× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
File name: 605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
Detection ratio: 26 / 72
Analysis date: 2019-01-18 03:03:13 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Gen:Variant.Emotet.62 20190117
AhnLab-V3 Win-Trojan/Emotet3.Exp 20190117
Arcabit Trojan.Emotet.62 20190117
AVG FileRepMalware 20190117
Avira (no cloud) TR/Crypt.EPACK.Gen2 20190117
BitDefender Gen:Variant.Emotet.62 20190117
Bkav HW32.Packed. 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.bd30fe 20190109
Cylance Unsafe 20190117
eGambit Unsafe.AI_Score_99% 20190117
Emsisoft Gen:Variant.Emotet.62 (B) 20190117
Endgame malicious (high confidence) 20181108
F-Secure Gen:Variant.Emotet.62 20190117
GData Gen:Variant.Emotet.62 20190117
Sophos ML heuristic 20181128
MAX malware (ai score=81) 20190117
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190117
Microsoft Program:Win32/Unwaders.C!ml 20190117
NANO-Antivirus Virus.Win32.Gen.ccmw 20190117
Qihoo-360 HEUR/QVM19.1.9EC3.Malware.Gen 20190117
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgGAfkeubQottA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.high.ml.score 20190102
AegisLab 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190117
Avast 20190117
Avast-Mobile 20190116
AVware 20180925
Babable 20180917
Baidu 20190116
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Comodo 20190117
Cyren 20190117
DrWeb 20190117
ESET-NOD32 20190117
F-Prot 20190117
Fortinet 20190117
Ikarus 20190117
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190117
Malwarebytes 20190117
McAfee 20190117
eScan 20190117
Palo Alto Networks (Known Signatures) 20190117
Panda 20190117
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190114
TotalDefense 20190117
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VBA32 20190117
VIPRE 20190117
ViRobot 20190117
Webroot 20190117
Yandex 20190116
Zillya 20190117
ZoneAlarm by Check Point 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 1998-2001. All rights reserved.

Product Microsoft .NET Framework
Original name IEHost.exe
Internal name IEHOST.EXE
File version 1.0.3705.6018
Description Microsoft IE hosting interface
Comments Microsoft IE hosting interface
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 03:01:07
Entry Point 0x00002F71
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
CryptHashSessionKey
GetSidIdentifierAuthority
LogonUserA
IsTextUnicode
EqualPrefixSid
GetClusterFromResource
GetLogColorSpaceA
GetTextExtentExPointA
GetCurrentPositionEx
GetObjectW
GetFontLanguageInfo
GetObjectType
GetSystemTime
GetSystemWindowsDirectoryA
GetOverlappedResult
DeactivateActCtx
GetTapeStatus
GetThreadLocale
FlushFileBuffers
GetLocalTime
GetVolumePathNamesForVolumeNameW
GetCurrentProcess
GetVolumeInformationA
GetPrivateProfileStringA
LocalAlloc
WriteProfileStringA
GetWindowsDirectoryA
SetErrorMode
GetShortPathNameA
GetLogicalDrives
GetFileInformationByHandle
GetTapePosition
GetProfileSectionA
GetSystemPowerStatus
GetCurrentThread
EnumResourceTypesA
EnumResourceNamesW
MapViewOfFile
GetModuleHandleA
QueryIdleProcessorCycleTime
GetExitCodeThread
GlobalAddAtomA
FindResourceExW
GetAtomNameA
GetTimeFormatA
IsValidLocale
GetSystemDirectoryA
FindFirstFileExW
GetPrivateProfileSectionW
LocalFree
GetPrivateProfileIntW
IsWow64Process
GetTimeZoneInformation
DebugActiveProcess
GetConsoleMode
GetFileType
LocalUnlock
FlsGetValue
LoadTypeLib
GetRecordInfoFromGuids
VarCyMulI4
ExtractIconA
GetMenuPosFromID
GetUserNameExW
DecryptMessage
EqualRect
LoadCursorW
FindWindowW
ExcludeUpdateRgn
FlashWindowEx
GetMenuState
IsWindowUnicode
LookupIconIdFromDirectoryEx
DestroyCaret
GetTabbedTextExtentW
GetWindowRgn
LockWorkStation
RemoveClipboardFormatListener
GetMenuItemRect
GetLastActivePopup
IsWindowVisible
DrawMenuBar
DrawTextW
GetThreadDesktop
LoadAcceleratorsA
GetWindowTextLengthA
GetMenuItemCount
DeferWindowPos
CreateIconFromResource
GetDialogBaseUnits
LoadIconW
GetWindowTextA
CharNextW
GetMenuContextHelpId
FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW
DeletePortW
shutdown
fputws
fgetws
strcmp
MkParseDisplayName
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
26624

SubsystemVersion
4.0

Comments
Microsoft IE hosting interface

Platform
Windows 95 and Windows NT (I386)

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3705.6018

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft IE hosting interface

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Windows, Latin1

InitializedDataSize
131072

EntryPoint
0x2f71

OriginalFileName
IEHost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation 1998-2001. All rights reserved.

FileVersion
1.0.3705.6018

TimeStamp
2019:01:17 19:01:07-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEHOST.EXE

ProductVersion
1.0.3705.6018

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

ProductName
Microsoft .NET Framework

ProductVersionNumber
1.0.3705.6018

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 62021997b1ec281f9af37c83703797b4
SHA1 39be1aebd30fe8f37c8e7fe133a70e8b08e53697
SHA256 605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
ssdeep
3072:8WTNUET8sB3sr3svWHZIAA0B2Opyn9QAzGLjePFSj9A9qBTKWX4Xrhl6LbeqiTmD:8cNDB3P+H6gUOpyn9QhePEjG

authentihash 70babb2f5e7a9ea0ae2c9f9fd3d56e594cba5d2b4ec192e8d180be453fc88289
imphash e7a87801c060def3fade83b9e9b6f812
File size 146.0 KB ( 149504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (49.1%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-18 03:03:13 UTC ( 4 months ago )
Last submission 2019-01-18 04:37:32 UTC ( 4 months ago )
File names vf2y70NwmqPi.exe
3PmFf52i7Un.exe
IEHost.exe
851.exe
gV4SUOoSZ.exe
809.exe
emotet_e1_605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98_2019-01-18__031001.exe_
reswbased.exe
haavR8vZ4FlF.exe
radarmenus.exe
slidelime.exe
dasmrcearcon.exe
IEHOST.EXE
culturemetagen.exe
SBw7qH280.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!