× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 548b9aa2c8da7698c2bcd7289db5c1f1562a5c85b4427bd85c063f667fd8d0c5
File name: 548b9aa2c8da7698c2bcd7289db5c1f1562a5c85b4427bd85c063f667fd8d0c5
Detection ratio: 22 / 70
Analysis date: 2019-01-18 02:24:40 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Gen:Variant.Emotet.62 20190118
AhnLab-V3 Win-Trojan/Emotet3.Exp 20190118
Arcabit Trojan.Emotet.62 20190118
AVG FileRepMalware 20190118
Avira (no cloud) TR/Crypt.EPACK.Gen2 20190117
BitDefender Gen:Variant.Emotet.62 20190118
Bkav HW32.Packed. 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.53373d 20190109
Cylance Unsafe 20190118
eGambit Unsafe.AI_Score_99% 20190118
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190117
Microsoft Trojan:Win32/Emotet 20190117
NANO-Antivirus Virus.Win32.Gen.ccmw 20190117
Qihoo-360 HEUR/QVM19.1.9EA7.Malware.Gen 20190118
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgGAfkeubQottA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.high.ml.score 20190103
AegisLab 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Avast 20190117
Avast-Mobile 20190117
Babable 20180918
Baidu 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Comodo 20190117
Cyren 20190118
DrWeb 20190118
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190117
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190118
Malwarebytes 20190117
MAX 20190118
McAfee 20190117
eScan 20190117
Palo Alto Networks (Known Signatures) 20190118
Panda 20190117
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190118
Tencent 20190118
TheHacker 20190115
TotalDefense 20190117
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190118
VBA32 20190117
ViRobot 20190117
Webroot 20190118
Yandex 20190117
Zillya 20190117
ZoneAlarm by Check Point 20190118
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 1998-2001. All rights reserved.

Product Microsoft .NET Framework
Original name IEHost.exe
Internal name IEHOST.EXE
File version 1.0.3705.6018
Description Microsoft IE hosting interface
Comments Microsoft IE hosting interface
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 02:22:16
Entry Point 0x00003141
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
CryptHashSessionKey
GetSidIdentifierAuthority
LogonUserA
IsTextUnicode
EqualPrefixSid
GetClusterFromResource
GetLogColorSpaceA
GetTextExtentExPointA
GetCurrentPositionEx
GetObjectW
GetFontLanguageInfo
GetObjectType
GetSystemTime
GetSystemWindowsDirectoryA
GetOverlappedResult
DeactivateActCtx
GetTapeStatus
FlsGetValue
FlushFileBuffers
GetShortPathNameA
GetVolumePathNamesForVolumeNameW
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
LocalAlloc
WriteProfileStringA
GetWindowsDirectoryA
SetErrorMode
GetLocalTime
GetLogicalDrives
GetFileInformationByHandle
GetTapePosition
GetProfileSectionA
GetSystemPowerStatus
GetCurrentThread
EnumResourceTypesA
EnumResourceNamesW
MapViewOfFile
GetModuleHandleA
QueryIdleProcessorCycleTime
GetExitCodeThread
GlobalAddAtomA
FindResourceExW
GetAtomNameA
GetTimeFormatA
IsValidLocale
GetSystemDirectoryA
FindFirstFileExW
GetPrivateProfileSectionW
LocalFree
GetPrivateProfileIntW
IsWow64Process
GetTimeZoneInformation
DebugActiveProcess
GetPrivateProfileStringA
GetFileType
LocalUnlock
GetThreadLocale
LoadTypeLib
GetRecordInfoFromGuids
VarCyMulI4
ExtractIconA
GetMenuPosFromID
GetUserNameExW
DecryptMessage
EqualRect
FindWindowW
ExcludeUpdateRgn
GetDialogBaseUnits
FlashWindowEx
DeferWindowPos
LoadCursorW
LookupIconIdFromDirectoryEx
DestroyCaret
GetTabbedTextExtentW
GetWindowRgn
LockWorkStation
RemoveClipboardFormatListener
GetMenuItemRect
GetLastActivePopup
IsWindowVisible
DrawMenuBar
DrawTextW
GetThreadDesktop
LoadAcceleratorsA
GetWindowTextLengthA
GetMenuItemCount
GetMenuState
CreateIconFromResource
IsWindowUnicode
LoadIconW
GetWindowTextA
CharNextW
GetMenuContextHelpId
FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW
DeletePortW
shutdown
fputws
fgetws
strcmp
MkParseDisplayName
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
24576

SubsystemVersion
4.0

Comments
Microsoft IE hosting interface

Platform
Windows 95 and Windows NT (I386)

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3705.6018

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft IE hosting interface

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Windows, Latin1

InitializedDataSize
130048

EntryPoint
0x3141

OriginalFileName
IEHost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation 1998-2001. All rights reserved.

FileVersion
1.0.3705.6018

TimeStamp
2019:01:18 03:22:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEHOST.EXE

ProductVersion
1.0.3705.6018

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

ProductName
Microsoft .NET Framework

ProductVersionNumber
1.0.3705.6018

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 3e33c0d8149e339344354b95a3e4f152
SHA1 4cc63d253373d4d61716d1e00f5c2028355b44f4
SHA256 548b9aa2c8da7698c2bcd7289db5c1f1562a5c85b4427bd85c063f667fd8d0c5
ssdeep
3072:ki2G445HA/CguIt6xIB16+cy0Or3Tk00nyrvPyU4PAH0qfCapp4x4At0bl3ZZ:Y05HAKDIr4XOTz0yrC

authentihash 71aa2cf24376223fd018a88c7cd48d020c9f3909e0d2d004e4aa0085ffc15a08
imphash b009004d7bf537ad90af8052b63e739e
File size 142.0 KB ( 145408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (49.1%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-18 02:24:40 UTC ( 4 months, 1 week ago )
Last submission 2019-01-18 04:37:33 UTC ( 4 months, 1 week ago )
File names 5mZgD34d.exe
IEHost.exe
1zKoqrwj.exe
BEIfMHeh.exe
emotet_e1_548b9aa2c8da7698c2bcd7289db5c1f1562a5c85b4427bd85c063f667fd8d0c5_2019-01-18__023002.exe_
guV0JxkQ.exe
639.exe
dbYP4EoM1VM2.exe
Zw8UwhjMZ.exe
yio22gbgd.exe
Q5xBbajrmJ.exe
3Sbwnu8SsD9.exe
KP0MGBf1NfAl.exe
ONKphNKTwL.exe
IEHOST.EXE
q9QGZ8cuDW2.exe
6PhmEzUrKmbh.exe
Kukbm2izBcE.exe
a3rQQvJa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!