× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69a14e5bf0bb72d20cf54988e1970941dd12e6813b0ee58480ac4014b45cb12e
File name: cea99798368c5d89ccd16ea98a9c1a21.virus
Detection ratio: 35 / 69
Analysis date: 2018-10-08 20:38:46 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.KC 20181008
AhnLab-V3 Trojan/Win32.Emotet.C2741705 20181008
ALYac Trojan.Emotet.KC 20181008
Arcabit Trojan.Emotet.KC 20181008
Avast Win32:TrojanX-gen [Trj] 20181008
AVG Win32:TrojanX-gen [Trj] 20181008
BitDefender Trojan.Emotet.KC 20181008
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.8368c5 20180225
Cylance Unsafe 20181008
Cyren W32/Trojan.XTEF-6485 20181008
DrWeb Trojan.Gozi.344 20181008
Emsisoft Trojan.Agent (A) 20181008
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.BP 20181008
F-Prot W32/Trojan2.PYXG 20181008
Fortinet W32/GenKryptik.CMYY!tr 20181008
GData Trojan.Emotet.KC 20181008
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053e1681 ) 20181008
K7GW Trojan ( 0053e1681 ) 20181008
Kaspersky Trojan-Spy.Win32.Ursnif.aahz 20181008
Malwarebytes Trojan.Emotet 20181008
MAX malware (ai score=82) 20181008
McAfee Emotet-FJG!CEA99798368C 20181008
McAfee-GW-Edition Emotet-FJG!CEA99798368C 20181008
Microsoft Trojan:Win32/Emotet.AP 20181008
eScan Trojan.Emotet.KC 20181008
Panda Trj/GdSda.A 20181008
Qihoo-360 HEUR/QVM20.1.64D9.Malware.Gen 20181008
Sophos AV Mal/EncPk-ANX 20181008
Symantec ML.Attribute.HighConfidence 20181008
VBA32 Trojan.Gozi 20181008
Webroot W32.Trojan.Gen 20181008
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aahz 20181008
AegisLab 20181008
Alibaba 20180921
Antiy-AVL 20181008
Avast-Mobile 20181008
Avira (no cloud) 20181008
AVware 20180925
Babable 20180918
Baidu 20181008
Bkav 20181008
CAT-QuickHeal 20181008
ClamAV 20181008
CMC 20181008
Comodo 20181008
eGambit 20181008
F-Secure 20181008
Ikarus 20181008
Jiangmin 20181008
Kingsoft 20181008
NANO-Antivirus 20181008
Palo Alto Networks (Known Signatures) 20181008
Rising 20181008
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181008
Tencent 20181008
TheHacker 20181008
TotalDefense 20181008
TrendMicro 20181008
TrendMicro-HouseCall 20181008
Trustlook 20181008
VIPRE 20181008
ViRobot 20181008
Yandex 20181008
Zillya 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name aspnet_counters.dll
Internal name aspnet_counters.dll
File version 4.0.30319.34209 built by: FX452RTMGDR
Description Microsoft ASP.NET Performance Counter Shim DLL
Comments Flavor=Retail
Signature verification The digital signature of the object did not verify.
Signing date 12:45 AM 2/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-23 13:50:15
Entry Point 0x000026D0
Number of sections 10
PE sections
Overlays
MD5 760266e33055fe13f053f9e76058e3d0
File type data
Offset 196608
Size 5568
Entropy 7.42
PE imports
CryptDeriveKey
RegSetKeySecurity
RegQueryInfoKeyA
AdjustTokenGroups
LocaleNameToLCID
EnumSystemCodePagesW
GetPrivateProfileSectionNamesA
SetCurrentConsoleFontEx
CompareStringA
FindFirstFileExW
TzSpecificLocalTimeToSystemTime
DsListSitesW
SafeArrayDestroyDescriptor
CreateTypeLib2
I_RpcFreeBuffer
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
StrChrNW
PathIsUNCA
SetUserObjectInformationW
OffsetRect
midiOutCacheDrumPatches
Ord(30)
isdigit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Flavor=Retail

InitializedDataSize
18176

ImageVersion
5.1

ProductName
Microsoft .NET Framework

FileVersionNumber
4.0.30319.34209

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.0

PrivateBuild
DDBLD354

FileTypeExtension
exe

OriginalFileName
aspnet_counters.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0.30319.34209 built by: FX452RTMGDR

TimeStamp
2009:11:23 14:50:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aspnet_counters.dll

ProductVersion
4.0.30319.34209

FileDescription
Microsoft ASP.NET Performance Counter Shim DLL

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
359936

FileSubtype
0

ProductVersionNumber
4.0.30319.34209

EntryPoint
0x26d0

ObjectFileType
Dynamic link library

File identification
MD5 cea99798368c5d89ccd16ea98a9c1a21
SHA1 308c6f4e53653fd2394012a7d8e9a8569f4766cf
SHA256 69a14e5bf0bb72d20cf54988e1970941dd12e6813b0ee58480ac4014b45cb12e
ssdeep
1536:u8IEfS0kN1aexFEgY8jHhbQRfwBfO/Zl4thddkaW/7qCFrgfDvr+ESOkiT:k+IjHhbQRfws/ydjufpgfDT+tO7

authentihash 2382c03281fb3738fa7ca83060118a86559117588af838d087a555c9f4d08ae9
imphash d57fd27bb594bd0cdf4d94ea07822435
File size 197.4 KB ( 202176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-08 20:38:46 UTC ( 6 months, 2 weeks ago )
Last submission 2018-10-08 20:38:46 UTC ( 6 months, 2 weeks ago )
File names aspnet_counters.dll
cea99798368c5d89ccd16ea98a9c1a21.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!