× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 663261b622677cab7acfe31d8afe4e183ac7b95c4b0be3e0c9b82d0d38670cc0
File name: yUtwfAvZwwLl1IX.exe
Detection ratio: 40 / 67
Analysis date: 2018-03-12 16:58:40 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40175005 20180312
AegisLab Troj.Banker.W32.Emotet!c 20180312
AhnLab-V3 Trojan/Win32.Emotet.R222256 20180312
ALYac Trojan.GenericKD.40175005 20180312
Arcabit Trojan.Generic.D265059D 20180312
Avast Win32:Malware-gen 20180312
AVG Win32:Malware-gen 20180312
Avira (no cloud) TR/AD.Emotet.ooibk 20180312
AVware Trojan.Win32.Generic!BT 20180312
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180312
BitDefender Trojan.GenericKD.40175005 20180312
ClamAV Win.Trojan.Emotet-6470282-0 20180312
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180312
eGambit Unsafe.AI_Score_100% 20180312
Emsisoft Trojan.GenericKD.40175005 (B) 20180312
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/GenKryptik.BIJY 20180312
F-Secure Trojan.GenericKD.40175005 20180312
GData Trojan.GenericKD.40175005 20180312
Ikarus Trojan.Win32.Krypt 20180312
K7AntiVirus Trojan ( 005205081 ) 20180312
K7GW Trojan ( 005205081 ) 20180312
Kaspersky Trojan-Banker.Win32.Emotet.aanl 20180312
Malwarebytes Trojan.Emotet 20180312
MAX malware (ai score=96) 20180312
McAfee Emotet-FEI!EF45F24F3282 20180312
McAfee-GW-Edition BehavesLike.Win32.Rootkit.ch 20180312
eScan Trojan.GenericKD.40175005 20180312
Palo Alto Networks (Known Signatures) generic.ml 20180312
Panda Trj/GdSda.A 20180312
Rising Trojan.GenKryptik!8.AA55 (TFE:1:tnWtf2RK0qQ) 20180312
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180312
Symantec Trojan.Emotet 20180312
TrendMicro TROJ_GEN.R011C0OCC18 20180312
TrendMicro-HouseCall TROJ_GEN.R011C0OCC18 20180312
VIPRE Trojan.Win32.Generic!BT 20180312
Webroot W32.Trojan.Emotet 20180312
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aanl 20180312
Alibaba 20180312
Antiy-AVL 20180312
Avast-Mobile 20180312
Bkav 20180312
CAT-QuickHeal 20180312
CMC 20180312
Comodo 20180312
Cybereason None
Cyren 20180312
DrWeb 20180312
F-Prot 20180312
Fortinet 20180312
Sophos ML 20180121
Jiangmin 20180312
Kingsoft 20180312
Microsoft 20180312
NANO-Antivirus 20180312
nProtect 20180312
Qihoo-360 20180312
SUPERAntiSpyware 20180312
Symantec Mobile Insight 20180311
Tencent 20180312
TheHacker 20180311
TotalDefense 20180312
Trustlook 20180312
VBA32 20180312
ViRobot 20180312
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
Zoner 20180312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-11 12:34:05
Entry Point 0x000025A0
Number of sections 6
PE sections
PE imports
DeleteAce
GetICMProfileA
GetPerAdapterInfo
GetModuleHandleA
IsSystemResumeAutomatic
WTSGetActiveConsoleSessionId
FlsGetValue
GetModuleFileNameA
FlsFree
GetBinaryTypeA
RpcRevertToSelfEx
IUnknown_AddRef_Proxy
SHGetFileInfoA
DestroyAcceleratorTable
AnyPopup
TrackMouseEvent
TrackPopupMenu
InSendMessage
Ord(29)
memset
CoGetMalloc
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:11 13:34:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1012959262

LinkerVersion
11.2

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x25a0

InitializedDataSize
110592

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
1

File identification
MD5 ef45f24f3282832de345aee222a14865
SHA1 3b51eacf48088d905611c7b54d2630b54dc1028c
SHA256 663261b622677cab7acfe31d8afe4e183ac7b95c4b0be3e0c9b82d0d38670cc0
ssdeep
1536:8cs2tSZkJF4sZxVecM+OGVvmMjNi148btX:8cNv46beV+f/NU48l

authentihash 056a3add0f9d23c6623594b41d48ee8339efbde10398ed90be6d4ec1eff26907
imphash 8b86a1c199686d28a7d2ef72e36b858e
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-11 12:52:37 UTC ( 6 months, 1 week ago )
Last submission 2018-05-08 17:48:10 UTC ( 4 months, 2 weeks ago )
File names yUtwfAvZwwLl1IX.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!