× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52130a636355f8c08f88c015359406e6d18f7a168e833f6e807de6d223db348b
File name: DIAGRAMPOWR.EXE
Detection ratio: 45 / 68
Analysis date: 2018-07-18 23:34:28 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur2.FU.fyW@amshF4gO 20180718
AegisLab Gen.Troj.Heur2!c 20180718
AhnLab-V3 Trojan/Win32.Emotet.R231895 20180718
Arcabit Trojan.Heur2.FU.E982FB 20180718
Avast Win32:Malware-gen 20180718
AVG Win32:Malware-gen 20180718
AVware Trojan.Win32.Generic!BT 20180718
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Gen:Trojan.Heur2.FU.fyW@amshF4gO 20180718
Bkav HW32.Packed.FFE3 20180718
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cybereason malicious.aad0e9 20180225
Cylance Unsafe 20180719
Cyren W32/Trojan.NMCN-8691 20180718
DrWeb Trojan.DownLoader26.58324 20180718
Emsisoft Trojan.Emotet (A) 20180718
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIYA 20180718
F-Secure Gen:Trojan.Heur2.FU.fyW@amshF4gO 20180718
Fortinet W32/Kryptik.GIYA!tr 20180718
GData Gen:Trojan.Heur2.FU.fyW@amshF4gO 20180718
Ikarus Trojan.Win32.Crypt 20180718
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00537f351 ) 20180718
K7GW Trojan ( 00537f351 ) 20180718
Kaspersky Trojan.Win32.Dovs.pjd 20180718
Malwarebytes Spyware.Emotet 20180718
MAX malware (ai score=98) 20180719
McAfee Emotet-FHR!03772B3AAD0E 20180718
McAfee-GW-Edition BehavesLike.Win32.Downloader.nc 20180718
eScan Gen:Trojan.Heur2.FU.fyW@amshF4gO 20180718
NANO-Antivirus Trojan.Win32.Dovs.fflgrg 20180719
Palo Alto Networks (Known Signatures) generic.ml 20180719
Panda Trj/GdSda.A 20180718
Qihoo-360 Win32/Trojan.901 20180719
Rising Trojan.Kryptik!8.8 (CLOUD) 20180718
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180718
Symantec Packed.Generic.517 20180718
TrendMicro-HouseCall TROJ_GEN.R002H05GI18 20180718
VBA32 BScope.TrojanBanker.Emotet 20180718
VIPRE Trojan.Win32.Generic!BT 20180718
ViRobot Trojan.Win32.Z.Kryptik.93696.HP 20180718
Webroot W32.Trojan.Emotet 20180719
ZoneAlarm by Check Point Trojan.Win32.Dovs.pjd 20180718
Alibaba 20180713
ALYac 20180719
Antiy-AVL 20180718
Avast-Mobile 20180718
Avira (no cloud) 20180718
Babable 20180406
CAT-QuickHeal 20180718
ClamAV 20180718
CMC 20180718
Comodo 20180718
eGambit 20180719
F-Prot 20180718
Jiangmin 20180718
Kingsoft 20180719
Microsoft 20180718
SUPERAntiSpyware 20180718
TACHYON 20180718
Tencent 20180719
TheHacker 20180718
TotalDefense 20180718
TrendMicro 20180718
Trustlook 20180719
Yandex 20180717
Zillya 20180718
Zoner 20180718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-17 21:01:39
Entry Point 0x00011FFB
Number of sections 6
PE sections
PE imports
GetFileTitleW
lstrlenA
GetBinaryTypeA
VarCyCmp
RasRenameEntryA
DdeDisconnectList
ShowCursor
GetClipboardOwner
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:17 22:01:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
12.0

Warning
Possibly corrupt Version resource

EntryPoint
0x11ffb

InitializedDataSize
22016

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 03772b3aad0e97d1a34680c11533848c
SHA1 4f2c914ad9d367baeb05045a9d70974ba12aecc8
SHA256 52130a636355f8c08f88c015359406e6d18f7a168e833f6e807de6d223db348b
ssdeep
1536:DE0ky5G9W18R5RphFcon/f45Ut8a6bq8AN33maoP:DEr1982rh1f45UF2Ho3j

authentihash 074ab9af7000993067048dca226b86978bb1d232e215bb4f1ff165b8411ffdf9
imphash 140676f00c48f787fb7da8229f04929c
File size 91.5 KB ( 93696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-17 23:44:37 UTC ( 7 months ago )
Last submission 2018-07-17 23:44:37 UTC ( 7 months ago )
File names DIAGRAMPOWR.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs