× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a150e3d23cc7f9fee0617c89ed45c66ca4b3ec340bae0f9f6b15fb689fc1570
File name: P69D9BpFLj7ybZMZkEX.exe
Detection ratio: 15 / 69
Analysis date: 2018-12-17 13:09:44 UTC ( 2 months ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Buzus.kZ0o 20181217
Avast FileRepMalware 20181216
AVG FileRepMalware 20181217
CAT-QuickHeal Trojan.Emotet.X4 20181217
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Emsisoft Trojan.Emotet (A) 20181217
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Emotet.AC!bit 20181216
Palo Alto Networks (Known Signatures) generic.ml 20181217
Qihoo-360 HEUR/QVM20.1.ED07.Malware.Gen 20181217
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgJHFPKNzEd+lQ) 20181217
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181216
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181217
AhnLab-V3 20181217
Alibaba 20180921
ALYac 20181217
Antiy-AVL 20181217
Arcabit 20181217
Avast-Mobile 20181216
Avira (no cloud) 20181217
Babable 20180918
Baidu 20181207
BitDefender 20181217
Bkav 20181217
ClamAV 20181217
CMC 20181216
Comodo 20181217
Cybereason 20180225
Cyren 20181217
DrWeb 20181217
eGambit 20181217
ESET-NOD32 20181217
F-Prot 20181217
F-Secure 20181217
Fortinet 20181217
GData 20181217
Ikarus 20181216
Jiangmin 20181217
K7AntiVirus 20181217
K7GW 20181217
Kaspersky 20181217
Kingsoft 20181217
Malwarebytes 20181216
MAX 20181217
McAfee 20181217
McAfee-GW-Edition 20181217
eScan 20181217
NANO-Antivirus 20181217
Panda 20181216
Sophos AV 20181217
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181217
Tencent 20181217
TheHacker 20181216
TotalDefense 20181217
TrendMicro 20181217
TrendMicro-HouseCall 20181217
Trustlook 20181217
VBA32 20181214
VIPRE 20181217
ViRobot 20181217
Webroot 20181217
Yandex 20181217
Zillya 20181215
ZoneAlarm by Check Point 20181217
Zoner 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2001 Microsoft Corporation.

Product Twain Thunker
Internal name msencode
File version 2001072500
Description Twain.dll Client's 32-Bit
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x00007026
Number of sections 6
PE sections
PE imports
CertDuplicateCTLContext
GetColorAdjustment
EndPath
SetCurrentConsoleFontEx
GetModuleHandleW
NetLocalGroupGetInfo
BeginPaint
PackDDElParam
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
32768

SubsystemVersion
5.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2001.7.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twain.dll Client's 32-Bit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
62976

EntryPoint
0x7026

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2001 Microsoft Corporation.

FileVersion
2001072500

TimeStamp
2004:08:04 00:56:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
msencode

ProductVersion
10.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

ProductName
Twain Thunker

ProductVersionNumber
10.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e3294cf0e72209e71ae6f01c560fe692
SHA1 97f335011bdf01128f2dc1fdd57fb8bb3061f3ef
SHA256 5a150e3d23cc7f9fee0617c89ed45c66ca4b3ec340bae0f9f6b15fb689fc1570
ssdeep
3072:8Jd8InJDKIJ3uMXCNt91sxIAglD777BfaJ9g9M:wFnJKIJ3uBNtwx1glvBfaJC

authentihash 193140bb94e3cb1ee34c1d52640e4d8c2a4bd4a232d870abf1c066405f008465
imphash 0379906e085dbe34a14f389d4d7b928b
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 13:04:09 UTC ( 2 months ago )
Last submission 2018-12-17 22:51:40 UTC ( 2 months ago )
File names msencode
pdhjit.exe.old
mergedcyan.exe
21490016.exe
kKVn.exe
P69D9BpFLj7ybZMZkEX.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!