× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e810d374357abd147e4f7d049e25e8a80d44b3056086f7a318b9ce8b98399a5
File name: QxAgCOW8.exe
Detection ratio: 45 / 67
Analysis date: 2018-11-06 01:50:17 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40583963 20181106
AegisLab Trojan.Win32.Emotet.4!c 20181106
AhnLab-V3 Trojan/Win32.Emotet.R238516 20181105
ALYac Trojan.Agent.Emotet 20181106
Arcabit Trojan.Generic.D26B431B 20181106
Avast Win32:Malware-gen 20181106
AVG Win32:Malware-gen 20181106
BitDefender Trojan.GenericKD.40583963 20181106
Bkav HW32.Packed. 20181102
CAT-QuickHeal Trojan.IGENERIC 20181105
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181106
Cyren W32/Emotet.HM.gen!Eldorado 20181106
Emsisoft Trojan.GenericKD.40583963 (B) 20181106
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLLL 20181105
F-Prot W32/Emotet.HM.gen!Eldorado 20181106
F-Secure Trojan.GenericKD.40583963 20181106
Fortinet W32/GenKryptik.CNIZ!tr 20181106
GData Trojan.GenericKD.40583963 20181106
Ikarus Trojan-Banker.Emotet 20181105
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dic 20181106
K7AntiVirus Trojan ( 0053e5231 ) 20181105
K7GW Trojan ( 0053e5231 ) 20181105
Kaspersky Trojan-Banker.Win32.Emotet.bhll 20181106
Malwarebytes Trojan.Emotet 20181106
McAfee RDN/PWS-Banker 20181106
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181105
Microsoft Trojan:Win32/Emotet.AC!bit 20181106
eScan Trojan.GenericKD.40583963 20181105
NANO-Antivirus Virus.Win32.Gen.ccmw 20181105
Palo Alto Networks (Known Signatures) generic.ml 20181106
Panda Trj/GdSda.A 20181105
Qihoo-360 Win32/Trojan.88c 20181106
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181105
Symantec Trojan.Gen.2 20181105
Tencent Win32.Trojan-banker.Emotet.Hsiw 20181106
TrendMicro TROJ_GEN.R002C0RJ918 20181105
TrendMicro-HouseCall TROJ_GEN.R002C0RJ918 20181105
VBA32 BScope.Trojan.Azden 20181105
Webroot W32.Trojan.Emotet 20181106
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bhll 20181106
Alibaba 20180921
Antiy-AVL 20181106
Avast-Mobile 20181105
Avira (no cloud) 20181105
Babable 20180918
Baidu 20181105
ClamAV 20181106
CMC 20181105
Cybereason 20180225
DrWeb 20181106
eGambit 20181106
Kingsoft 20181106
MAX 20181106
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
TheHacker 20181104
TotalDefense 20181105
Trustlook 20181106
ViRobot 20181105
Yandex 20181102
Zillya 20181105
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product С® Qwe® Operating System
Original name Sidebar U
Internal name Sidebar U
Description Windows Sideb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-28 14:30:48
Entry Point 0x0001A4E6
Number of sections 5
PE sections
PE imports
GetServiceDisplayNameW
LogonUserA
GetFileSecurityA
LookupAccountSidW
GetTextCharsetInfo
GetCurrentObject
FillRgn
ExtTextOutW
DeleteDC
GetMapMode
GetCurrentPositionEx
FloodFill
ExtTextOutA
GetDIBits
GdiFlush
GetViewportOrgEx
GetRandomRgn
GetSystemTime
GetVolumePathNameW
GetSystemInfo
lstrcmpiA
DebugBreak
FlushFileBuffers
DeleteCriticalSection
GetDateFormatA
GetPrivateProfileStringA
LoadLibraryExW
VirtualLock
GetProfileSectionA
WriteProfileStringW
SetFileBandwidthReservation
DeleteTimerQueue
GetTempFileNameW
lstrcpynW
EraseTape
GetModuleHandleA
GetSystemTimes
GetSystemTimeAdjustment
GetThreadSelectorEntry
FindCloseChangeNotification
GetCurrencyFormatA
VirtualQueryEx
GetFileType
ExtractIconExA
DecryptMessage
BeginDeferWindowPos
GetOpenClipboardWindow
GetScrollPos
GetUpdateRect
IsRectEmpty
GetClassInfoExA
DestroyCursor
GetMessageW
GetShellWindow
LoadKeyboardLayoutA
GetProcessWindowStation
GetPrinterDataW
strftime
fsetpos
MkParseDisplayName
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Sideb

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
56320

EntryPoint
0x1a4e6

OriginalFileName
Sidebar U

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights re

TimeStamp
2004:04:28 15:30:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sidebar U

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
4.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corporation

CodeSize
113152

ProductName
Qwe Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 27a6c62b3e3b1ffc542ba9929c321453
SHA1 cec7965011440b25fa49ed6c1430d48759e6e22e
SHA256 5e810d374357abd147e4f7d049e25e8a80d44b3056086f7a318b9ce8b98399a5
ssdeep
3072:zj3hR+v2Ql2JuIh/rVL9UG1aPDPaO5zTlBtYmVX0WWne+xCT2Yv:nPXQcEIZdTaPraqzTDtpX0

authentihash f513d79d5495ca7f01ad5bfb1b0e26fbaf4828265766eed5b7b2f3682081e7ad
imphash c6e017eb1e216ac8eeaee8fe2fb03e41
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-07 12:18:43 UTC ( 4 months, 2 weeks ago )
Last submission 2019-02-15 06:40:40 UTC ( 1 week, 1 day ago )
File names Sidebar U
QxAgCOW8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!