× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 642dc3199ede79d2d1006f7ee96e70e88cea8f23fbeb2657c2e263c87c85b6b7
File name: ZnuelhgOM9.exe
Detection ratio: 25 / 70
Analysis date: 2018-12-20 00:02:13 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
AegisLab Trojan.Win32.Malicious.4!c 20181219
Bkav HW32.Packed. 20181219
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.c1abf3 20180225
Cylance Unsafe 20181220
eGambit Unsafe.AI_Score_99% 20181220
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNZI 20181219
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181219
McAfee GenericRXGR-QC!578B730C1ABF 20181219
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181219
Microsoft Trojan:Win32/Emotet.AC!bit 20181219
Palo Alto Networks (Known Signatures) generic.ml 20181220
Qihoo-360 Win32/Trojan.5ae 20181220
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181219
Symantec ML.Attribute.HighConfidence 20181219
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.USLJ18 20181219
TrendMicro-HouseCall TROJ_GEN.USLJ18 20181220
Webroot W32.Trojan.Emotet 20181220
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181219
Ad-Aware 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Arcabit 20181219
Avast 20181219
Avast-Mobile 20181219
AVG 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
CAT-QuickHeal 20181219
ClamAV 20181219
CMC 20181219
Comodo 20181219
Cyren 20181219
DrWeb 20181219
Emsisoft 20181219
F-Prot 20181219
F-Secure 20181219
Fortinet 20181219
GData 20181219
Ikarus 20181219
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kingsoft 20181220
Malwarebytes 20181219
MAX 20181220
eScan 20181219
NANO-Antivirus 20181219
Panda 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181220
TheHacker 20181216
TotalDefense 20181219
Trustlook 20181220
VBA32 20181219
ViRobot 20181219
Yandex 20181219
Zillya 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Microsoft®
Original name kbdth3.dll
Internal name TCPSVCS.EXE
Description TCP/IP Services Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002D30
Number of sections 9
PE sections
PE imports
RemoveUsersFromEncryptedFile
GetSecurityDescriptorRMControl
OffsetClipRgn
GetEnvironmentStrings
GetNamedPipeServerProcessId
GetThreadLocale
GetThreadTimes
GlobalMemoryStatusEx
GetBinaryTypeA
GetCurrentThread
Ord(29)
CopyIcon
GetLastInputInfo
DlgDirListW
SendMessageA
GetMenuContextHelpId
GetKeyState
g_rgSCardT1Pci
memmove
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:07:18 03:23:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
2.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2d30

InitializedDataSize
0

SubsystemVersion
6.0

ImageVersion
5.1

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 578b730c1abf310988518830721950ff
SHA1 3c5709ef40070ab15f7f0fc793b9f5558ab47f1a
SHA256 642dc3199ede79d2d1006f7ee96e70e88cea8f23fbeb2657c2e263c87c85b6b7
ssdeep
3072:EOvDvKbwPku//bxVLHB/dvA6jEFhZUNX2GKJ:7vKb5gBVvUFrUVnK

authentihash d7ebccbaeb6baad3da429c5875dbffc48577e63b5b61b058c73d28103f0160de
imphash d47e3e3efb4e3dc8de3a4dc0be56406d
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 19:13:46 UTC ( 2 months ago )
Last submission 2018-12-19 19:15:37 UTC ( 2 months ago )
File names ZnuelhgOM9.exe
kbdth3.dll
TCPSVCS.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!