× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 635e2c74a55cd6e3cb3a06d7cc41b7362144a0318c6e235aa43c0c68e0029f14
File name: 635e2c74a55cd6e3cb3a06d7cc41b7362144a0318c6e235aa43c0c68e0029f14
Detection ratio: 13 / 64
Analysis date: 2019-02-23 02:45:04 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190222
eGambit Unsafe.AI_Score_100% 20190222
Endgame malicious (high confidence) 20190215
Sophos ML heuristic 20181128
Malwarebytes Trojan.Emotet 20190222
McAfee Emotet-FLY!3C2066CA3EA4 20190222
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20190222
Qihoo-360 HEUR/QVM20.1.693B.Malware.Gen 20190222
Rising Trojan.Kryptik!8.8/N3#97% (RDM+:cmRtazo0bjMzIPJrcS5wWIaeB+jN) 20190222
SentinelOne (Static ML) static engine - malicious 20190203
Symantec Packed.Generic.517 20190222
Ad-Aware 20190222
AegisLab 20190222
AhnLab-V3 20190222
Alibaba 20180921
ALYac 20190222
Antiy-AVL 20190222
Arcabit 20190222
Avast 20190222
Avast-Mobile 20190222
AVG 20190222
Avira (no cloud) 20190222
Babable 20180917
Baidu 20190214
BitDefender 20190222
CAT-QuickHeal 20190222
ClamAV 20190222
CMC 20190222
Comodo 20190222
Cybereason 20190109
Cyren 20190222
DrWeb 20190222
Emsisoft 20190222
ESET-NOD32 20190222
F-Secure 20190222
Fortinet 20190222
GData 20190222
Jiangmin 20190222
K7AntiVirus 20190222
K7GW 20190222
Kaspersky 20190222
Kingsoft 20190222
MAX 20190222
Microsoft 20190222
eScan 20190222
NANO-Antivirus 20190222
Palo Alto Networks (Known Signatures) 20190222
Panda 20190222
Sophos AV 20190222
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190222
Tencent 20190222
TheHacker 20190217
TotalDefense 20190222
Trapmine 20190123
Trustlook 20190222
VBA32 20190222
ViRobot 20190222
Webroot 20190222
Yandex 20190222
ZoneAlarm by Check Point 20190222
Zoner 20190222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name IEDKCS32.DLL
Internal name IEDKCS32
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft Internet Explorer Customization DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-23 10:41:00
Entry Point 0x000028C0
Number of sections 5
PE sections
PE imports
LockServiceDatabase
JetRetrieveColumn
GetVolumePathNameW
LocalReAlloc
FreeLibraryAndExitThread
IsValidLocaleName
GetProfileSectionW
GetCommState
GetCommandLineW
SetProcessWorkingSetSize
DeleteTimerQueueEx
CloseHandle
SetNamedPipeHandleState
GetLocalTime
VarCyFromI1
VarCyCmpR8
VarCyFromR8
RasGetAutodialAddressA
SHAutoComplete
InsertMenuA
MapDialogRect
SwitchToThisWindow
HideCaret
GetDesktopWindow
GetMenuContextHelpId
CloseWindowStation
mixerGetDevCapsW
DeletePrinterDriverExW
Number of PE resources by type
RT_STRING 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
16.0.2900.2180

UninitializedDataSize
131072

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
IEDKCS32.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2019:02:23 02:41:00-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEDKCS32

ProductVersion
6.00.2900.2180

FileDescription
Microsoft Internet Explorer Customization DLL

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
0

ProductVersionNumber
6.0.2900.2180

EntryPoint
0x28c0

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 3c2066ca3ea40da47a5aac2e5f177ac9
SHA1 19c32a31d3233997a03c9313fdb2cc75aa46ff20
SHA256 635e2c74a55cd6e3cb3a06d7cc41b7362144a0318c6e235aa43c0c68e0029f14
ssdeep
3072:Ufp2wET4FR3sNjkcv/iJffd/tIDK5L/qK4oH2hLA:U5m4LsNXiJfpvL/x/O

authentihash 58fc603200c3a6d5f4a2c47d8fda17bf8c4e7d1658ebd443455edbcb56180f73
imphash d9a5b6c3ce797c5e83cfb01dd60586b7
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-23 02:45:04 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-26 03:36:20 UTC ( 1 month, 3 weeks ago )
File names 880.exe
IEDKCS32
IEDKCS32.DLL
emotet_e1_635e2c74a55cd6e3cb3a06d7cc41b7362144a0318c6e235aa43c0c68e0029f14_2019-02-23__024503.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!