× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b9b2bd49955e7a5f1c384777f6bedce46fb708d0cd2399022ca5609d2153053
File name: 5b9b2bd49955e7a5f1c384777f6bedce46fb708d0cd2399022ca5609d2153053
Detection ratio: 44 / 72
Analysis date: 2018-12-20 18:55:18 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Trojan.GenericKD.40838660 20181220
AhnLab-V3 Trojan/Win32.Emotet.R249146 20181220
ALYac Trojan.GenericKD.40838660 20181220
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181220
Arcabit Trojan.Generic.D26F2604 20181220
Avast Win32:BankerX-gen [Trj] 20181220
AVG Win32:BankerX-gen [Trj] 20181220
Avira (no cloud) TR/AD.Emotet.pzish 20181220
BitDefender Trojan.GenericKD.40838660 20181220
CAT-QuickHeal Trojan.Emotet.X4 20181220
Comodo Malware@#3p3uaq9k05x7d 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181220
Emsisoft Trojan.Emotet (A) 20181220
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNWN 20181220
F-Secure Trojan.GenericKD.40838660 20181220
Fortinet W32/GenKryptik.CUHC!tr 20181220
GData Trojan.GenericKD.40838660 20181220
Ikarus Trojan-Banker.Emotet 20181220
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00543d9d1 ) 20181220
K7GW Trojan ( 00543d9d1 ) 20181220
Kaspersky Trojan-Banker.Win32.Emotet.bvmo 20181220
Malwarebytes Trojan.Emotet 20181220
MAX malware (ai score=100) 20181220
Microsoft Trojan:Win32/Emotet.AC!bit 20181220
eScan Trojan.GenericKD.40838660 20181220
Palo Alto Networks (Known Signatures) generic.ml 20181220
Qihoo-360 Win32/Trojan.88c 20181220
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181220
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-AOI 20181220
Symantec Trojan.Gen.MBT 20181220
TACHYON Banker/W32.Emotet.151552.AJ 20181220
Tencent Win32.Trojan-banker.Emotet.Hqlk 20181220
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R002C0OLJ18 20181220
TrendMicro-HouseCall TROJ_GEN.R002C0OLJ18 20181220
VBA32 BScope.TrojanBanker.Emotet 20181220
ViRobot Trojan.Win32.Z.Fuerboos.151552 20181220
Webroot W32.Trojan.Emotet 20181220
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvmo 20181220
AegisLab 20181220
Alibaba 20180921
Avast-Mobile 20181220
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20181220
ClamAV 20181220
CMC 20181219
Cybereason 20180225
Cyren 20181220
DrWeb 20181220
eGambit 20181220
F-Prot 20181220
Jiangmin 20181220
Kingsoft 20181220
McAfee 20181220
McAfee-GW-Edition 20181220
NANO-Antivirus 20181220
Panda 20181219
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TheHacker 20181216
TotalDefense 20181220
Trustlook 20181220
VIPRE 20181220
Yandex 20181220
Zillya 20181219
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2001 Microsoft Corporation.

Product Twain Thunker
Internal name msencode
File version 2001072500
Description Twain.dll Client's 32-Bit
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x0000707B
Number of sections 6
PE sections
PE imports
CertDuplicateCTLContext
GetColorAdjustment
EndPath
GetModuleHandleW
SetCurrentConsoleFontEx
NetLocalGroupGetInfo
BeginPaint
PackDDElParam
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
32768

SubsystemVersion
5.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2001.7.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twain.dll Client's 32-Bit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
62976

EntryPoint
0x707b

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2001 Microsoft Corporation.

FileVersion
2001072500

TimeStamp
2004:08:04 08:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msencode

ProductVersion
10.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

ProductName
Twain Thunker

ProductVersionNumber
10.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 27508a9338f21368e43bc3bb02397d6f
SHA1 4db24de5e2213fa846217ae4ae1dae9daa70e3ff
SHA256 5b9b2bd49955e7a5f1c384777f6bedce46fb708d0cd2399022ca5609d2153053
ssdeep
3072:a9NKqn8ea9QPbgrdaFACorZ9sC88AWRHMvdRtR:yjBPbgrdgACorZjhjRHMFR

authentihash 10884e288e8ef0ef5917cda2a4cf39e14d86e1f954c518eeba402d038e037189
imphash 41c4a44ee612f13ecc9a85d75eaed8da
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 14:04:40 UTC ( 2 months ago )
Last submission 2018-12-20 18:55:18 UTC ( 2 months ago )
File names msencode
IG7w3o9h.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!