× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61e4f785407974a8c41f6086e5472ef7d08a962b5da38081b2da7e8f1338342e
File name: 61e4f785407974a8c41f6086e5472ef7d08a962b5da38081b2da7e8f1338342e
Detection ratio: 34 / 68
Analysis date: 2018-07-27 23:46:37 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180727
Avast FileRepMalware 20180727
AVG FileRepMalware 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9933 20180726
BitDefender Trojan.GenericKD.40346142 20180727
Bkav HW32.Packed.76DD 20180727
CAT-QuickHeal Trojan.Emotet.X4 20180725
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.60b58f 20180225
Cylance Unsafe 20180728
Cyren W32/Trojan.AYXC-6374 20180727
Emsisoft Trojan.GenericKD.40346142 (B) 20180727
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/GenKryptik.CGLW 20180727
F-Secure Trojan.GenericKD.40346142 20180728
Fortinet W32/GenKryptik.CFNI!tr 20180728
GData Trojan.GenericKD.40346142 20180727
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.azwi 20180727
Malwarebytes Spyware.Emotet 20180727
MAX malware (ai score=94) 20180728
McAfee RDN/Generic.RP 20180727
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20180727
Microsoft Trojan:Win32/Emotet.AC!bit 20180727
eScan Trojan.GenericKD.40346142 20180727
Palo Alto Networks (Known Signatures) generic.ml 20180728
Qihoo-360 HEUR/QVM20.1.C899.Malware.Gen 20180728
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180727
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180727
TrendMicro TROJ_GEN.USGR18 20180727
TrendMicro-HouseCall TROJ_GEN.USGR18 20180727
Webroot W32.Trojan.Emotet 20180728
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.azwi 20180727
Ad-Aware 20180727
AhnLab-V3 20180727
Alibaba 20180713
ALYac 20180727
Antiy-AVL 20180728
Arcabit 20180727
Avast-Mobile 20180727
Avira (no cloud) 20180727
AVware 20180727
Babable 20180725
ClamAV 20180727
CMC 20180727
Comodo 20180727
DrWeb 20180727
eGambit 20180728
F-Prot 20180727
Ikarus 20180727
Jiangmin 20180728
K7AntiVirus 20180727
K7GW 20180727
Kingsoft 20180728
NANO-Antivirus 20180727
Panda 20180727
Sophos AV 20180727
SUPERAntiSpyware 20180727
TACHYON 20180727
Tencent 20180728
TheHacker 20180727
TotalDefense 20180727
Trustlook 20180728
VBA32 20180727
VIPRE 20180727
ViRobot 20180727
Yandex 20180725
Zillya 20180727
Zoner 20180727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-07 05:45:57
Entry Point 0x0000136E
Number of sections 4
PE sections
PE imports
GetUserDefaultUILanguage
GetThreadPriority
GetConsoleMode
GetNamedPipeServerSessionId
GetNumberOfConsoleInputEvents
GetCommandLineA
GetScrollRange
WindowFromPhysicalPoint
IsGUIThread
GetWindow
GetWindowInfo
SetScrollPos
SCardFreeMemory
OleDestroyMenuDescriptor
Number of PE resources by type
RT_STRING 23
Number of PE resources by language
NEUTRAL 15
ENGLISH NEUTRAL 5
TURKISH DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:01:07 06:45:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x136e

InitializedDataSize
131072

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 61633df194d909e07a22fbe37a9ca1b8
SHA1 7154e8a60b58f6428a1bfcb9d20eb556d7ac4dcf
SHA256 61e4f785407974a8c41f6086e5472ef7d08a962b5da38081b2da7e8f1338342e
ssdeep
3072:dk26II07eadxOoTgT/tXkYWAgLRuuIraxdBFRHNpJlw:dk2lI0K2Oom/tXEAgl5JzBFRt

authentihash a27cc7c0f606fda91b37c1b0183c6af5a9a2824ca7a3b818af1dd9f6d3c1e46f
imphash 921eae94a0fb3d95c492ff2a0dc64b0d
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-27 14:59:31 UTC ( 7 months ago )
Last submission 2018-07-30 12:02:45 UTC ( 6 months, 3 weeks ago )
File names 66.exe
uCYkF.exe
B3A03A95.exe
08915693.exe
A6F04B73.exe
23294.exe
50.exe
77803.exe
03.exe
43412480.exe
72.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!