× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 693a6fa44cb4cb65b549efaccbce1ee6b93c4b8aad538ddaa726c63ceeda1219
File name: emotet_e1_693a6fa44cb4cb65b549efaccbce1ee6b93c4b8aad538ddaa726c63...
Detection ratio: 45 / 71
Analysis date: 2019-01-18 13:19:08 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190118
Ad-Aware Trojan.GenericKD.31536390 20190118
AegisLab Trojan.Win32.Emotet.4!c 20190118
Arcabit Trojan.Generic.D1E13506 20190118
Avast Win32:BankerX-gen [Trj] 20190118
AVG Win32:BankerX-gen [Trj] 20190118
BitDefender Trojan.GenericKD.31536390 20190118
Bkav HW32.Packed. 20190118
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.ea81c7 20190109
Cylance Unsafe 20190118
Cyren W32/Trojan.OIEC-1905 20190118
eGambit Unsafe.AI_Score_99% 20190118
Emsisoft Trojan.Emotet (A) 20190118
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190118
F-Secure Trojan.GenericKD.31536390 20190118
Fortinet W32/GenKryptik.CWUC!tr 20190118
GData Trojan.GenericKD.31536390 20190118
Ikarus Trojan-Banker.Emotet 20190118
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545c241 ) 20190118
K7GW Trojan ( 00545c241 ) 20190118
Kaspersky Trojan-Banker.Win32.Emotet.cact 20190118
Malwarebytes Trojan.Emotet 20190118
MAX malware (ai score=84) 20190118
McAfee RDN/Generic.grp 20190118
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190117
Microsoft Trojan:Win32/Emotet.AC!bit 20190118
eScan Trojan.GenericKD.31536390 20190118
NANO-Antivirus Virus.Win32.Gen.ccmw 20190118
Palo Alto Networks (Known Signatures) generic.ml 20190118
Panda Trj/Emotet.D 20190118
Qihoo-360 Win32/Trojan.dac 20190118
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190118
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190118
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.high.ml.score 20190102
TrendMicro TSPY_EMOTET.SMD13 20190118
TrendMicro-HouseCall TSPY_EMOTET.SMD13 20190118
VBA32 BScope.Trojan.Refinka 20190118
ViRobot Trojan.Win32.Z.Emotet.158720.B 20190118
Webroot W32.Trojan.Emotet 20190118
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cact 20190118
AhnLab-V3 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Avast-Mobile 20190117
Avira (no cloud) 20190118
AVware 20180925
Babable 20180917
Baidu 20190117
CAT-QuickHeal 20190118
ClamAV 20190118
CMC 20190118
Comodo 20190118
DrWeb 20190118
F-Prot 20190118
Jiangmin 20190118
Kingsoft 20190118
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190118
TheHacker 20190114
TotalDefense 20190117
Trustlook 20190118
Yandex 20190117
Zillya 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Product Micros
Internal name kbdusx (
File version 6.1.760
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-17 15:01:25
Entry Point 0x000033D1
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
InitiateSystemShutdownA
CryptHashSessionKey
LookupPrivilegeDisplayNameW
GetUserNameA
IsTextUnicode
GetTextCharsetInfo
GetViewportOrgEx
GetWindowExtEx
GetOutlineTextMetricsA
GetTextExtentPointA
GetClipBox
DeleteColorSpace
GetPolyFillMode
EndPage
LineTo
BitBlt
ExtSelectClipRgn
GdiSetBatchLimit
ExtEscape
GetLayout
GetUserDefaultUILanguage
GetSystemTime
GetSystemWindowsDirectoryA
HeapFree
GetModuleFileNameW
GetConsoleOutputCP
MapViewOfFile
GetFileAttributesA
EraseTape
GetCurrentProcess
GetCurrentDirectoryA
GlobalFindAtomA
GlobalGetAtomNameA
GetConsoleDisplayMode
GlobalUnlock
FindNLSString
FlushFileBuffers
GetFileAttributesW
GlobalHandle
lstrlenW
GetLocalTime
IsWow64Process
GetStartupInfoA
GetPriorityClass
GetDiskFreeSpaceExA
Wow64DisableWow64FsRedirection
GetConsoleMode
GetThreadSelectorEntry
GetConsoleCursorInfo
GetWindowsDirectoryA
GetDateFormatW
SetErrorMode
MultiByteToWideChar
GetPrivateProfileStructW
GetFileInformationByHandle
GetCompressedFileSizeA
GlobalLock
GetSystemPowerStatus
GetProcessHeap
CreateFileMappingW
EnumResourceNamesW
GetTimeFormatW
GetPrivateProfileSectionW
CreateThread
LoadLibraryW
InterlockedExchange
GetCommTimeouts
Wow64RevertWow64FsRedirection
GetMailslotInfo
FindNextFileA
FindAtomW
GetSystemDirectoryA
GetStringTypeW
GetModuleHandleW
FindActCtxSectionStringW
GetFileAttributesExW
LocalFree
FormatMessageW
QueryIdleProcessorCycleTime
ResumeThread
FreeLibraryAndExitThread
UnmapViewOfFile
GlobalAlloc
VirtualFree
GetPrivateProfileStringA
EnumSystemGeoID
GetComputerNameExW
GetFileType
HeapAlloc
FindResourceA
VirtualAlloc
GetCurrencyFormatW
VarCyMulI4
RpcServerListen
ExtractAssociatedIconA
RegisterClassExW
EnumWindowStationsA
GetForegroundWindow
LoadImageA
GetCursorInfo
GetMessageW
LoadCursorW
DefWindowProcW
CharUpperW
GetCapture
DestroyMenu
ExcludeUpdateRgn
GetComboBoxInfo
PostQuitMessage
IsWindowUnicode
MessageBeep
RegisterWindowMessageW
SetWindowPos
GetRawInputDeviceInfoW
GetMenuState
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
EnableWindow
SetWindowPlacement
DrawIcon
DialogBoxParamW
GetSystemMenu
CloseClipboard
IsRectEmpty
FindWindowExW
GetSysColor
SetActiveWindow
GetMenuBarInfo
CreateDialogParamW
GetWindowRgn
SetScrollPos
GetMenuStringW
CheckMenuItem
SendMessageW
GetPriorityClipboardFormat
GetWindowPlacement
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
MoveWindow
LoadIconW
IsIconic
UpdateWindow
InvalidateRect
InsertMenuA
GetSubMenu
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
GetKeyboardLayout
GetMenuStringA
FindWindowW
GetWindowTextW
EnableMenuItem
GetSysColorBrush
CreateIconFromResource
LockWindowUpdate
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
CharNextW
SetCursor
GetFileVersionInfoA
InternetGoOnline
FindNextPrinterChangeNotification
GetColorProfileHeader
strncmp
mbtowc
localeconv
fputwc
towupper
strcmp
fgetws
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
GetConvertStg
CoTaskMemFree
FaultInIEFeature
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
34816

