× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7
File name: 5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7
Detection ratio: 21 / 70
Analysis date: 2019-03-15 00:06:09 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190313
Avast Win32:Trojan-gen 20190315
AVG Win32:Trojan-gen 20190315
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190314
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.b7ba8a 20190109
Cylance Unsafe 20190315
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190315
F-Secure Trojan.TR/Crypt.ZPACK.Gen2 20190315
Sophos ML heuristic 20190313
Microsoft Trojan:Win32/Fuerboos.C!cl 20190314
Qihoo-360 HEUR/QVM20.1.D917.Malware.Gen 20190315
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazqbC4verigwTNHlYg7txU+k) 20190314
SentinelOne (Static ML) DFI - Malicious PE 20190311
Symantec Packed.Generic.459 20190314
Trapmine malicious.moderate.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.SMAL08 20190314
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190314
VBA32 BScope.Malware-Cryptor.Emotet 20190314
Webroot W32.Trojan.Emotet 20190315
Ad-Aware 20190314
AegisLab 20190314
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190315
Antiy-AVL 20190314
Arcabit 20190315
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
BitDefender 20190315
Bkav 20190314
CAT-QuickHeal 20190314
ClamAV 20190314
CMC 20190314
Comodo 20190314
Cyren 20190315
DrWeb 20190315
eGambit 20190315
Emsisoft 20190315
F-Prot 20190314
Fortinet 20190315
GData 20190314
Ikarus 20190314
Jiangmin 20190314
K7AntiVirus 20190314
K7GW 20190314
Kaspersky 20190315
Kingsoft 20190315
Malwarebytes 20190315
MAX 20190315
McAfee 20190314
McAfee-GW-Edition 20190314
eScan 20190314
NANO-Antivirus 20190314
Palo Alto Networks (Known Signatures) 20190315
Panda 20190314
Sophos AV 20190315
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190314
Tencent 20190315
TheHacker 20190308
TotalDefense 20190314
Trustlook 20190315
ViRobot 20190314
Yandex 20190314
Zillya 20190314
ZoneAlarm by Check Point 20190314
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 Qihu 360 Software Co., Ltd.

Product 360 Internet Security
Original name WDSafeDown.exe
Internal name WDSafeDown.exe
File version 2, 0, 0, 1200
Description 360 Internet Security Internet Protection
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:39 PM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 00:01:20
Entry Point 0x000016E0
Number of sections 4
PE sections
Overlays
MD5 1b0dae4f2776c2f12c2ef290d4697ef0
File type data
Offset 204288
Size 3336
Entropy 7.32
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetTimeFormatW
FindNextFileW
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
IsBadReadPtr
VirtualAlloc
GetOEMCP
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
SendDlgItemMessageA
CharNextExA
DdeCreateStringHandleA
PeekMessageA
EnableMenuItem
DispatchMessageA
GetTopWindow
TranslateAccelerator
CreateIconFromResource
GetSystemMenu
CreateDialogParamA
GetDCEx
GetMessageTime
InvalidateRgn
FlashWindow
DestroyWindow
Number of PE resources by type
RT_STRING 21
RT_ICON 3
RT_VERSION 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 26
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
97280

ImageVersion
0.0

ProductName
360 Internet Security

FileVersionNumber
2.0.0.1200

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
WDSafeDown.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 0, 0, 1200

TimeStamp
2019:03:15 01:01:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WDSafeDown.exe

ProductVersion
2, 0, 0, 1200

FileDescription
360 Internet Security Internet Protection

OSVersion
5.0

FileOS
Win32

LegalCopyright
(C) 2014 Qihu 360 Software Co., Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
Qihu 360 Software Co., Ltd.

CodeSize
105984

FileSubtype
0

ProductVersionNumber
2.0.0.1200

EntryPoint
0x16e0

ObjectFileType
Executable application

File identification
MD5 124d608b7ba8a0b76f165a428e96fa61
SHA1 14de41e84e4cacb7b52cad7df52d3ad56143979d
SHA256 5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7
ssdeep
3072:42B7dBvk2GgrQCz+VGUbqPM902yHydV1ETnJaEXm:3s29z+VGUQM9UHQuV8

authentihash bafdb07cd7f64998dc228bc52e5d69ef411ee0d50b1e88082a82e5ebf3e0ced9
imphash 5e738c5bf568cfafdb287097135f2ad4
File size 202.8 KB ( 207624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 00:06:09 UTC ( 1 month, 1 week ago )
Last submission 2019-03-15 06:41:30 UTC ( 1 month, 1 week ago )
File names emotet_e1_5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7_2019-03-15__001502.exe_
U5olmQ1Pe.exe
WDSafeDown.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections