× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64c516e06254c94ed6fe11b536ab22bf23e6cfb8c7cd9bec12d8c9c4d8b60e4d
File name: 64c516e06254c94ed6fe11b536ab22bf23e6cfb8c7cd9bec12d8c9c4d8b60e4d
Detection ratio: 21 / 71
Analysis date: 2018-12-21 00:04:33 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Avast Win32:MalwareX-gen [Trj] 20181220
AVG Win32:MalwareX-gen [Trj] 20181220
Bkav HW32.Packed. 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.46d4da 20180225
Cylance Unsafe 20181221
eGambit Unsafe.AI_Score_99% 20181221
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNZI!tr 20181221
Sophos ML heuristic 20181128
McAfee Emotet-FJX!0A7924546D4D 20181220
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181220
Microsoft Trojan:Win32/Fuerboos.A!cl 20181220
Qihoo-360 HEUR/QVM20.1.0075.Malware.Gen 20181221
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazoQS2xDkbSv69xqkQDraFM5) 20181220
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181220
Symantec ML.Attribute.HighConfidence 20181220
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181221
Ad-Aware 20181220
AegisLab 20181220
AhnLab-V3 20181220
Alibaba 20180921
ALYac 20181220
Antiy-AVL 20181220
Arcabit 20181220
Avast-Mobile 20181220
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
BitDefender 20181220
CAT-QuickHeal 20181220
ClamAV 20181220
CMC 20181220
Comodo 20181220
Cyren 20181220
DrWeb 20181221
Emsisoft 20181221
ESET-NOD32 20181220
F-Prot 20181221
F-Secure 20181221
GData 20181220
Ikarus 20181220
Jiangmin 20181220
K7AntiVirus 20181220
K7GW 20181220
Kaspersky 20181220
Kingsoft 20181221
Malwarebytes 20181220
MAX 20181221
eScan 20181220
NANO-Antivirus 20181220
Palo Alto Networks (Known Signatures) 20181221
Panda 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
Tencent 20181221
TheHacker 20181220
TotalDefense 20181220
TrendMicro 20181220
TrendMicro-HouseCall 20181220
Trustlook 20181221
VBA32 20181220
VIPRE 20181220
ViRobot 20181220
Yandex 20181220
Zillya 20181219
ZoneAlarm by Check Point 20181220
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp.

Internal name CTL3D32
File version 5.1.2600.2180
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002AF0
Number of sections 8
PE sections
PE imports
IsTokenRestricted
GetDCPenColor
GetPolyFillMode
GetFileTime
NormalizeString
LockFileEx
SetFilePointer
GetTapeStatus
SetEvent
GetConsoleProcessList
GetUserDefaultLCID
GetVersion
EmptyClipboard
GetLastActivePopup
GetSysColor
GetKeyboardType
RegisterRawInputDevices
SCardGetCardTypeProviderNameA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
135168

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
5.1

FileVersionNumber
5.1.2600.2180

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2af0

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:18 04:23:20+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0a7924546d4dae0877302bfd8a3d9709
SHA1 123749618e8cc9f130f20df125ddddaec1bc1ca0
SHA256 64c516e06254c94ed6fe11b536ab22bf23e6cfb8c7cd9bec12d8c9c4d8b60e4d
ssdeep
1536:8M9OCajvjbDNxbCDGun+Qa2ctx0jDqJmO406snln0BRIWQJUPk3C1:n0jvjbDNVYF+QajK/qllmLQe

authentihash 97845f4a1f79657dea3fb9e11fa72fbf180f30957d1675b36e05fa0b9a8909cc
imphash 3289bb812e92eba8f859de5c5b060b00
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-21 00:04:33 UTC ( 2 months ago )
Last submission 2018-12-21 00:09:19 UTC ( 2 months ago )
File names CTL3D32
ig1svuUHvN.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!