× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407dbb7312095
File name: emotet_e1_60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407d...
Detection ratio: 42 / 68
Analysis date: 2019-03-16 21:37:00 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.GenericKD.31794652 20190316
AhnLab-V3 Malware/Win32.Trojanspy.C3099401 20190316
ALYac Trojan.GenericKD.31794652 20190316
Arcabit Trojan.Generic.D1E525DC 20190316
Avast Win32:BankerX-gen [Trj] 20190316
AVG Win32:BankerX-gen [Trj] 20190316
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190316
BitDefender Trojan.GenericKD.31794652 20190316
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.f25ca1 20190109
Cylance Unsafe 20190316
Cyren W32/Trojan.UMUQ-8934 20190316
Emsisoft Trojan.Emotet (A) 20190316
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190316
F-Secure Trojan.TR/Crypt.ZPACK.Gen2 20190316
Fortinet W32/Kryptik.CPES!tr 20190316
GData Trojan.GenericKD.31794652 20190316
Ikarus Trojan-Banker.Emotet 20190316
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 005020241 ) 20190316
Kaspersky Trojan-Banker.Win32.Emotet.coex 20190316
Malwarebytes Trojan.Emotet 20190316
McAfee RDN/Generic PWS.y 20190316
McAfee-GW-Edition RDN/Generic PWS.y 20190316
Microsoft Trojan:Win32/Emotet.AC!bit 20190316
eScan Trojan.GenericKD.31794652 20190316
NANO-Antivirus Trojan.Win32.Emotet.foaqmg 20190316
Palo Alto Networks (Known Signatures) generic.ml 20190316
Panda Trj/GdSda.A 20190316
Qihoo-360 HEUR/QVM20.1.DAE7.Malware.Gen 20190316
Rising Trojan.Kryptik!8.8 (CLOUD) 20190316
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190316
Tencent Win32.Trojan.Falsesign.Lkdg 20190316
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.SMAL08 20190316
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190316
VBA32 BScope.Malware-Cryptor.Emotet 20190315
ViRobot Trojan.Win32.Z.Emotet.208648.F 20190316
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.coex 20190316
AegisLab 20190316
Alibaba 20190306
Antiy-AVL 20190316
Avast-Mobile 20190316
Babable 20180918
Baidu 20190306
Bkav 20190314
CAT-QuickHeal 20190316
ClamAV 20190316
CMC 20190316
Comodo 20190316
DrWeb 20190316
eGambit 20190316
F-Prot 20190316
Jiangmin 20190316
K7GW 20190315
Kingsoft 20190316
MAX 20190316
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190316
TheHacker 20190315
TotalDefense 20190316
Trustlook 20190316
Yandex 20190315
Zillya 20190315
Zoner 20190316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 Qihu 360 Software Co., Ltd.

Product 360 Internet Security
Original name WDSafeDown.exe
Internal name WDSafeDown.exe
File version 2, 0, 0, 1200
Description 360 Internet Security Internet Protection
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:37 PM 3/16/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 05:06:53
Entry Point 0x000013B0
Number of sections 4
PE sections
Overlays
MD5 d7e3898d8ddf7118fa51e44a66a00384
File type data
Offset 205312
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
GetProcAddress
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetStartupInfoW
SetEvent
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
FindNextFileW
InterlockedIncrement
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
IsBadReadPtr
VirtualAlloc
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SendDlgItemMessageA
CharNextExA
GetDCEx
EnableMenuItem
LoadStringA
DispatchMessageA
GetTopWindow
TranslateAccelerator
SendMessageTimeoutA
CreateIconFromResource
DdeCreateStringHandleA
MessageBoxA
PeekMessageA
SetForegroundWindow
CreateDialogParamA
FlashWindow
GetMessageTime
InvalidateRgn
GetSystemMenu
DestroyWindow
Number of PE resources by type
RT_STRING 21
RT_ICON 3
RT_VERSION 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 26
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.1200

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
360 Internet Security Internet Protection

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
98304

EntryPoint
0x13b0

OriginalFileName
WDSafeDown.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2014 Qihu 360 Software Co., Ltd.

FileVersion
2, 0, 0, 1200

TimeStamp
2019:03:15 06:06:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WDSafeDown.exe

ProductVersion
2, 0, 0, 1200

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Qihu 360 Software Co., Ltd.

CodeSize
105984

ProductName
360 Internet Security

ProductVersionNumber
2.0.0.1200

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a434b92f25ca1aa4aa4d110a2574052a
SHA1 7be462d52df08b7bb11bd1423489fddf46438364
SHA256 60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407dbb7312095
ssdeep
3072:W2B7dBvk2GgrQCz+VGUbqPM902yHydV1QTXH3jaEXu:Rs29z+VGUQM9UHQer3jU

authentihash e1c0b5f2bb476ba40a52e8e7bf2b293df5471139e6d7dfbef9b25fedffb8010d
imphash b58882dca77e3b2576e10cb1a6c76c25
File size 203.8 KB ( 208648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 05:11:26 UTC ( 1 month, 1 week ago )
Last submission 2019-03-15 06:40:21 UTC ( 1 month, 1 week ago )
File names emotet_e1_60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407dbb7312095_2019-03-15__051503.exe_
WDSafeDown.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections