Antivirus scan for 648dce03ac4c32217ce5c0b279bc3775faf030cafb313c74009fe60ffde3c924 at 2018-06-06 05:44:07 UTC

Antivirus	Result	Update
AhnLab-V3	Win-Trojan/Emotet.Exp	20180605
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9998	20180606
CrowdStrike Falcon (ML)	malicious_confidence_80% (D)	20180202
Cylance	Unsafe	20180606
Endgame	malicious (high confidence)	20180507
Sophos ML	heuristic	20180601
Malwarebytes	Trojan.Emotet	20180606
Qihoo-360	HEUR/QVM20.1.A823.Malware.Gen	20180606
SentinelOne (Static ML)	static engine - malicious	20180225
Symantec	ML.Attribute.HighConfidence	20180606
VBA32	BScope.TrojanBanker.Emotet	20180605
Ad-Aware		20180606
AegisLab		20180606
Alibaba		20180604
ALYac		20180606
Antiy-AVL		20180606
Arcabit		20180606
Avast		20180606
Avast-Mobile		20180606
AVG		20180606
Avira (no cloud)		20180606
AVware		20180606
Babable		20180406
BitDefender		20180606
Bkav		20180605
CAT-QuickHeal		20180605
ClamAV		20180606
CMC		20180606
Comodo		20180606
Cybereason
Cyren		20180606
DrWeb		20180606
eGambit		20180606
Emsisoft		20180606
ESET-NOD32		20180606
F-Prot		20180606
F-Secure		20180606
Fortinet		20180606
GData		20180606
Ikarus		20180605
Jiangmin		20180606
K7AntiVirus		20180605
K7GW		20180606
Kaspersky		20180606
Kingsoft		20180606
MAX		20180606
McAfee		20180606
McAfee-GW-Edition		20180606
Microsoft		20180606
eScan		20180606
NANO-Antivirus		20180606
Palo Alto Networks (Known Signatures)		20180606
Panda		20180605
Rising		20180606
Sophos AV		20180606
SUPERAntiSpyware		20180606
Symantec Mobile Insight		20180605
TACHYON		20180605
Tencent		20180606
TheHacker		20180606
TotalDefense		20180605
TrendMicro		20180606
TrendMicro-HouseCall		20180606
Trustlook		20180606
VIPRE		20180606
ViRobot		20180605
Webroot		20180606
Yandex		20180529
Zillya		20180605
ZoneAlarm by Check Point		20180606
Zoner		20180606

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product Apache HTTP Server

Original name htdigest.exe

Internal name htdigest.exe

File version 2.4.23

Description Apache htdigest command line utility

Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-06-06 05:40:17

Entry Point 0x0000100F

Number of sections 7

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 96630 96768 0.98 fac6f7c9f2d50458ab2c769fb1e9b721

.rdata 102400 1488 1536 2.89 665c6fd901174d3ac3d646e9474cb6e3

.xZ 106496 12747 8192 2.12 bd87c924b28f10fe1dc0e4321ab54df6

.idata 122880 1100 1536 1.60 0bd59014b833fc81152ea37b546209bd

lsEsvnz 126976 141846 142336 5.91 d6f0f00321e5c97db1eacd92f12b41f2

.rsrc 270336 3440 3584 2.89 8ebb8a78d6f96665b6c9ef69ade6a355

.reloc 274432 2225 2560 3.81 fd4b7abf13dc0b047fb784fa273a8da2

PE imports

Number of PE resources by type

RT_MANIFEST 1

RT_VERSION 1

Number of PE resources by language

ENGLISH US 2

PE resources

06ae407d4f2dabb3991df16da68a102a3bdd1b1b8bff077eda7060059f356d1c data

49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Wed Jun 6 05:40:17 2018 98852 29 Bytes

12 (12) Wed Jun 6 05:40:17 2018 98976 20 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

12.0

ImageVersion

0.0

FileSubtype

FileVersionNumber

2.4.23.0

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

Apache htdigest command line utility

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Unicode

InitializedDataSize

164352

EntryPoint

0x100f

OriginalFileName

htdigest.exe

MIMEType

application/octet-stream

LegalCopyright

FileVersion

2.4.23

TimeStamp

2018:06:05 22:40:17-07:00

FileType

Win32 EXE

PEType

PE32

InternalName

htdigest.exe

ProductVersion

2.4.23

SubsystemVersion

5.0

OSVersion

5.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Apache Software Foundation

CodeSize

ProductName

Apache HTTP Server

ProductVersionNumber

2.4.23.0

FileTypeExtension

exe

ObjectFileType

Executable application

Compressed bundles

This file was also submitted to VirusTotal in the following compressed file bundles.

710d94f800276d16477caa8f0eae1891811504c79be0ed8a037f7681e5731078

File identification

MD5 32289068803d70d40f42172c33760016

SHA1 f29db7959343c193a6619e1f2fd628025d9dd4ad

SHA256 648dce03ac4c32217ce5c0b279bc3775faf030cafb313c74009fe60ffde3c924

ssdeep

1536:D/A2OyTWjAwTth08vAmSd5ovTRQjn20l01q8:DFOyT1ahhPc5obRQjnH6

authentihash dd8faeff5888d91bf5d3e897b8279f92bbf8ccbd0697c6476fd3024b06f38fea

imphash 9e62fa32b64597636d8e8b7bdebd3b50

File size 251.5 KB ( 257536 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	OS/2 Executable (generic) (33.6%) Generic Win/DOS Executable (33.1%) DOS Executable Generic (33.1%)

VirusTotal metadata

First submission 2018-06-06 05:44:07 UTC ( 8 months, 2 weeks ago )

Last submission 2018-09-10 06:54:23 UTC ( 5 months, 1 week ago )

File names

initutilman.exe
3168.exe
19223.exe
extiddefrag(102).gxe
htdigest.exe
7062.exe
9548.exe
14937.exe
17244.exe
7q91vTTnuhqd1dmE1kb.exe
initutilman.exe
32289068803d70d40f42172c33760016_exe
89775.exe

SHA256:	648dce03ac4c32217ce5c0b279bc3775faf030cafb313c74009fe60ffde3c924
File name:	7q91vTTnuhqd1dmE1kb.exe
Detection ratio:	11 / 68
Analysis date:	2018-06-06 05:44:07 UTC ( 8 months, 2 weeks ago ) View latest

Ciphered bundle