× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b7288792beb69388019d989bb1cfa6c63bf16245114bb5121bd043b7a53edfa
File name: 5b7288792beb69388019d989bb1cfa6c63bf16245114bb5121bd043b7a53edfa
Detection ratio: 20 / 65
Analysis date: 2019-03-16 02:59:55 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Gen:Variant.Razy.477075 20190316
Arcabit Trojan.Razy.D74793 20190316
BitDefender Gen:Variant.Razy.477075 20190316
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Emsisoft Gen:Variant.Razy.477075 (B) 20190316
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190316
GData Gen:Variant.Razy.477075 20190316
Sophos ML heuristic 20190313
MAX malware (ai score=85) 20190316
McAfee Emotet-FMI!F80CE5A067F2 20190316
Microsoft Trojan:Win32/Fuerboos.C!cl 20190316
eScan Gen:Variant.Razy.477075 20190316
Qihoo-360 HEUR/QVM20.1.DF67.Malware.Gen 20190316
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgMPAP7Qmc8LBQ) 20190316
SentinelOne (Static ML) DFI - Malicious PE 20190311
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMF 20190316
VBA32 BScope.Malware-Cryptor.Emotet 20190315
AegisLab 20190316
AhnLab-V3 20190315
Alibaba 20190306
ALYac 20190316
Antiy-AVL 20190316
Avast 20190316
Avast-Mobile 20190315
AVG 20190316
Avira (no cloud) 20190316
Babable 20180918
Baidu 20190306
Bkav 20190314
CAT-QuickHeal 20190315
ClamAV 20190315
CMC 20190315
Comodo 20190316
Cyren 20190316
DrWeb 20190316
eGambit 20190316
F-Secure 20190316
Fortinet 20190316
Ikarus 20190315
Jiangmin 20190316
K7AntiVirus 20190315
K7GW 20190315
Kaspersky 20190316
Kingsoft 20190316
Malwarebytes 20190316
McAfee-GW-Edition 20190315
NANO-Antivirus 20190316
Palo Alto Networks (Known Signatures) 20190316
Panda 20190315
Sophos AV 20190316
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190316
Tencent 20190316
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190316
VIPRE 20190315
ViRobot 20190315
Yandex 20190315
Zillya 20190315
ZoneAlarm by Check Point 20190316
Zoner 20190316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Cmd.Exe
Internal name cmd
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Command Processor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:38 PM 3/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-16 02:51:12
Entry Point 0x000011A0
Number of sections 4
PE sections
Overlays
MD5 a99e4bc218291b33ec04d0ea586280d9
File type data
Offset 233472
Size 3336
Entropy 7.35
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
SetRectRgn
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetOverlappedResult
SetEvent
EncodePointer
GetFileAttributesW
DuplicateHandle
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
EnumSystemLocalesW
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
lstrcmpiA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
GetOEMCP
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
WritePrivateProfileStringW
SetLastError
ConnectNamedPipe
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
GlobalFindAtomW
lstrcpynW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
InterlockedExchangeAdd
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
WaitForMultipleObjectsEx
TerminateProcess
GetModuleHandleExW
GlobalAlloc
VirtualQueryEx
FileTimeToLocalFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
LCMapStringW
GetDateFormatW
GetCommProperties
GetStartupInfoW
GetUserDefaultLCID
CreateNamedPipeW
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetProcAddress
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetCommState
lstrlenW
CreateProcessW
SetupComm
GetCPInfoExW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
FindFirstFileExW
InterlockedCompareExchange
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SwitchToThread
IsValidCodePage
OpenEventW
VirtualQuery
VirtualFree
Sleep
IsBadReadPtr
SetThreadPriority
VirtualAlloc
ResetEvent
Shell_NotifyIconW
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SetForegroundWindow
SendMessageTimeoutA
DdeCreateStringHandleA
LoadStringA
FlashWindow
TranslateAccelerator
CreateIconFromResource
MessageBoxA
GetDCEx
GetTopWindow
GetMessageTime
InvalidateRgn
Number of PE resources by type
RT_ICON 10
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Command Processor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
109056

EntryPoint
0x11a0

OriginalFileName
Cmd.Exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2019:03:16 03:51:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmd

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
123392

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f80ce5a067f2d8a6bead366bb689e780
SHA1 a5ecd18dad93fe821fe6caf587377380722d0f95
SHA256 5b7288792beb69388019d989bb1cfa6c63bf16245114bb5121bd043b7a53edfa
ssdeep
3072:1p/0A4Hk2GgrQCz+VGUbqPM902yHydViYaFD3cjyGM2:7M9E29z+VGUQM9UHQfM3cme

authentihash d0cc9dfb1c0bb299e69f7f18aed895f4182e925f950cdfcf17dc46c887bcfea8
imphash 944b290737a8d7395ca8785d5941ab53
File size 231.3 KB ( 236808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-16 02:59:55 UTC ( 1 month, 1 week ago )
Last submission 2019-03-16 04:12:18 UTC ( 1 month, 1 week ago )
File names emotet_e1_5b7288792beb69388019d989bb1cfa6c63bf16245114bb5121bd043b7a53edfa_2019-03-16__030002.exe_
Jq2uz6bw.exe
cmd
Cmd.Exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections