× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 535cd0e20a6a1f6245692035b8eebca53c5c2f8fff1494fcaac5293079ddb068
File name: 535cd0e20a6a1f6245692035b8eebca53c5c2f8fff1494fcaac5293079ddb068
Detection ratio: 13 / 65
Analysis date: 2019-03-10 03:47:13 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
AegisLab Hacktool.Win32.Krap.lKMc 20190309
CMC Trojan.Win32.Swizzor.1!O 20190309
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CPES 20190309
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Emotet.LK!ml 20190307
Qihoo-360 HEUR/QVM20.1.BDD3.Malware.Gen 20190309
Rising Trojan.Azden!8.F0E3 (TFE:dGZlOgILWWOoyvTzUw) 20190309
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190228
VBA32 BScope.TrojanBanker.Chthonic 20190307
Ad-Aware 20190309
AhnLab-V3 20190309
Alibaba 20190306
ALYac 20190309
Antiy-AVL 20190309
Arcabit 20190309
Avast 20190309
Avast-Mobile 20190308
AVG 20190309
Avira (no cloud) 20190309
Babable 20180917
Baidu 20190305
BitDefender 20190309
Bkav 20190308
CAT-QuickHeal 20190309
ClamAV 20190309
Comodo 20190309
Cybereason 20190109
Cyren 20190309
DrWeb 20190309
eGambit 20190309
Emsisoft 20190309
F-Secure 20190309
Fortinet 20190309
GData 20190309
Ikarus 20190309
Jiangmin 20190309
K7AntiVirus 20190309
K7GW 20190309
Kaspersky 20190309
Kingsoft 20190309
Malwarebytes 20190309
MAX 20190309
McAfee 20190309
McAfee-GW-Edition 20190309
eScan 20190309
NANO-Antivirus 20190309
Palo Alto Networks (Known Signatures) 20190309
Panda 20190309
Sophos AV 20190309
SUPERAntiSpyware 20190306
Symantec Mobile Insight 20190220
TACHYON 20190309
Tencent 20190309
TheHacker 20190308
TotalDefense 20190309
TrendMicro-HouseCall 20190309
Trustlook 20190309
VIPRE 20190309
ViRobot 20190309
Yandex 20190308
ZoneAlarm by Check Point 20190309
Zoner 20190309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Support.com

