Antivirus scan for 62fc168f51f0ef5623b8f860867e6d3e9ae7f94e974688372b5a48105c3c4f76 at 2018-06-05 07:01:23 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.GenericKD.30922951	20180605
AVG	Win32:Malware-gen	20180605
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180605
Bkav	W32.eHeur.Malware14	20180604
Comodo	.UnclassifiedMalware	20180604
Cylance	Unsafe	20180605
Cyren	W32/Trojan.XLME-7104	20180605
Emsisoft	Trojan.GenericKD.30922951 (B)	20180605
Endgame	malicious (high confidence)	20180507
ESET-NOD32	a variant of Win32/Kryptik.GHKA	20180605
F-Secure	Trojan.GenericKD.30922951	20180605
Fortinet	W32/GenKryptik.CAUA!tr	20180605
Kaspersky	Trojan-Banker.Win32.Emotet.aqic	20180605
Malwarebytes	Spyware.Emotet	20180605
MAX	malware (ai score=95)	20180605
McAfee	Artemis!43B8F8F2D68D	20180605
McAfee-GW-Edition	BehavesLike.Win32.Upatre.cm	20180605
eScan	Trojan.GenericKD.30922951	20180605
Palo Alto Networks (Known Signatures)	generic.ml	20180605
Panda	Trj/RnkBend.A	20180604
Qihoo-360	Win32/Trojan.931	20180605
SentinelOne (Static ML)	static engine - malicious	20180225
Sophos AV	Mal/EncPk-ANX	20180604
Symantec	ML.Attribute.HighConfidence	20180605
TrendMicro-HouseCall	Suspicious_GEN.F47V0604	20180605
Webroot	W32.Trojan.Emotet	20180605
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.aqic	20180605
AegisLab		20180605
AhnLab-V3		20180604
Alibaba		20180604
ALYac		20180605
Antiy-AVL		20180605
Arcabit		20180605
Avast		20180605
Avast-Mobile		20180604
Avira (no cloud)		20180605
AVware		20180605
Babable		20180406
BitDefender		20180605
CAT-QuickHeal		20180604
ClamAV		20180604
CMC		20180605
CrowdStrike Falcon (ML)		20180202
Cybereason		None
DrWeb		20180605
eGambit		20180605
F-Prot		20180605
GData		20180605
Sophos ML		20180601
Jiangmin		20180605
K7AntiVirus		20180605
K7GW		20180605
Kingsoft		20180605
Microsoft		20180605
NANO-Antivirus		20180605
nProtect		20180605
Rising		20180605
SUPERAntiSpyware		20180605
Symantec Mobile Insight		20180605
Tencent		20180605
TheHacker		20180605
TotalDefense		20180605
TrendMicro		20180605
Trustlook		20180605
VBA32		20180604
VIPRE		20180605
ViRobot		20180605
Yandex		20180529
Zillya		20180604
Zoner		20180605

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-06-04 14:01:27

Entry Point 0x000012A6

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 8062 8192 6.19 cdabd0f3db1aadf4ff8bf8ca4f549d56

.rdata 12288 151126 151552 5.83 004c506c474cf59433a450a395b3320a

.pdata 163840 18804 16384 5.69 ee0e999307315ab5c6e35f0fb235f96f

.rsrc 184320 10552 12288 3.95 488941d225e56f2908af12719a460e34

.reloc 196608 5536 8192 4.86 85fa7d4fbfc463d685d152bb76ca20e9

PE imports

[+] KERNEL32.dll

[+] USER32.dll

[+] WinSCard.dll

Number of PE resources by type

RT_BITMAP 2

RT_STRING 2

RT_DIALOG 1

Number of PE resources by language

NEUTRAL 5

PE resources

2a84497f9b789a157cb015007af803dc6492d9e763d730eb3254b737b9463109 data

460532c82070521b09213c1e85cde0ef99fcb0a7a55075b8e1851ea712f00f7b data

86972be5229ebdcab788bb5ec77234a62f7a591aeb34e1e6f25b1f95bab43f34 ASCII text

aa9cb8eca27bd3fc69b9e1f60c9729e4291aa74cc717a7368ffaa15d394bd617 data

f19acd5a46d79a6ca568d722316468fb040a66b94e6bbdf55363e9e4aaff6d4f ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Mon Jun 4 14:01:27 2018 162932 34 Bytes

12 (12) Mon Jun 4 14:01:27 2018 163056 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:06:04 16:01:27+02:00

FileType

Win32 EXE

PEType

PE32

CodeSize

8192

LinkerVersion

16.1

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x12a6

InitializedDataSize

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

5.0

UninitializedDataSize

135168

File identification

MD5 43b8f8f2d68d30f121e5d8fd919d32b3

SHA1 39920f4da3642680110037c757baa46a4bedbdb8

SHA256 62fc168f51f0ef5623b8f860867e6d3e9ae7f94e974688372b5a48105c3c4f76

ssdeep

3072:OWNOYm3lP53OlMmPXqAKSaPwkMpFGlWRacEg8P65eD:HPm3lB3OlMmzKSaPFMvp

authentihash 8144ed776acbb0db7fcad51f6bc2e19ae3e46b87996aa8e74c88327c2b10120d

imphash 6f0477ffd618970c61d02496fe343a6d

File size 196.0 KB ( 200704 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-06-04 19:52:59 UTC ( 8 months, 2 weeks ago )

Last submission 2018-06-17 06:27:45 UTC ( 8 months, 1 week ago )

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

SHA256:	62fc168f51f0ef5623b8f860867e6d3e9ae7f94e974688372b5a48105c3c4f76
File name:	43b8f8f2d68d30f121e5d8fd919d32b3
Detection ratio:	27 / 65
Analysis date:	2018-06-05 07:01:23 UTC ( 8 months, 2 weeks ago ) View latest

Ciphered bundle