× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 630b718287f68d30f0af007e756391158f498727e39400118ee33bd90c8c1d4c
File name: 710eff4855c999c60fc2873b436aa999_rn.bin
Detection ratio: 44 / 68
Analysis date: 2018-08-23 16:35:04 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Emotet.4 20180823
AhnLab-V3 Trojan/Win32.Banki.R231390 20180823
ALYac Gen:Heur.Emotet.4 20180823
Antiy-AVL Trojan/Win32.Kryptik 20180823
Arcabit Trojan.Emotet.4 20180823
Avast Win32:Malware-gen 20180823
AVG Win32:Malware-gen 20180823
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180820
BitDefender Gen:Heur.Emotet.4 20180823
CAT-QuickHeal Trojan.Emotet.X4 20180823
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.1cd7cd 20180225
Cylance Unsafe 20180823
Emsisoft Gen:Heur.Emotet.4 (B) 20180823
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GIPS 20180823
F-Secure Gen:Heur.Emotet.4 20180823
Fortinet W32/Generic.FHK!tr 20180823
GData Gen:Heur.Emotet.4 20180823
Ikarus Trojan.Agent 20180823
Sophos ML heuristic 20180717
Jiangmin Trojan.Staser.nv 20180823
K7AntiVirus Trojan ( 0053a0ba1 ) 20180823
K7GW Trojan ( 0053a0ba1 ) 20180823
Kaspersky HEUR:Trojan.Win32.Generic 20180823
Malwarebytes Spyware.Emotet 20180823
MAX malware (ai score=100) 20180823
McAfee Emotet-FHK!0C712DAAD36A 20180823
McAfee-GW-Edition BehavesLike.Win32.Fujacks.ch 20180823
Microsoft Trojan:Win32/Emotet.AC!bit 20180823
eScan Gen:Heur.Emotet.4 20180823
NANO-Antivirus Trojan.Win32.Kryptik.fgvism 20180823
Palo Alto Networks (Known Signatures) generic.ml 20180823
Qihoo-360 Win32/Trojan.282 20180823
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazqj2VhoHdhM5IORBryD+I0d) 20180823
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180823
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180823
Symantec Packed.Generic.517 20180823
Tencent Win32.Trojan.Generic.Hfd 20180823
TrendMicro TrojanSpy.Win32.EMOTET.SMG.hp 20180823
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMG.hp 20180823
Webroot W32.Trojan.Emotet 20180823
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180823
AegisLab 20180823
Alibaba 20180713
Avast-Mobile 20180823
Avira (no cloud) 20180823
AVware 20180823
Babable 20180822
Bkav 20180823
ClamAV 20180823
CMC 20180823
Comodo 20180823
Cyren 20180823
DrWeb 20180823
eGambit 20180823
F-Prot 20180823
Kingsoft 20180823
Panda 20180823
Symantec Mobile Insight 20180822
TACHYON 20180823
TheHacker 20180821
TotalDefense 20180823
Trustlook 20180823
VBA32 20180823
VIPRE 20180823
ViRobot 20180823
Yandex 20180822
Zillya 20180822
Zoner 20180822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Stock

Product Stock Software Monitor
Original name StockFile.exe
File version 1, 0, 4, 0
Description Beck Son
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 02:23:15
Entry Point 0x00001680
Number of sections 4
PE sections
PE imports
RegDisableReflectionKey
QueryServiceLockStatusW
CertSetCTLContextProperty
LCIDToLocaleName
AssignProcessToJobObject
GetCurrentProcessId
GetSystemDefaultUILanguage
FindNextFileW
GetSystemDefaultLangID
GetFileType
GetCommandLineA
GetConsoleHistoryInfo
SetFileBandwidthReservation
UrlHashW
GetCursorPos
SetTimer
GetOpenClipboardWindow
FillRect
UnpackDDElParam
ChildWindowFromPoint
IsCharAlphaA
ChangeWindowMessageFilter
GetQueueStatus
GetClassWord
RemovePropA
DeregisterShellHookWindow
TrackMouseEvent
SCardFreeMemory
IsAccelerator
Number of PE resources by type
RT_STRING 25
RT_BITMAP 2
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:08 03:23:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1680

InitializedDataSize
98304

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0c712daad36a09022e3e3a7a1cbca197
SHA1 6cc85201cd7cd11202b55e1b0f1bed68fd50f7a3
SHA256 630b718287f68d30f0af007e756391158f498727e39400118ee33bd90c8c1d4c
ssdeep
3072:2a1GX5n7es/Iie61aw898LRKHeZDnSrzQ:237eOIq896RWeZDn

authentihash 67c1a0d9984a82b8e6656ab0323da42ca8c9eb4e4f51da809fe28d45fc12bfad
imphash efb33c6166f2c9c49c75cf1fdbb01c26
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-21 00:22:09 UTC ( 7 months, 1 week ago )
Last submission 2018-08-21 00:22:09 UTC ( 7 months, 1 week ago )
File names 710eff4855c999c60fc2873b436aa999_rn.bin
StockFile.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!