× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5870b8085afcf093a83add8e93cb632783f0b25eb443c51475b57ca2ff90e1a4
File name: 5870b8085afcf093a83add8e93cb632783f0b25eb443c51475b57ca2ff90e1a4
Detection ratio: 12 / 68
Analysis date: 2018-09-13 16:10:12 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20180912
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180913
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKTJ 20180913
Fortinet W32/Kryptik.GKSO!tr 20180913
McAfee Emotet-FIB!DC3DA5BEB337 20180913
Microsoft Trojan:Win32/Emotet.AC!bit 20180913
Qihoo-360 HEUR/QVM20.1.D775.Malware.Gen 20180913
Rising Spyware.Ursnif!8.1DEF (TFE:dGZlOgEEcqHp3Dw7mg) 20180913
Symantec Packed.Generic.517 20180912
Webroot W32.Trojan.Emotet 20180913
Ad-Aware 20180913
AegisLab 20180913
AhnLab-V3 20180913
Alibaba 20180713
ALYac 20180913
Antiy-AVL 20180913
Arcabit 20180913
Avast 20180913
Avast-Mobile 20180913
AVG 20180913
Avira (no cloud) 20180913
AVware 20180913
Babable 20180907
Baidu 20180912
BitDefender 20180913
Bkav 20180912
ClamAV 20180913
CMC 20180913
Comodo 20180913
Cybereason 20180225
Cyren 20180913
DrWeb 20180913
eGambit 20180913
Emsisoft 20180913
F-Prot 20180913
F-Secure 20180913
GData 20180913
Ikarus 20180913
Sophos ML 20180717
Jiangmin 20180912
K7AntiVirus 20180913
K7GW 20180913
Kaspersky 20180913
Kingsoft 20180913
Malwarebytes 20180913
MAX 20180913
McAfee-GW-Edition 20180913
eScan 20180913
NANO-Antivirus 20180913
Palo Alto Networks (Known Signatures) 20180913
Panda 20180913
SentinelOne (Static ML) 20180830
Sophos AV 20180913
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180913
Tencent 20180913
TheHacker 20180913
TotalDefense 20180913
TrendMicro 20180913
TrendMicro-HouseCall 20180913
Trustlook 20180913
VBA32 20180913
VIPRE 20180913
ViRobot 20180913
Yandex 20180912
Zillya 20180912
ZoneAlarm by Check Point 20180913
Zoner 20180913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-13 23:03:24
Entry Point 0x0001BE30
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
FrameRgn
SetThreadLocale
GetModuleHandleA
VerifyScripts
FlushFileBuffers
GetProcessHeap
BSTR_UserFree
RasDeleteEntryW
I_RpcGetExtendedError
SetupDiBuildClassInfoListExW
StrChrNW
IsCharLowerW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1be30

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:14 00:03:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
114688

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dc3da5beb337edbadac662f582a07dec
SHA1 fea1ba9ab0cfe0e75fe2d0ae35d1ef9e13095838
SHA256 5870b8085afcf093a83add8e93cb632783f0b25eb443c51475b57ca2ff90e1a4
ssdeep
6144:jGZA4cPzQFJaQ6BMe6NNVQS+90N0IbEwgMMb:jGZALzuiMZ3OS+G7bEwx

authentihash 661c9f36e8f9a5494b03c19425ffc6f1fa04661377666ba1eddf3966fb399bbd
imphash 39e51632758a8dd826c1545a2b538157
File size 344.0 KB ( 352256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-13 16:10:12 UTC ( 5 months, 1 week ago )
Last submission 2018-09-13 16:10:12 UTC ( 5 months, 1 week ago )
File names 60685834.exe
32.exe
wdiwindow.exe
wdiwindow.exe
QllZd.dll
86524260.exe
deepstring.exe
7.exe
deepstring.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!