× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6880e0ffe1fc8c611b63be21f3c96aa5feac0f80bd2c36967ca14107843905b6
File name: 310.exe
Detection ratio: 46 / 69
Analysis date: 2018-12-01 07:30:33 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40797136 20181201
AegisLab Trojan.Multi.Generic.4!c 20181201
AhnLab-V3 Trojan/Win32.Emotet.R246938 20181130
ALYac Trojan.GenericKD.40797136 20181201
Arcabit Trojan.Generic.D26E83D0 20181201
Avast Win32:BankerX-gen [Trj] 20181201
AVG Win32:BankerX-gen [Trj] 20181201
BitDefender Trojan.GenericKD.40797136 20181201
Bkav HW32.Packed. 20181129
Comodo Malware@#24zmm5llifk4y 20181201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.865dc2 20180225
Cylance Unsafe 20181201
Cyren W32/Trojan.ZGVH-3134 20181201
DrWeb Trojan.EmotetENT.314 20181201
eGambit Unsafe.AI_Score_94% 20181201
Emsisoft Trojan.GenericKD.40797136 (B) 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNHT 20181201
F-Prot W32/Emotet.KA.gen!Eldorado 20181201
F-Secure Trojan.GenericKD.40797136 20181201
Fortinet W32/GenKryptik.CRRV!tr 20181201
GData Trojan.GenericKD.40797136 20181201
Ikarus Trojan-Banker.Emotet 20181130
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005428781 ) 20181201
K7GW Trojan ( 005428781 ) 20181201
Kaspersky Trojan-Banker.Win32.Emotet.bsoi 20181201
Malwarebytes Trojan.Emotet 20181201
MAX malware (ai score=100) 20181201
McAfee Emotet-FKM!A6ABC72093B7 20181201
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181201
Microsoft Trojan:Win32/Occamy.C 20181201
eScan Trojan.GenericKD.40797136 20181201
Palo Alto Networks (Known Signatures) generic.ml 20181201
Panda Trj/Genetic.gen 20181130
Qihoo-360 HEUR/QVM20.1.8959.Malware.Gen 20181201
Rising Trojan.Kryptik!1.B4D6 (CLASSIC) 20181201
Sophos AV Mal/EncPk-AOG 20181201
Symantec Trojan.Emotet 20181201
Tencent Win32.Trojan-banker.Emotet.Lnod 20181201
Trapmine malicious.moderate.ml.score 20181128
TrendMicro TROJ_GEN.F0C2C00KU18 20181201
TrendMicro-HouseCall TROJ_GEN.F0C2C00KU18 20181201
Webroot W32.Trojan.Emotet 20181201
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bsoi 20181201
Alibaba 20180921
Antiy-AVL 20181201
Avast-Mobile 20181201
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
CAT-QuickHeal 20181130
ClamAV 20181201
CMC 20181130
Jiangmin 20181201
Kingsoft 20181201
NANO-Antivirus 20181201
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181201
TheHacker 20181129
TotalDefense 20181201
Trustlook 20181201
VBA32 20181130
ViRobot 20181130
Yandex 20181130
Zillya 20181130
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uzbe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-19 14:43:13
Entry Point 0x00004D60
Number of sections 6
PE sections
PE imports
PrivilegeCheck
IsTextUnicode
GetOldestEventLogRecord
LookupPrivilegeNameA
EnumServicesStatusW
GetClusterResourceNetworkName
GetObjectA
GetLogColorSpaceA
GetTextMetricsW
GetCharacterPlacementW
GetSystemPaletteUse
GetTextColor
GetStretchBltMode
GdiSetBatchLimit
GetTextExtentPoint32W
GetTextFaceA
GetSystemTime
FindFirstFileExW
GetThreadPriority
WritePrivateProfileStructA
GetCommandLineW
GetLongPathNameA
GetProcessTimes
EnumSystemCodePagesA
IsValidLocale
EscapeCommFunction
GetStringTypeW
WriteProfileStringW
GetCurrentThread
ExtractIconExA
ExtractAssociatedIconW
DecryptMessage
FindWindowExA
EnumWindowStationsA
SetTimer
MessageBoxW
IsClipboardFormatAvailable
GetScrollRange
GetScrollPos
GetUpdateRect
FindWindowW
GetShellWindow
GetFocus
IsWindowEnabled
GetDlgItemTextW
GetMenuDefaultItem
GetThreadDesktop
GetMenuStringW
GetUrlCacheEntryInfoExW
GetPrinterDataW
SCardGetStatusChangeW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 1
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Uzbe

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x4d60

MIMEType
application/octet-stream

TimeStamp
1995:11:19 15:43:13+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TVersion
1.0

CodeSize
20480

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a6abc72093b75c1627da2c24aa2e73ac
SHA1 40daabb865dc2dd7ed0c258dbceaa1757dd927ed
SHA256 6880e0ffe1fc8c611b63be21f3c96aa5feac0f80bd2c36967ca14107843905b6
ssdeep
3072:xtZSh+AC7Kuw87MK9OpGOKVR4uAveZGldsnW5FBenQhqc4iw+B0M98ITHxvqWTJX:AlC7Kuw87MK9OpGOKP4uAveZGldsnAfB

authentihash 78c5446a4ca7f14046865265cea16336b45d24fdbe5d379daa12b04e3d9e0cc5
imphash a255c9af4896c92092417f7a25cdadde
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-29 18:56:05 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-29 18:56:05 UTC ( 2 months, 3 weeks ago )
File names rasmddefw.exe
310.exe
310.exe
HtPKeGLk.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.