× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5584f1c848ef2dec37638a9dce81235238941fab44ed259a547cb69c7bf8a230
File name: 5584f1c848ef2dec37638a9dce81235238941fab44ed259a547cb69c7bf8a230
Detection ratio: 19 / 70
Analysis date: 2018-12-19 14:38:41 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
AegisLab Trojan.Win32.Generic.ljju 20181219
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.00aecb 20180225
Cylance Unsafe 20181219
Cyren W32/Emotet.LD.gen!Eldorado 20181219
Emsisoft Trojan.Emotet (A) 20181219
Endgame malicious (high confidence) 20181108
F-Prot W32/Emotet.LD.gen!Eldorado 20181219
Sophos ML heuristic 20181128
McAfee Emotet-FLD!9C768E400AEC 20181219
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181219
Microsoft Trojan:Win32/Fuerboos.A!cl 20181218
Qihoo-360 HEUR/QVM20.1.F89F.Malware.Gen 20181219
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazoOgUq6aQCqzllZzVbT1EN8) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181219
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181219
Ad-Aware 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Arcabit 20181219
Avast 20181219
Avast-Mobile 20181219
AVG 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181219
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
DrWeb 20181219
eGambit 20181219
ESET-NOD32 20181219
F-Secure 20181219
Fortinet 20181219
GData 20181219
Ikarus 20181219
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kaspersky 20181219
Kingsoft 20181219
Malwarebytes 20181219
MAX 20181219
eScan 20181219
NANO-Antivirus 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181219
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VBA32 20181219
ViRobot 20181219
Yandex 20181219
Zillya 20181219
ZoneAlarm by Check Point 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © LEAD Technologies, Inc. 1997

Product LEADTOOLS® DLL for Win32
Original name LTFIL80N.DLL
Internal name LTFIL80N
File version 8.00.0.010
Description LEADTOOLS® DLL for Win32
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-05 05:51:36
Entry Point 0x00002707
Number of sections 6
PE sections
PE imports
CloseServiceHandle
RegOpenCurrentUser
CM_Disable_DevNode
FindTextA
CertIsValidCRLForCertificate
CreateFontIndirectW
OffsetRgn
DrawEscape
SetWorldTransform
StrokePath
SetBoundsRect
GetTextCharacterExtra
CreateSolidBrush
DeleteBoundaryDescriptor
GetTimeZoneInformation
FindAtomW
CompareFileTime
GetConsoleOutputCP
Heap32Next
SetCommConfig
ZombifyActCtx
ActivateActCtx
LoadLibraryExW
CreateTimerQueueTimer
DeleteTimerQueue
RequestWakeupLatency
CreateWaitableTimerA
LocalReAlloc
GetCurrentThreadId
CloseHandle
SetConsoleScreenBufferSize
CreateMutexExA
GetLocaleInfoW
RpcBindingSetAuthInfoExW
SHLoadNonloadedIconOverlayIdentifiers
SendNotifyMessageA
UnhookWindowsHookEx
GetSysColorBrush
GetMenuState
GetMessageExtraInfo
IsMenu
GetClassWord
DrawFrameControl
CreateDesktopW
PtInRect
mmioRead
waveInStart
EnumPortsW
CryptCATEnumerateMember
CryptCATHandleFromStore
wcsftime
feof
mbtowc
CoUninitialize
OleIsRunning
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
12288

SubsystemVersion
6.0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.10

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LEADTOOLS DLL for Win32

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2707

OriginalFileName
LTFIL80N.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright LEAD Technologies, Inc. 1997

FileVersion
8.00.0.010

TimeStamp
2005:07:05 07:51:36+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
LTFIL80N

ProductVersion
8.00.0.010

UninitializedDataSize
0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LEAD Technologies, Inc.

LegalTrademarks
LEADTOOLS is a trademark of LEAD Technologies, Inc.

ProductName
LEADTOOLS DLL for Win32

ProductVersionNumber
8.0.0.10

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9c768e400aecb0f694ecd9e953f0b4c5
SHA1 7b2e195f5e288e7e237045c224b8cf05141b8724
SHA256 5584f1c848ef2dec37638a9dce81235238941fab44ed259a547cb69c7bf8a230
ssdeep
1536:+ri1l6KM/r7Vp0IfSaBmVJlc7ndkLLjYB6Ba7yZDGNOWyaBtn6/wpk9YhmqkI:+rQjM/rsIv8bC7dG2YbaBh6ogYo4

authentihash 9cd26bd0443e6ddb123960c63ecf426d09130db46279e9b198271bfe97e93c8b
imphash ce44d01afbdf70230133e8cb98c4aec8
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 14:38:41 UTC ( 2 months ago )
Last submission 2018-12-19 14:38:41 UTC ( 2 months ago )
File names p7dZJHDfm.exe
LTFIL80N
ChFQI5wmm.exe
g3CDF1NaU.exe
LTFIL80N.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!