20190128
Malwarebytes Trojan.Emotet 20190128
MAX malware (ai score=100) 20190128
McAfee RDN/Generic.grp 20190128
McAfee-GW-Edition BehavesLike.Win32.Virut.dh 20190128
Microsoft Trojan:Win32/Emotet.AC!bit 20190128
eScan Trojan.Autoruns.GenericKDS.31582896 20190128
Panda Trj/GdSda.A 20190128
Qihoo-360 HEUR/QVM20.1.CEC3.Malware.Gen 20190128
Rising Trojan.Kryptik!8.8 (CLOUD) 20190128
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Emotet-Q 20190128
Symantec Trojan.Gen.2 20190128
TrendMicro TROJ_GEN.R049C0GAR19 20190128
TrendMicro-HouseCall TROJ_GEN.R049C0GAR19 20190128
VBA32 BScope.Trojan.Refinka 20190128
Webroot W32.Trojan.Emotet 20190128
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ccah 20190128
AegisLab 20190128
Alibaba 20180921
Antiy-AVL 20190128
Avast-Mobile 20190127
Babable 20180917
Baidu 20190127
Bkav 20190125
ClamAV 20190128
CMC 20190128
Cybereason 20190109
eGambit 20190128
F-Prot 20190128
Jiangmin 20190128
Kingsoft 20190128
NANO-Antivirus 20190128
SUPERAntiSpyware 20190123
TACHYON 20190128
Tencent 20190128
TheHacker 20190124
TotalDefense 20190128
Trustlook 20190128
ViRobot 20190128
Yandex 20190125
Zillya 20190128
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Sidebar Unattend
Internal name Sidebar Unattend
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Sidebar Unattend Action
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-26 23:21:07
Entry Point 0x00003C1E
Number of sections 7
PE sections
PE imports
DeregisterEventSource
LockServiceDatabase
CreateRestrictedToken
InitializeAcl
QueryUsersOnEncryptedFile
RegDisableReflectionKey
JetIntersectIndexes
CreatePatternBrush
LineTo
CopyMetaFileW
SetViewportOrgEx
OffsetClipRgn
SetTextAlign
CreateCompatibleDC
Rectangle
LCIDToLocaleName
EnumResourceTypesA
OpenThread
SetThreadPreferredUILanguages
FindCloseChangeNotification
GetFileSizeEx
WriteProcessMemory
DebugActiveProcessStop
GlobalFree
GetConsoleCP
GetNamedPipeServerProcessId
VirtualFree
WriteFile
GetUserPreferredUILanguages
LocalFree
GetUserDefaultLCID
GetModuleHandleW
SafeArrayCreateEx
RasEnumConnectionsW
I_RpcMapWin32Status
AssocCreate
SHRegDuplicateHKey
FreeCredentialsHandle
GetAsyncKeyState
DdeImpersonateClient
SetScrollRange
GetMenuInfo
GetQueueStatus
AdjustWindowRect
DdeAddData
CreateIconIndirect
IsCharAlphaA
AdjustWindowRectEx
LoadKeyboardLayoutA
GetMessagePos
GetScrollPos
SetClipboardViewer
RemoveMenu
CreateMD5SSOHash
GetUrlCacheEntryInfoA
towupper
CoLoadLibrary
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Sidebar Unattend Action

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0x3c1e

OriginalFileName
Sidebar Unattend

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:01:26 15:21:07-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sidebar Unattend

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
28672

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8da7c78f2030ba64f4956fb37f211411
SHA1 a83149643ad9812b906846e80d508ef8bd7001ce
SHA256 4ffa8c279423a6f47e996e9b12e4f3e6d5755d1e95d2b830978bbcee33b482f6
ssdeep
3072:FenXU5SvdIN09lTpEdPXl5qc7Bp2eVBIKdZVxxV:kkMINalTpE7Ac7rVqkx

authentihash c3571e9c6f4a678e1dacf838513fe8bb3106364b317f3359d6b9bc24377fef6b
imphash 63c935e0711fff20b5dcb674dfc8a4b5
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-26 15:29:24 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-28 19:13:32 UTC ( 1 month, 2 weeks ago )
File names Sidebar Unattend
emotet_e2_4ffa8c279423a6f47e996e9b12e4f3e6d5755d1e95d2b830978bbcee33b482f6_2019-01-26__153002.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!