× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50e7a8269c122db730deb87b5cd64e2e42e94ba46275edffd35301e7adc9ca82
File name: 50e7a8269c122db730deb87b5cd64e2e42e94ba46275edffd35301e7adc9ca82
Detection ratio: 39 / 64
Analysis date: 2018-07-03 12:22:41 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31035252 20180703
AegisLab Troj.W32.Dovs!c 20180703
AhnLab-V3 Trojan/Win32.Emotet.R230948 20180703
ALYac Trojan.GenericKD.31035252 20180703
Antiy-AVL Trojan/Win32.TSGeneric 20180703
Arcabit Trojan.Generic.D1D98F74 20180703
Avira (no cloud) TR/Crypt.Agent.rbxih 20180703
AVware Trojan.Win32.Generic!BT 20180703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9965 20180703
BitDefender Trojan.GenericKD.31035252 20180703
Bkav HW32.Packed.8599 20180703
Comodo Heur.Packed.Unknown 20180703
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cyren W32/Trojan.QAGF-3708 20180704
Emsisoft Trojan.Emotet (A) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIIZ 20180704
F-Prot W32/Trojan.BNJ.gen!Eldorado 20180703
F-Secure Trojan.GenericKD.31035252 20180704
Fortinet W32/Kryptik.GHTB!tr 20180703
GData Trojan.GenericKD.31035252 20180704
Ikarus Trojan-Banker.Emotet 20180703
Kaspersky Trojan.Win32.Dovs.ozv 20180703
Malwarebytes Trojan.Emotet 20180703
MAX malware (ai score=87) 20180703
McAfee Emotet-FHR!B6A167772958 20180704
Microsoft Trojan:Win32/Emotet.AC!bit 20180703
eScan Trojan.GenericKD.31035252 20180704
NANO-Antivirus Trojan.Win32.Dovs.feticd 20180703
Palo Alto Networks (Known Signatures) generic.ml 20180703
Panda Trj/CI.A 20180703
Qihoo-360 HEUR/QVM20.1.3C28.Malware.Gen 20180703
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180703
Symantec Packed.Generic.517 20180704
VIPRE Trojan.Win32.Generic!BT 20180703
ViRobot Trojan.Win32.Z.Kryptik.92675 20180703
Webroot W32.Trojan.Emotet 20180703
ZoneAlarm by Check Point Trojan.Win32.Dovs.ozv 20180703
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Babable 20180406
CAT-QuickHeal 20180703
ClamAV 20180703
CMC 20180703
Cybereason 20180225
DrWeb 20180704
eGambit 20180703
Sophos ML 20180601
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180704
Kingsoft 20180703
McAfee-GW-Edition 20180703
SUPERAntiSpyware 20180703
TACHYON 20180703
Tencent 20180703
TheHacker 20180628
TotalDefense 20180703
Trustlook 20180703
VBA32 20180629
Yandex 20180703
Zillya 20180703
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-02 11:50:20
Entry Point 0x00012DC7
Number of sections 5
PE sections
Overlays
MD5 692c8022360661692872fdc730517229
File type ASCII text
Offset 92672
Size 3
Entropy 1.58
PE imports
GetThreadId
GetUserDefaultLCID
GetTickCount
VarCyMul
CoGetCallerTID
ReleaseBindInfo
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x12dc7

MIMEType
application/octet-stream

TimeStamp
2018:07:02 12:50:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
13.33.111

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QweWWWemiconductor Corporation

CodeSize
77312

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b6a1677729583734ce79eaa37d1bf8f8
SHA1 bce1ac39157079fe5d7a73ef78a9d36bb7d3e2ef
SHA256 50e7a8269c122db730deb87b5cd64e2e42e94ba46275edffd35301e7adc9ca82
ssdeep
1536:c07wlkhVB+NQXtgiaz4U67rUkGcYhFnZNnijsuTrl5:cbkhT1mlz4R7rOcYvYn

authentihash 614dbc47414b51cf916a6af0f70e06e5deca2d03a4d487867d6a6379922cb8be
imphash 3cbe9b520cdc80c3a391dd8a3814cf51
File size 90.5 KB ( 92675 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-07-03 12:20:21 UTC ( 7 months, 3 weeks ago )
Last submission 2018-09-14 02:17:19 UTC ( 5 months, 1 week ago )
File names b6a1677729583734ce79eaa37d1bf8f8.virus
(15)0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!