× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a589f7b0c3f95aaa3bbc789f0a3a1428470a85c1ede252ab0345309521bf4a9
File name: Djb3biWUXFNkc9Ev8O.exe
Detection ratio: 34 / 68
Analysis date: 2018-10-17 01:42:35 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40615199 20181017
ALYac Trojan.GenericKD.40615199 20181016
Arcabit Trojan.Generic.D26BBD1F 20181017
AVG FileRepMalware 20181017
BitDefender Trojan.GenericKD.40615199 20181017
CAT-QuickHeal Trojan.Emotet.X4 20181013
ClamAV Win.Trojan.Emotet-6707392-0 20181016
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.d7050c 20180225
Cylance Unsafe 20181017
Cyren W32/Trojan.WZCJ-4843 20181016
Emsisoft Trojan.GenericKD.40615199 (B) 20181017
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLRX 20181017
F-Secure Trojan.GenericKD.40615199 20181017
Fortinet W32/Kryptik.GLRF!tr 20181016
GData Trojan.GenericKD.40615199 20181017
Ikarus Trojan.Win32.Krypt 20181016
K7AntiVirus Trojan ( 0053b6a31 ) 20181016
K7GW Trojan ( 0053b6a31 ) 20181016
Kaspersky Trojan-Banker.Win32.Emotet.bipl 20181017
Malwarebytes Trojan.Emotet 20181016
McAfee GenericRXGM-WN!55D1E77D7050 20181017
McAfee-GW-Edition BehavesLike.Win32.AdwareLinkury.gt 20181016
eScan Trojan.GenericKD.40615199 20181017
Palo Alto Networks (Known Signatures) generic.ml 20181017
Panda Trj/RnkBend.A 20181016
Qihoo-360 HEUR/QVM20.1.8AA9.Malware.Gen 20181017
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181016
Symantec Trojan.Emotet 20181016
Tencent Win32.Trojan-banker.Emotet.Sxoj 20181017
Webroot W32.Trojan.Emotet 20181017
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bipl 20181017
AegisLab 20181017
AhnLab-V3 20181016
Alibaba 20180921
Antiy-AVL 20181017
Avast 20181017
Avast-Mobile 20181016
Avira (no cloud) 20181017
AVware 20180925
Babable 20180918
Baidu 20181015
Bkav 20181016
CMC 20181016
Comodo 20181017
DrWeb 20181017
eGambit 20181017
F-Prot 20181017
Sophos ML 20180717
Jiangmin 20181016
Kingsoft 20181017
MAX 20181017
Microsoft 20181017
NANO-Antivirus 20181016
Rising 20181017
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181016
TheHacker 20181015
TotalDefense 20181016
TrendMicro 20181016
TrendMicro-HouseCall 20181016
Trustlook 20181017
VBA32 20181016
ViRobot 20181017
Yandex 20181016
Zillya 20181016
Zoner 20181016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2015 The Apache Software Foundation or its licensors, as applicable.

Product Apache Portable Runtime Project
Original name libapr-1.dll
Internal name libapr-1
File version 1.5.2
Description Apache Portable Runtime Library
Comments Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-15 12:15:53
Entry Point 0x00050E53
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorControl
JetRollback
SetBitmapDimensionEx
GetTickCount64
QueryProcessCycleTime
GetAtomNameA
SwitchToThread
SetThreadPriority
GetSystemRegistryQuota
FlsGetValue
Wow64SetThreadContext
CreateTimerQueue
GetDiskFreeSpaceA
FlsFree
GetModuleHandleW
GetBinaryTypeA
GetCurrentThread
FlashWindow
SendDlgItemMessageW
ToAscii
GetFocus
GetRawInputDeviceList
LookupIconIdFromDirectoryEx
ToAsciiEx
GetNextDlgTabItem
SetRect
UnpackDDElParam
RegisterRawInputDevices
SCardReleaseContext
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Apache Portable Runtime Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
142848

EntryPoint
0x50e53

OriginalFileName
libapr-1.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2000-2015 The Apache Software Foundation or its licensors, as applicable.

FileVersion
1.5.2

TimeStamp
2018:10:15 14:15:53+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
libapr-1

ProductVersion
1.5.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
332288

ProductName
Apache Portable Runtime Project

ProductVersionNumber
1.5.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 55d1e77d7050c89dae86f9587c21590c
SHA1 f7539f235343283905b2bed36a3466c441a27863
SHA256 5a589f7b0c3f95aaa3bbc789f0a3a1428470a85c1ede252ab0345309521bf4a9
ssdeep
3072:e356vntvVpDlel7K7Mqa7hKQl39O9QTDz:eJ6P5VmlT7hKi39OQ7

authentihash 6fdfa5ae1edd53ff5e5e0cbe005f941e2b3634f6526255be56e5290ae03fa4e4
imphash 152bc89a87af3c4a630fc6ac0a67a76d
File size 459.5 KB ( 470528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-15 12:19:51 UTC ( 4 months, 1 week ago )
Last submission 2018-10-15 12:19:51 UTC ( 4 months, 1 week ago )
File names libapr-1.dll
libapr-1
Djb3biWUXFNkc9Ev8O.exe
pageshexa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!