× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60cc0dc45ec0334f5506ef04fc1353bad53bc203852dc8a8d8e9f7db1321c59d
File name: 67b0dd2a4bc0804a20842824f4aa0a33
Detection ratio: 42 / 68
Analysis date: 2018-12-02 14:46:08 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.86906 20181202
ALYac Gen:Variant.Mikey.86906 20181202
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181202
Arcabit Trojan.Mikey.D1537A 20181202
Avast Win32:Malware-gen 20181202
AVG Win32:Malware-gen 20181202
Avira (no cloud) TR/Hijacker.Gen 20181202
BitDefender Gen:Variant.Mikey.86906 20181202
CMC Trojan.Win32.Obfuscated.en!O 20181202
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.a4bc08 20180225
Cylance Unsafe 20181202
DrWeb Trojan.Emotet.358 20181202
Emsisoft Gen:Variant.Mikey.86906 (B) 20181202
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Emotet.BN 20181202
F-Secure Gen:Variant.Mikey.86906 20181202
Fortinet W32/Generic.AP.209F4A!tr 20181202
GData Gen:Variant.Mikey.86906 20181202
Ikarus Trojan.Win32.Emotet 20181202
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053b3091 ) 20181202
K7GW Trojan ( 0053b3091 ) 20181202
Kaspersky UDS:DangerousObject.Multi.Generic 20181202
Malwarebytes Trojan.Emotet 20181202
MAX malware (ai score=82) 20181202
McAfee Artemis!67B0DD2A4BC0 20181202
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lh 20181202
Microsoft Trojan:Win32/Emotet.AC!bit 20181202
eScan Gen:Variant.Mikey.86906 20181202
NANO-Antivirus Trojan.Win32.GenKryptik.fifdvt 20181202
Panda Trj/GdSda.A 20181202
Qihoo-360 HEUR/QVM19.1.98D1.Malware.Gen 20181202
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgSvJkqK0YRisg) 20181202
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181202
Symantec ML.Attribute.HighConfidence 20181201
Trapmine malicious.high.ml.score 20181128
TrendMicro-HouseCall TROJ_GEN.R020H0CKT18 20181202
VBA32 BScope.TrojanBanker.Emotet 20181130
Zillya Trojan.Emotet.Win32.3828 20181130
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181202
AegisLab 20181202
AhnLab-V3 20181202
Alibaba 20180921
Avast-Mobile 20181202
Babable 20180918
Baidu 20181130
Bkav 20181129
CAT-QuickHeal 20181202
ClamAV 20181202
Comodo 20181202
Cyren 20181202
eGambit 20181202
F-Prot 20181202
Jiangmin 20181202
Kingsoft 20181202
Palo Alto Networks (Known Signatures) 20181202
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181202
Tencent 20181202
TheHacker 20181129
TrendMicro 20181202
Trustlook 20181202
ViRobot 20181202
Webroot 20181202
Yandex 20181130
Zoner 20181202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-03 21:57:53
Entry Point 0x0000DFD0
Number of sections 5
PE sections
PE imports
CreateToolhelp32Snapshot
GetNativeSystemInfo
GetLastError
WriteProcessMemory
ReleaseMutex
VirtualAllocEx
lstrlenA
LoadLibraryW
WaitForSingleObject
SetEvent
HeapAlloc
lstrcmpiW
LoadLibraryA
GetLocalTime
Process32NextW
CreateProcessW
GetTickCount
GetWindowsDirectoryW
GetFileSize
ProcessIdToSessionId
GetCommandLineW
FreeLibrary
WideCharToMultiByte
ExitProcess
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
Process32FirstW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetModuleFileNameW
lstrcpyW
LockFileEx
CreateThread
MapViewOfFile
MoveFileExW
SetFilePointer
WTSGetActiveConsoleSessionId
WriteFile
CreateMutexW
CloseHandle
UnlockFileEx
HeapReAlloc
GetModuleHandleW
lstrcatW
SetThreadContext
LocalFree
IsWow64Process
ResumeThread
CreateEventW
Wow64DisableWow64FsRedirection
UnmapViewOfFile
CreateFileW
GetThreadContext
VirtualFree
Sleep
TerminateProcess
SetFileAttributesW
SignalObjectAndWait
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
ResetEvent
_vsnprintf
memset
NtUnmapViewOfSection
memcpy
_snwprintf
_snprintf
RtlComputeCrc32
_vsnwprintf
RtlGetVersion
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:03 23:57:53+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0xdfd0

InitializedDataSize
26624

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 67b0dd2a4bc0804a20842824f4aa0a33
SHA1 a7a201d3600018ea4b84254df6b262ed93505db5
SHA256 60cc0dc45ec0334f5506ef04fc1353bad53bc203852dc8a8d8e9f7db1321c59d
ssdeep
1536:33jrQS72R2aErvGjSrEkDJvlppzBWxFxNFb7WjMKXgxJslhPNaX5:3nQSTZj1FNlvzBWnxNFb7WjMKXsslDap

authentihash 66642dd8691de10a69e9fa9f2e7b3998a8ccf60130915a9bdc84978d4e029b81
imphash daf61979aeeb3e21850b8fbcff565d8c
File size 78.0 KB ( 79872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-02 14:46:08 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-02 14:46:08 UTC ( 1 month, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!