× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 526cfcc8d5bf881f1d8c07a771ea42a9b320334fc934efd449dbbec7ca83108a
Detection ratio: 22 / 67
Analysis date: 2017-11-11 06:41:22 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Tspy.Emotet.Smd12!c 20171111
Avast FileRepMalware 20171111
AVG FileRepMalware 20171111
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
BitDefender Trojan.GenericKD.6179941 20171111
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171111
eGambit Unsafe.AI_Score_100% 20171111
Emsisoft Trojan.GenericKD.6179941 (B) 20171111
Endgame malicious (high confidence) 20171024
Fortinet W32/GenKryptik.AVEL!tr.ransom 20171111
Sophos ML heuristic 20170914
McAfee Artemis!245144ADD89B 20171111
McAfee-GW-Edition BehavesLike.Win32.BadFile.dt 20171111
Palo Alto Networks (Known Signatures) generic.ml 20171111
Qihoo-360 HEUR/QVM20.1.1A2C.Malware.Gen 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171111
Symantec Ransom.Kovter 20171110
TrendMicro TSPY_EMOTET.SMD12 20171111
TrendMicro-HouseCall TSPY_EMOTET.SMD12 20171111
Webroot W32.Trojan.Emotet 20171111
Ad-Aware 20171111
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171111
Arcabit 20171110
Avast-Mobile 20171110
Avira (no cloud) 20171110
AVware 20171111
Bkav 20171111
CAT-QuickHeal 20171110
ClamAV 20171111
CMC 20171109
Comodo 20171111
Cybereason 20171030
Cyren 20171111
DrWeb 20171111
ESET-NOD32 20171111
F-Prot 20171111
F-Secure 20171111
GData 20171111
Ikarus 20171110
Jiangmin 20171110
K7AntiVirus 20171111
K7GW 20171111
Kaspersky 20171111
Kingsoft 20171111
Malwarebytes 20171111
MAX 20171111
Microsoft 20171111
eScan 20171111
NANO-Antivirus 20171111
nProtect 20171111
Panda 20171110
Rising 20171111
SUPERAntiSpyware 20171111
Symantec Mobile Insight 20171110
Tencent 20171111
TheHacker 20171102
Trustlook 20171111
VBA32 20171110
VIPRE 20171111
ViRobot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
ZoneAlarm by Check Point 20171111
Zoner 20171111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-10 23:51:24
Entry Point 0x0000101E
Number of sections 5
PE sections
PE imports
FindFirstFreeAce
GetCurrentHwProfileA
AddAccessDeniedObjectAce
CreateMetaFileA
FillRgn
EnumSystemCodePagesW
GetACP
ConvertFiberToThread
GetSystemDefaultLangID
SwitchToThread
GetUserDefaultLangID
GetShortPathNameW
CopyFileExW
GlobalFindAtomW
GetBinaryTypeW
GetPrivateProfileSectionNamesW
GetEnvironmentStringsW
GetCurrentThreadId
GetVersion
GetNumaNodeProcessorMask
lstrcmpW
GetUserDefaultLCID
GetPrivateProfileStringW
GetCurrentThread
MprAdminMIBEntryCreate
acmDriverAddW
VariantChangeType
SetupDiGetActualSectionToInstallW
SHGetFileInfoA
PathFindNextComponentW
FreeContextBuffer
GetUserNameExA
IsCharAlphaW
GetUserObjectInformationW
GetMessageExtraInfo
LoadIconW
IsCharLowerW
GetWindowWord
GetMenuItemID
InternetInitializeAutoProxyDll
GetStandardColorSpaceProfileW
strncmp
fwprintf
mbtowc
memset
CoRegisterClassObject
IsValidURL
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:11 00:51:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1104966662

LinkerVersion
12.0

EntryPoint
0x101e

InitializedDataSize
101376

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 245144add89b6eaaec06d326f1fa1fcc
SHA1 a87746d32729c9c6a8cb33f58fb7092de5b94c98
SHA256 526cfcc8d5bf881f1d8c07a771ea42a9b320334fc934efd449dbbec7ca83108a
ssdeep
1536:29lgKw5ojv49/5m7mq2G0yJhn/h/9oKMSc+oDpzuj/k+kiCyZRMv7cCweGQMV3tB:Y2MKuTkwajcUGQacXk5Nh0

authentihash 1c2d651421a92a12f355846ae06b75ac15557ac45cfbaca54fba78f12bf55ae5
imphash 6863462e27b4a24cb194779262ca700f
File size 222.5 KB ( 227840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-10 23:54:18 UTC ( 6 months, 2 weeks ago )
Last submission 2017-12-12 13:43:09 UTC ( 5 months, 1 week ago )
File names od.exe
1002-a87746d32729c9c6a8cb33f58fb7092de5b94c98
u.exe
ZgYsD1N.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications