× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ed869578abcc9f9e4983adc3482394f231b2144a36a34be75694f4280fa4581
File name: C127AC9D.exe
Detection ratio: 33 / 68
Analysis date: 2018-09-14 05:14:49 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Arcabit Trojan.Autoruns.Generic.D1DC2F58 20180914
Avira (no cloud) TR/AD.Emotet.zlvkz 20180914
BitDefender Trojan.Autoruns.GenericKD.31207256 20180914
CAT-QuickHeal Trojan.Emotet.X4 20180912
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180914
Cyren W32/Emotet.GH.gen!Eldorado 20180914
Emsisoft Trojan.Autoruns.GenericKD.31207256 (B) 20180914
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKTJ 20180914
F-Prot W32/Emotet.GH.gen!Eldorado 20180914
F-Secure Trojan.Autoruns.GenericKD.31207256 20180914
Fortinet W32/Kryptik.GKSO!tr 20180914
GData Win32.Trojan-Spy.Emotet.Y18Z03 20180914
Sophos ML heuristic 20180717
K7GW Trojan ( 0053c65d1 ) 20180914
Kaspersky Trojan-Banker.Win32.Emotet.bdni 20180914
Malwarebytes Trojan.Emotet 20180914
MAX malware (ai score=95) 20180914
McAfee RDN/Generic.grp 20180914
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fm 20180914
Microsoft Trojan:Win32/Emotet 20180914
eScan Trojan.Autoruns.GenericKD.31207256 20180914
Palo Alto Networks (Known Signatures) generic.ml 20180914
Qihoo-360 Win32/Trojan.c84 20180914
Rising Spyware.Ursnif!8.1DEF (TFE:1:0KHXwQGJ8ON) 20180914
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180914
Symantec Packed.Generic.517 20180914
TrendMicro TROJ_GEN.USID18 20180914
TrendMicro-HouseCall TROJ_GEN.USID18 20180914
Webroot W32.Trojan.Emotet 20180914
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bdni 20180914
Ad-Aware 20180913
AegisLab 20180914
AhnLab-V3 20180914
Alibaba 20180713
ALYac 20180914
Antiy-AVL 20180913
Avast 20180914
Avast-Mobile 20180914
AVG 20180914
AVware 20180914
Babable 20180907
Baidu 20180914
Bkav 20180912
ClamAV 20180914
CMC 20180913
Comodo 20180914
Cybereason 20180225
DrWeb 20180914
eGambit 20180914
Ikarus 20180913
Jiangmin 20180912
K7AntiVirus 20180913
Kingsoft 20180914
NANO-Antivirus 20180914
Panda 20180913
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180914
Tencent 20180914
TheHacker 20180914
TotalDefense 20180913
Trustlook 20180914
VBA32 20180913
VIPRE 20180914
ViRobot 20180913
Yandex 20180912
Zillya 20180913
Zoner 20180913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-14 00:36:20
Entry Point 0x0001C448
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
FrameRgn
SetThreadLocale
VerifyScripts
GetModuleHandleA
FlushFileBuffers
GetProcessHeap
BSTR_UserFree
RasDeleteEntryW
I_RpcGetExtendedError
SetupDiBuildClassInfoListExW
StrChrNW
IsCharLowerW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1c448

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:14 00:36:20+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
118784

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ac21639ed0b597074fa85566eb30329e
SHA1 a5efb05c52bf76ef15a993083a03c1bdcc082492
SHA256 5ed869578abcc9f9e4983adc3482394f231b2144a36a34be75694f4280fa4581
ssdeep
3072:/prYlo8DVrIe3To0Ky1YmvSLDM+Uvrpy3C7Im4H49cWqjNQSDd1uuIEDorIE+XBs:Rc28REejpr103Ud3N4H49ZYTuiD8LE

authentihash dc29296818a81c0fc290219d9fec73bd01facfa92de2cb5fc48386b58773f736
imphash 63bf04a72bcbc6af498d338d65dd259f
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-13 17:40:49 UTC ( 5 months, 1 week ago )
Last submission 2018-11-08 23:40:31 UTC ( 3 months, 2 weeks ago )
File names C127AC9D.exe
attribmontana.exe
ac21639ed0b597074fa85566eb30329e
17164760.exe
n6f1gIZgvME.exe
1By09UZDAX.exe
vdJ3rhfrC.exe
hL9QtIZ1.exe
GUnpVwzppB.exe
QllZd.dll
loaderdynamic.exe
XZEIM7ISlEv.exe
ZhXWryrS.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!