Antivirus scan for 516bbe13fcb4fc9c1ef6fb12163999f39126c0dfa5caf6f95b6710f0ff67fb9e at 2018-11-25 06:35:28 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.GenericKD.40783976	20181125
ALYac	Trojan.GenericKD.40783976	20181125
Arcabit	Trojan.Generic.D26E5068	20181125
Avast	FileRepMalware	20181125
AVG	FileRepMalware	20181125
BitDefender	Trojan.GenericKD.40783976	20181125
Bkav	HW32.Packed.	20181123
Comodo	Malware@#1plqyz97wvz91	20181125
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20181022
Cybereason	malicious.792b0e	20180225
Cylance	Unsafe	20181125
Cyren	W32/Emotet.JI.gen!Eldorado	20181125
DrWeb	Trojan.EmotetENT.304	20181125
eGambit	Unsafe.AI_Score_53%	20181125
Emsisoft	Trojan.Emotet (A)	20181125
Endgame	malicious (high confidence)	20181108
ESET-NOD32	a variant of Win32/Kryptik.GNCN	20181124
F-Prot	W32/Emotet.JI.gen!Eldorado	20181125
F-Secure	Trojan.GenericKD.40783976	20181125
Fortinet	W32/GenKryptik.CRRV!tr	20181125
GData	Trojan.GenericKD.40783976	20181125
Ikarus	Trojan.Win32.Emotet	20181124
Sophos ML	heuristic	20181108
K7AntiVirus	Trojan ( 00541eb91 )	20181125
K7GW	Trojan ( 00541eb91 )	20181125
Kaspersky	Trojan-Banker.Win32.Emotet.brjw	20181125
Malwarebytes	Trojan.Emotet	20181125
McAfee	Emotet-FKM!5BF036C0EDA7	20181125
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc	20181125
Microsoft	Trojan:Win32/Emotet.AC!bit	20181125
eScan	Trojan.GenericKD.40783976	20181125
NANO-Antivirus	Trojan.Win32.EmotetENT.fknnnt	20181125
Palo Alto Networks (Known Signatures)	generic.ml	20181125
Panda	Trj/Genetic.gen	20181124
Qihoo-360	HEUR/QVM20.1.64C7.Malware.Gen	20181125
Rising	Trojan.Kryptik!1.B4D6 (CLOUD)	20181125
SentinelOne (Static ML)	static engine - malicious	20181011
Sophos AV	Mal/EncPk-ANY	20181125
Symantec	Trojan.Emotet	20181124
Trapmine	malicious.high.ml.score	20180918
TrendMicro	TROJ_GEN.R020C0OKN18	20181125
TrendMicro-HouseCall	TROJ_GEN.R020C0OKN18	20181125
Webroot	W32.Trojan.Emotet	20181125
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.brjw	20181125
AegisLab		20181125
AhnLab-V3		20181124
Alibaba		20180921
Antiy-AVL		20181125
Avast-Mobile		20181124
Avira (no cloud)		20181125
Babable		20180918
Baidu		20181123
CAT-QuickHeal		20181124
ClamAV		20181125
CMC		20181124
Jiangmin		20181125
Kingsoft		20181125
MAX		20181125
SUPERAntiSpyware		20181121
Symantec Mobile Insight		20181121
TACHYON		20181125
Tencent		20181125
TheHacker		20181118
TotalDefense		20181125
Trustlook		20181125
VBA32		20181123
ViRobot		20181124
Yandex		20181123
Zillya		20181123
Zoner		20181125

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Internal name kb

Description Sinha

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1995-11-13 23:08:05

Entry Point 0x00003280

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

sijJ 4096 9336 12288 5.59 aa7ac96f53f11872eb40579d7378042f

.mr 16384 1814 4096 2.36 5d4813e030284fe02f446fb4f643ab77

.data 20480 27852 20480 7.49 227a92c73976885daf884ce201a079eb

CODE 49152 2019 4096 4.43 592c1afdf3bae82b3e1cbc2a5ad2473e

.crt 53248 56591 57344 7.94 60cc48aa28e531615134b6fbf09b9b20

.code 110592 24072 24576 7.94 1b3c6ce7f47070f51fff0db614cf9bc9

J 135168 1424 4096 1.33 7af7125fd318ee6f688c9f005cb94939

.reloc 139264 1440 4096 2.91 e691b1b954ca0c7cd3884ae3ed46cb0e

PE imports

Number of PE resources by type

RT_STRING 2

RT_VERSION 1

Number of PE resources by language

NORWEGIAN BOKMAL 3

PE resources

09e9e22cc3cf9d21653f18d5accc5053b87ad2076303cb4ffc94e39988e5c97c ASCII text

4db7b804637da18b7bf5089a66b05712f93f61bd8fa68885c5b513ab00fe1d5d data

cd1984df43d496bc1cbe563defbc6e33357f2bff36c7fdae379339c09e6e9a1d ASCII text

Debug information

Type Timestamp Offset Size

1092643415 (1092643415) Fri May 6 01:30:08 2022 1953777518 1780499534 Bytes

1935894894 (1935894894) Sun Dec 3 11:23:12 2023 544172388 1869640480 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

1995:11:14 00:08:05+01:00

FileType

Win32 EXE

PEType

PE32

CodeSize

12288

LinkerVersion

14.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x3280

InitializedDataSize

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

6.0

UninitializedDataSize

File identification

MD5 5bf036c0eda7a6ac15f8daa4f8e2f27c

SHA1 4bb67ec792b0e62c20258ad13047cc5c26bf9feb

SHA256 516bbe13fcb4fc9c1ef6fb12163999f39126c0dfa5caf6f95b6710f0ff67fb9e

ssdeep

3072:A/i0agv/KuPN1/gfgBcHSqrE6a1GPwWQQ9Y78n0Gt:AK0aF4N14drE6a12QF8n

authentihash 1a52e0ffd98f74b262ca17562f992f91cb89d5b8bdddbbc70f87c11b2189134c

imphash 637d56db4d2a5cc42e64ffd0861c6697

File size 132.0 KB ( 135168 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (34.2%) Win32 Executable (generic) (23.4%) Win16/32 Executable Delphi generic (10.7%) OS/2 Executable (generic) (10.5%) Generic Win/DOS Executable (10.4%)

VirusTotal metadata

First submission 2018-11-23 07:24:43 UTC ( 3 months ago )

Last submission 2018-11-23 07:24:43 UTC ( 3 months ago )

File names

kb
wPLjMHYAYFa.exe
R3TesT6fvn.exe

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

SHA256:	516bbe13fcb4fc9c1ef6fb12163999f39126c0dfa5caf6f95b6710f0ff67fb9e
File name:	wPLjMHYAYFa.exe
Detection ratio:	44 / 69
Analysis date:	2018-11-25 06:35:28 UTC ( 2 months, 4 weeks ago ) View latest

Ciphered bundle