× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5060c95b7566b63b49b739c5ef2479906bbc34b11702edc2f0eba8b338f8d107
File name: b4743759b801107104d1fa17bc442dc9
Detection ratio: 36 / 66
Analysis date: 2018-05-11 23:28:22 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30769428 20180511
AegisLab Uds.Dangerousobject.Multi!c 20180511
Arcabit Trojan.Generic.D1D57FAF 20180511
Avast Win32:Malware-gen 20180511
AVG Win32:Malware-gen 20180511
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180511
BitDefender Trojan.GenericKD.30769071 20180511
CAT-QuickHeal Trojan.Drixed.100454 20180511
Comodo CloudScanner.Trojan.Gen 20180511
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180512
Cyren W32/Trojan.WBTI-2184 20180511
eGambit Unsafe.AI_Score_79% 20180512
Emsisoft Trojan.GenericKD.30769428 (B) 20180511
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGPY 20180511
F-Secure Trojan.GenericKD.30769071 20180511
Fortinet W32/GenKryptik.BZFU!tr 20180511
GData Trojan.GenericKD.30769071 20180511
Ikarus Trojan.Win32.Crypt 20180511
Sophos ML heuristic 20180503
Kaspersky Trojan-Banker.Win32.Emotet.ancq 20180511
MAX malware (ai score=80) 20180512
McAfee RDN/Generic.grp 20180511
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20180511
Microsoft Trojan:Win32/Skeeyah.A!bit 20180511
eScan Trojan.GenericKD.30769071 20180512
Palo Alto Networks (Known Signatures) generic.ml 20180512
Qihoo-360 HEUR/QVM20.1.144D.Malware.Gen 20180512
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgOV7VLyXdgWMA) 20180511
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180511
Symantec ML.Attribute.HighConfidence 20180511
TrendMicro-HouseCall Suspicious_GEN.F47V0511 20180511
Webroot W32.Trojan.Emotet 20180512
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ancq 20180511
AhnLab-V3 20180511
Alibaba 20180511
ALYac 20180511
Antiy-AVL 20180511
Avast-Mobile 20180511
Avira (no cloud) 20180511
AVware 20180428
Babable 20180406
Bkav 20180511
ClamAV 20180511
CMC 20180511
Cybereason None
F-Prot 20180511
Jiangmin 20180511
K7AntiVirus 20180511
K7GW 20180511
Kingsoft 20180512
Malwarebytes 20180511
NANO-Antivirus 20180511
nProtect 20180511
Panda 20180511
SUPERAntiSpyware 20180511
Symantec Mobile Insight 20180511
Tencent 20180512
TheHacker 20180509
TotalDefense 20180511
TrendMicro 20180511
Trustlook 20180512
VBA32 20180511
VIPRE 20180511
ViRobot 20180511
Yandex 20180511
Zillya 20180511
Zoner 20180511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-11 01:10:35
Entry Point 0x00001360
Number of sections 5
PE sections
PE imports
ExtSelectClipRgn
GetWindowOrgEx
StretchBlt
GdiGetBatchLimit
GetCommModemStatus
GetCurrentProcess
GetThreadId
GetProcessIdOfThread
GetExitCodeProcess
GetCommandLineA
GetLastActivePopup
GetInputState
CloseWindow
GetClassWord
SetScrollPos
GetClipboardSequenceNumber
SetActiveWindow
SCardFreeMemory
Number of PE resources by type
RT_STRING 10
RT_BITMAP 3
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:10 18:10:35-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1360

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b4743759b801107104d1fa17bc442dc9
SHA1 a766f3bf523a6935312e68ce6bf91550fad47aeb
SHA256 5060c95b7566b63b49b739c5ef2479906bbc34b11702edc2f0eba8b338f8d107
ssdeep
6144:5MJ929iNrqtkHiwCb83R+tnXWxb7d/JWq2MvqBnnHSBNU:60ihRHiw28+nwXdL9vmnynU

authentihash 1a4379ea8f297fc47811137e582b231da05eae5317e52ed70d4d7613b32a1f6a
imphash 2040a5d2c3244fb1c2c26783255d6c97
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-11 10:39:20 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-26 17:51:54 UTC ( 9 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!