× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
File name: emotet_e1_605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f323...
Detection ratio: 43 / 71
Analysis date: 2019-01-18 12:04:26 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Gen:Variant.Emotet.62 20190118
AhnLab-V3 Win-Trojan/Emotet3.Exp 20190118
Arcabit Trojan.Emotet.62 20190118
Avast Win32:BankerX-gen [Trj] 20190118
AVG Win32:BankerX-gen [Trj] 20190118
Avira (no cloud) TR/Crypt.EPACK.Gen2 20190118
BitDefender Gen:Variant.Emotet.62 20190118
Bkav HW32.Packed. 20190118
Comodo Malware@#3i3kc35wsv0eq 20190118
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.bd30fe 20190109
Cylance Unsafe 20190118
Cyren W32/Trojan.XZDX-2685 20190118
eGambit Unsafe.AI_Score_99% 20190118
Emsisoft Gen:Variant.Emotet.62 (B) 20190118
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOTC 20190118
Fortinet W32/GenKryptik.CWWN!tr 20190118
GData Gen:Variant.Emotet.62 20190118
Ikarus Win32.Outbreak 20190118
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190118
K7GW Riskware ( 0040eff71 ) 20190118
Kaspersky Trojan-Banker.Win32.Emotet.cain 20190118
MAX malware (ai score=99) 20190118
McAfee Emotet-FJE!62021997B1EC 20190118
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190118
Microsoft Trojan:Win32/Emotet.AC!bit 20190118
eScan Gen:Variant.Emotet.62 20190118
NANO-Antivirus Virus.Win32.Gen.ccmw 20190118
Palo Alto Networks (Known Signatures) generic.ml 20190118
Qihoo-360 HEUR/QVM19.1.9EC3.Malware.Gen 20190118
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190118
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190118
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAHAI 20190118
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAHAI 20190118
VBA32 BScope.Trojan.Refinka 20190118
ViRobot Trojan.Win32.Z.Emotet.149504.A 20190118
Webroot W32.Trojan.Emotet 20190118
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cain 20190118
AegisLab 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Avast-Mobile 20190118
Babable 20180918
Baidu 20190118
CAT-QuickHeal 20190118
ClamAV 20190118
CMC 20190118
DrWeb 20190118
F-Prot 20190118
F-Secure 20190118
Jiangmin 20190118
Kingsoft 20190118
Malwarebytes 20190118
Panda 20190117
Sophos AV 20190118
SUPERAntiSpyware 20190116
TACHYON 20190118
Tencent 20190118
TheHacker 20190115
TotalDefense 20190118
Trustlook 20190118
VIPRE 20190118
Yandex 20190118
Zillya 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 1998-2001. All rights reserved.

Product Microsoft .NET Framework
Original name IEHost.exe
Internal name IEHOST.EXE
File version 1.0.3705.6018
Description Microsoft IE hosting interface
Comments Microsoft IE hosting interface
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 03:01:07
Entry Point 0x00002F71
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
CryptHashSessionKey
GetSidIdentifierAuthority
LogonUserA
IsTextUnicode
EqualPrefixSid
GetClusterFromResource
GetLogColorSpaceA
GetTextExtentExPointA
GetCurrentPositionEx
GetObjectW
GetFontLanguageInfo
GetObjectType
GetSystemTime
GetSystemWindowsDirectoryA
GetOverlappedResult
DeactivateActCtx
GetTapeStatus
GetThreadLocale
FlushFileBuffers
GetLocalTime
GetVolumePathNamesForVolumeNameW
GetCurrentProcess
GetVolumeInformationA
GetPrivateProfileStringA
LocalAlloc
WriteProfileStringA
GetWindowsDirectoryA
SetErrorMode
GetShortPathNameA
GetLogicalDrives
GetFileInformationByHandle
GetTapePosition
GetProfileSectionA
GetSystemPowerStatus
GetCurrentThread
EnumResourceTypesA
EnumResourceNamesW
MapViewOfFile
GetModuleHandleA
QueryIdleProcessorCycleTime
GetExitCodeThread
GlobalAddAtomA
FindResourceExW
GetAtomNameA
GetTimeFormatA
IsValidLocale
GetSystemDirectoryA
FindFirstFileExW
GetPrivateProfileSectionW
LocalFree
GetPrivateProfileIntW
IsWow64Process
GetTimeZoneInformation
DebugActiveProcess
GetConsoleMode
GetFileType
LocalUnlock
FlsGetValue
LoadTypeLib
GetRecordInfoFromGuids
VarCyMulI4
ExtractIconA
GetMenuPosFromID
GetUserNameExW
DecryptMessage
EqualRect
LoadCursorW
FindWindowW
ExcludeUpdateRgn
FlashWindowEx
GetMenuState
IsWindowUnicode
LookupIconIdFromDirectoryEx
DestroyCaret
GetTabbedTextExtentW
GetWindowRgn
LockWorkStation
RemoveClipboardFormatListener
GetMenuItemRect
GetLastActivePopup
IsWindowVisible
DrawMenuBar
DrawTextW
GetThreadDesktop
LoadAcceleratorsA
GetWindowTextLengthA
GetMenuItemCount
DeferWindowPos
CreateIconFromResource
GetDialogBaseUnits
LoadIconW
GetWindowTextA
CharNextW
GetMenuContextHelpId
FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW
DeletePortW
shutdown
fputws
fgetws
strcmp
MkParseDisplayName
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
26624

SubsystemVersion
4.0

Comments
Microsoft IE hosting interface

Platform
Windows 95 and Windows NT (I386)

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3705.6018

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft IE hosting interface

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Windows, Latin1

InitializedDataSize
131072

EntryPoint
0x2f71

OriginalFileName
IEHost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation 1998-2001. All rights reserved.

FileVersion
1.0.3705.6018

TimeStamp
2019:01:17 19:01:07-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEHOST.EXE

ProductVersion
1.0.3705.6018

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

ProductName
Microsoft .NET Framework

ProductVersionNumber
1.0.3705.6018

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 62021997b1ec281f9af37c83703797b4
SHA1 39be1aebd30fe8f37c8e7fe133a70e8b08e53697
SHA256 605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
ssdeep
3072:8WTNUET8sB3sr3svWHZIAA0B2Opyn9QAzGLjePFSj9A9qBTKWX4Xrhl6LbeqiTmD:8cNDB3P+H6gUOpyn9QhePEjG

authentihash 70babb2f5e7a9ea0ae2c9f9fd3d56e594cba5d2b4ec192e8d180be453fc88289
imphash e7a87801c060def3fade83b9e9b6f812
File size 146.0 KB ( 149504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (49.1%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-18 03:03:13 UTC ( 4 months, 1 week ago )
Last submission 2019-01-18 04:37:32 UTC ( 4 months, 1 week ago )
File names vf2y70NwmqPi.exe
3PmFf52i7Un.exe
IEHost.exe
851.exe
gV4SUOoSZ.exe
809.exe
emotet_e1_605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98_2019-01-18__031001.exe_
reswbased.exe
haavR8vZ4FlF.exe
radarmenus.exe
slidelime.exe
dasmrcearcon.exe
IEHOST.EXE
culturemetagen.exe
SBw7qH280.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!