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
133120

EntryPoint
0x33d1

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. Al

FileVersion
6.1.760

TimeStamp
2019:01:17 16:01:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdusx (

ProductVersion
6.1.760

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpor

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2b3d345c7a739593c9f1c9f735ac4d96
SHA1 56f07aaea81c704f3f8c58832aeed7178b79a0fb
SHA256 693a6fa44cb4cb65b549efaccbce1ee6b93c4b8aad538ddaa726c63ceeda1219
ssdeep
3072:aPFBZ8mT4/XE8dSNP/v849W0hlNh/v1GrJRV8ydh4YerJzFXPvkRuSO8jjfS:8BZ8mT4/XDQ/04s0hFX/8

authentihash bc75e49f738137e4bc30595c8b90d55d371699e4014052b2d758dbf7a372edcc
imphash 4e00e4b72dd697020b2f01b0c2f708fe
File size 155.0 KB ( 158720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (46.2%)
Win32 Dynamic Link Library (generic) (18.4%)
Win32 Executable (generic) (12.6%)
Win16/32 Executable Delphi generic (5.8%)
OS/2 Executable (generic) (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-17 15:03:57 UTC ( 2 months ago )
Last submission 2019-01-18 04:36:49 UTC ( 2 months ago )
File names emotet_e1_693a6fa44cb4cb65b549efaccbce1ee6b93c4b8aad538ddaa726c63ceeda1219_2019-01-17__151002.exe_
kbdusx (
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!