× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8
File name: 5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8.exe
Detection ratio: 44 / 69
Analysis date: 2019-02-17 02:38:19 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.41015528 20190216
ALYac Trojan.GenericKD.41015528 20190217
Arcabit Trojan.Generic.D271D8E8 20190217
Avast Win32:BankerX-gen [Trj] 20190216
AVG Win32:BankerX-gen [Trj] 20190216
BitDefender Trojan.GenericKD.41015528 20190217
Bkav HW32.Packed. 20190216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.53cdc2 20190109
Cylance Unsafe 20190217
Cyren W32/Emotet.OY.gen!Eldorado 20190217
DrWeb Trojan.EmotetENT.389 20190217
eGambit Unsafe.AI_Score_84% 20190217
Emsisoft Trojan.GenericKD.41015528 (B) 20190217
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.FXSM 20190217
F-Prot W32/Emotet.OY.gen!Eldorado 20190217
Fortinet W32/Kryptik.FXSM!tr 20190217
GData Trojan.GenericKD.41015528 20190217
Ikarus Trojan.Win32.Crypt 20190216
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0051ba511 ) 20190216
K7GW Trojan ( 0051ba511 ) 20190216
Kaspersky Trojan-Banker.Win32.Emotet.cgob 20190217
Malwarebytes Trojan.Emotet 20190217
MAX malware (ai score=83) 20190217
McAfee Emotet-FLY!3E8C9FDA39F4 20190217
McAfee-GW-Edition BehavesLike.Win32.Fujacks.cc 20190216
Microsoft Trojan:Win32/Emotet!rfn 20190217
eScan Trojan.GenericKD.41015528 20190217
NANO-Antivirus Trojan.Win32.Kryptik.fnbetx 20190217
Palo Alto Networks (Known Signatures) generic.ml 20190217
Panda Trj/GdSda.A 20190216
Qihoo-360 Win32/Trojan.742 20190217
Rising Trojan.Kryptik!8.8 (CLOUD) 20190217
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190217
Symantec Trojan.Emotet 20190216
Trapmine malicious.moderate.ml.score 20190123
TrendMicro-HouseCall TROJ_GEN.R020H05BF19 20190217
VBA32 BScope.Trojan.Emotet 20190215
Webroot W32.Trojan.Emotet 20190217
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cgob 20190216
AegisLab 20190217
AhnLab-V3 20190216
Alibaba 20180921
Antiy-AVL 20190217
Avast-Mobile 20190216
Avira (no cloud) 20190216
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190216
ClamAV 20190216
CMC 20190216
Comodo 20190217
F-Secure 20190217
Jiangmin 20190217
Kingsoft 20190217
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190217
Tencent 20190217
TheHacker 20190215
TotalDefense 20190216
Trustlook 20190217
ViRobot 20190216
Yandex 20190215
Zillya 20190215
Zoner 20190217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corporation. 1981-2000

Product Microsoft Message Queue
Original name MQDSCLI.DLL
File version 5.01.1108
Description Windows NT MQ Client Directory Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-13 20:26:08
Entry Point 0x00002A10
Number of sections 5
PE sections
PE imports
ClearEventLogA
CreatePrivateObjectSecurity
IsTokenRestricted
CM_Get_Device_Interface_List_SizeW
GetStockObject
SaveDC
ExtTextOutA
Polyline
SetTextCharacterExtra
CreateDIBSection
GetBkColor
Ellipse
ImmReleaseContext
GetSystemWow64DirectoryW
LockFileEx
GetLargePageMinimum
GetQueuedCompletionStatus
ContinueDebugEvent
GetCommandLineW
SetEvent
GetProcessPriorityBoost
CloseHandle
OpenMutexW
GetCurrentThreadId
GetStringTypeExW
GetVersion
MprAdminBufferFree
VarCyCmp
VarCyFromR8
NdrConformantArrayMarshall
ChrCmpIW
DeleteSecurityContext
WindowFromPoint
MessageBeep
PostMessageA
SetMenu
GetInputState
OleCreateDefaultHandler
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
TSWANA DEFAULT 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1995:11:13 21:26:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
5.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2a10

InitializedDataSize
0

SubsystemVersion
6.1

ImageVersion
6.0

OSVersion
6.0

UninitializedDataSize
106496

File identification
MD5 3e8c9fda39f41ed4162abf6ed17f6b2b
SHA1 96bd65b53cdc29a415557e982263ac7dd49c7ccc
SHA256 5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8
ssdeep
3072:LqhxTrY8wcgbGyBapHMR6m3ampM3vXZ0XIKLWD:LixTrYMOGaapHMXaiM3vXZN

authentihash e91a8d74ffe6710e971e16b57e57d45babb0421a2795135d614f3ecb40967062
imphash fbd4435197091d4bad5dc5e7d760b171
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-15 12:18:36 UTC ( 2 months ago )
Last submission 2019-02-18 08:42:15 UTC ( 2 months ago )
File names YyLNwDQynx.exe
rpGszKhqHOpg.exe
qirvvEO5Of72.exe
5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8.exe
output.115247116.txt
MQDSCLI.DLL
xj2qLMxT.exe
emotet_e1_5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8_2019-02-15__122502.exe_
498.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!