Product SUPERAntiSpyware
Original name sas_enum_cookies.exe
Internal name sas_enum_cookies
File version 5, 6, 0, 1030
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 9:29 PM 3/12/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-10 03:42:47
Entry Point 0x00001030
Number of sections 4
PE sections
Overlays
MD5 420571bfb37d2948ccb64705d87cd910
File type data
Offset 331264
Size 3336
Entropy 7.34
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegOpenKeyExW
CryptGenRandom
AllocateAndInitializeSid
CheckTokenMembership
CryptAcquireContextW
RegOpenKeyA
RegQueryValueExA
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyW
ImageList_Add
ImageList_GetImageCount
ImageList_Replace
ImageList_BeginDrag
ImageList_Destroy
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
PropertySheetW
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
DeleteEnhMetaFile
CreateFontIndirectW
SetStretchBltMode
SaveDC
GetClipBox
GetObjectType
DeleteDC
RestoreDC
GetObjectW
BitBlt
CreateDIBSection
CreatePatternBrush
IntersectClipRect
BRUSHOBJ_hGetColorTransform
GetStockObject
CreateCompatibleDC
StretchBlt
CloseFigure
SelectObject
GetNearestPaletteIndex
SetDIBColorTable
CreateSolidBrush
GdiConvertMetaFilePict
SetBkColor
DeleteObject
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
GetStdHandle
GetConsoleOutputCP
PurgeComm
lstrlen
HeapDestroy
SignalObjectAndWait
SetConsoleCursorPosition
GetCommandLineW
GetPrivateProfileStructW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
RtlZeroMemory
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
TlsGetValue
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
GlobalFindAtomW
RemoveDirectoryW
TryEnterCriticalSection
BeginUpdateResourceA
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
GetVolumeNameForVolumeMountPointW
ClearCommError
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
VirtualQuery
GetConsoleMode
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
MulDiv
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
GlobalUnfix
RtlUnwind
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
BindIoCompletionCallback
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetComputerNameW
GetModuleFileNameW
ExpandEnvironmentStringsW
DuplicateHandle
WaitForMultipleObjects
GlobalAlloc
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
ReadConsoleOutputAttribute
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetAtomNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
EnumSystemLocalesW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCompressedFileSizeW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
OpenSemaphoreW
VirtualAlloc
DragQueryFileW
SHGetFolderPathW
SHGetFileInfo
SHFileOperationW
ShellExecuteW
SHGetSettings
SHGetSpecialFolderPathA
ShellExecuteExW
SHAppBarMessage
SHIsFileAvailableOffline
ShellAboutA
CommandLineToArgvW
SHFileOperationA
StrCmpNIW
PathCombineW
SHDeleteKeyW
StrRChrW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
StrChrA
StrStrW
StrCmpNA
StrRStrIW
SHGetValueW
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
GetParent
DlgDirSelectExW
EndDialog
SystemParametersInfoW
HideCaret
OffsetRect
MessageBoxTimeoutW
ReleaseCapture
PostQuitMessage
ShowWindow
SetWindowPos
GetListBoxInfo
SetWindowLongW
GetWindowRect
EnableWindow
OpenIcon
GetDialogBaseUnits
DialogBoxParamW
GetMessageExtraInfo
IsMenu
IsCharAlphaNumericW
CharNextW
GetMessageTime
PostMessageW
GetSysColor
GetDC
ReleaseDC
BeginPaint
GetDoubleClickTime
SendMessageW
EndMenu
GetWindowLongW
IsWindowEnabled
SetWindowTextW
ToAscii
GetDlgItem
DrawMenuBar
DrawTextW
MonitorFromWindow
InSendMessage
CloseWindowStation
InvalidateRect
IsClipboardFormatAvailable
CreateMenu
IsCharUpperA
LoadStringW
FillRect
IsDlgButtonChecked
CloseDesktop
ChangeDisplaySettingsExW
IsWindowUnicode
LoadIconW
GetFocus
MsgWaitForMultipleObjects
EndPaint
WindowFromDC
CloseWindow
DestroyWindow
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.0.1030

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
218624

EntryPoint
0x1030

OriginalFileName
sas_enum_cookies.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Support.com

FileVersion
5, 6, 0, 1030

TimeStamp
2019:03:10 04:42:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sas_enum_cookies

ProductVersion
5, 6, 0, 1030

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Support.com

CodeSize
111616

ProductName
SUPERAntiSpyware

ProductVersionNumber
5.6.0.1030

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8be276326ece1d87e5e5142d41a32597
SHA1 551d79fc85117b05879b71e3a1212f3f75e5f090
SHA256 535cd0e20a6a1f6245692035b8eebca53c5c2f8fff1494fcaac5293079ddb068
ssdeep
3072:1M2a8GTsKzYKXWRpbbQlf082OvAsuKW28HMCpyDuN/sw5zK7vMzeLq+c1WPE68EA:1MFL7EbQf/2kAnK+fdG70KLk368xf7

authentihash e717785350031dfcb74fdbec5cde70c48951be3d9a5b0cd92ddbeb7b793d423e
imphash 83e417b48e4bbf4e3ee37d7b11ab9d4d
File size 326.8 KB ( 334600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-10 03:47:13 UTC ( 1 month, 1 week ago )
Last submission 2019-03-12 02:10:25 UTC ( 1 month, 1 week ago )
File names sas_enum_cookies
sas_enum_cookies.exe
emotet_e1_535cd0e20a6a1f6245692035b8eebca53c5c2f8fff1494fcaac5293079ddb068_2019-03-10__035003.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections