× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a4317473ec9c2a2e4e4e13597807664f10f1add84e639e866374f0c1700a4e0
File name: emotet_exe_e2_6a4317473ec9c2a2e4e4e13597807664f10f1add84e639e8663...
Detection ratio: 27 / 67
Analysis date: 2019-04-04 15:09:07 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190330
Ad-Aware Trojan.Agent.DTVP 20190404
Avast Win32:BankerX-gen [Trj] 20190404
AVG Win32:BankerX-gen [Trj] 20190404
Avira (no cloud) TR/AD.Emotet.tcyca 20190404
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.67ccf6 20190403
Cyren W32/Emotet.SI.gen!Eldorado 20190404
DrWeb Trojan.Emotet.669 20190404
eGambit Unsafe.AI_Score_92% 20190404
Emsisoft Trojan.Emotet (A) 20190404
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Injector.EELU 20190404
FireEye Generic.mg.5e3ebd18b458e795 20190404
Fortinet W32/Generic.AP.290658!tr 20190404
Ikarus Trojan-Banker.Emotet 20190404
Sophos ML heuristic 20190313
Malwarebytes Trojan.Emotet 20190404
McAfee Emotet-FMG!5E3EBD18B458 20190404
Microsoft Trojan:Win32/Emotet.AC!bit 20190404
Palo Alto Networks (Known Signatures) generic.ml 20190404
Qihoo-360 HEUR/QVM20.1.4D1D.Malware.Gen 20190404
Rising Trojan.Injector!8.C4 (RDM+:cmRtazpuI/kmlXNcJaWABCxd6wXD) 20190404
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190404
Trapmine malicious.high.ml.score 20190325
VBA32 BScope.Malware-Cryptor.Emotet 20190404
AegisLab 20190404
AhnLab-V3 20190404
Alibaba 20190402
ALYac 20190404
Antiy-AVL 20190404
Arcabit 20190404
Avast-Mobile 20190404
Babable 20180918
Baidu 20190318
BitDefender 20190404
Bkav 20190404
CAT-QuickHeal 20190404
ClamAV 20190404
CMC 20190321
Comodo 20190404
F-Secure 20190404
GData 20190404
Jiangmin 20190404
K7AntiVirus 20190404
K7GW 20190404
Kaspersky 20190404
Kingsoft 20190404
MAX 20190404
McAfee-GW-Edition 20190403
eScan 20190404
NANO-Antivirus 20190404
Panda 20190404
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190325
TACHYON 20190404
Tencent 20190404
TheHacker 20190403
TotalDefense 20190404
TrendMicro-HouseCall 20190404
Trustlook 20190404
VIPRE 20190404
ViRobot 20190404
Yandex 20190402
Zillya 20190403
ZoneAlarm by Check Point 20190404
Zoner 20190404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product WinPcap
File version 4.1.0.2001
Description WinPcap 4.1.2 ikstaller
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:09 PM 4/4/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-04 05:55:04
Entry Point 0x000011F0
Number of sections 4
PE sections
Overlays
MD5 8e9f6860b2fc56db180de025ab6966cb
File type data
Offset 111104
Size 3336
Entropy 7.33
PE imports
GetTextMetricsW
CreateHalftonePalette
SetStretchBltMode
SaveDC
ResizePalette
GetPaletteEntries
GetClipBox
GetViewportOrgEx
GetObjectType
GetDeviceCaps
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
IntersectClipRect
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
GetCurrentObject
GetObjectW
CreatePalette
GetStockObject
SetViewportOrgEx
SelectPalette
GetDIBits
SelectClipRgn
CreateCompatibleDC
StretchBlt
StretchDIBits
CreateRectRgn
SelectObject
GetNearestPaletteIndex
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
SetEvent
GetDriveTypeA
FindNextFileA
HeapDestroy
SetFileTime
GetFileAttributesW
DuplicateHandle
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
ExitProcess
SetErrorMode
WideCharToMultiByte
FreeEnvironmentStringsW
GetLocaleInfoW
SetFileAttributesA
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
EnumResourceLanguagesA
SizeofResource
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
GetProfileIntA
GetFullPathNameW
GetStringTypeExA
OutputDebugStringA
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
InitializeCriticalSection
GlobalFindAtomW
lstrlenW
OutputDebugStringW
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GlobalHandle
LoadLibraryA
GetVolumeInformationA
EnumResourceLanguagesW
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetPrivateProfileStringW
FormatMessageA
CreateMutexA
CreateEventW
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetModuleHandleA
CreateMutexW
MulDiv
UnlockFile
ExitThread
MoveFileExA
SetEnvironmentVariableA
FindAtomW
WriteConsoleA
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
MoveFileW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
VirtualAllocEx
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
GetComputerNameW
GetTimeFormatW
WriteFile
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
WTSGetActiveConsoleSessionId
lstrcpyA
GetTimeFormatA
GetComputerNameExW
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
GlobalGetAtomNameA
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
RemoveDirectoryA
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
CompareStringA
TerminateProcess
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
AddAtomA
DeleteAtom
CloseHandle
OpenMutexW
EnumSystemLocalesA
GetACP
CopyFileA
GetModuleHandleW
FreeResource
GetFileAttributesExW
SetThreadPriority
SetStdHandle
GetLongPathNameW
CreateProcessA
TlsGetValue
IsValidCodePage
HeapCreate
GetTempPathW
VirtualQuery
VirtualFree
FatalAppExitA
GetLongPathNameA
Sleep
IsBadReadPtr
GetFileAttributesExA
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
SetFocus
SetDlgItemTextA
GetForegroundWindow
DdeConnect
SetMenuItemBitmaps
DrawTextW
BringWindowToTop
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
DdeDisconnect
DdeCreateStringHandleA
IsWindow
GrayStringW
DispatchMessageA
EndPaint
ScrollWindowEx
DdePostAdvise
SetDlgItemInt
IntersectRect
PeekMessageA
DdeCreateStringHandleW
GetMessageTime
SendMessageW
SetActiveWindow
DispatchMessageW
ChangeClipboardChain
GetCursorPos
DrawTextA
DdeInitializeA
GetDlgCtrlID
GetMenu
CreateWindowExA
DefFrameProcA
UnregisterClassW
GetClassInfoW
DdeInitializeW
GetDlgItemTextW
DdeFreeStringHandle
SetScrollPos
CallNextHookEx
LoadAcceleratorsA
IsClipboardFormatAvailable
CountClipboardFormats
ClientToScreen
GetTopWindow
ShowCursor
OpenClipboard
DdeCreateDataHandle
GetWindowTextW
SetDlgItemTextW
EnumClipboardFormats
LockWindowUpdate
wsprintfA
GetWindowTextLengthW
LoadAcceleratorsW
GetMenuStringA
GetMenuItemID
DestroyWindow
GetMessageA
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
DefMDIChildProcA
GetMessageW
ShowWindow
SetPropW
GetMenuState
GetClipboardFormatNameA
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
DdeFreeDataHandle
CharUpperW
GetDlgItemTextA
DdeKeepStringHandle
GetClipboardFormatNameW
LoadIconW
SetClipboardViewer
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
SetClipboardData
GetMenuBarInfo
CreatePopupMenu
LoadStringA
SetParent
RegisterClassW
ScrollWindow
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
DrawMenuBar
EnableMenuItem
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
GetDCEx
DdeClientTransaction
GetActiveWindow
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
DdeNameService
CreateWindowExW
ReleaseDC
GetWindowLongW
GetMenuItemInfoW
IsChild
MapWindowPoints
RegisterWindowMessageW
ReleaseCapture
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
GetClipboardOwner
DefWindowProcA
DrawFocusRect
GetClipboardData
GetParent
LoadBitmapW
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
DdeGetData
GetWindowRect
InflateRect
PostMessageA
DrawIcon
GetScrollRange
SetWindowLongA
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
SetWindowTextA
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
BeginDeferWindowPos
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CheckRadioButton
AppendMenuA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
DdeUnaccessData
DrawTextExW
EndDialog
ModifyMenuW
GetCapture
FindWindowA
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
DdeUninitialize
SetMenu
RegisterClipboardFormatA
DdeSetUserHandle
MoveWindow
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetProcessDefaultLayout
TabbedTextOutW
DestroyIcon
wsprintfW
IsWindowVisible
WinHelpW
DdeAccessData
UnpackDDElParam
SystemParametersInfoW
WinHelpA
UnionRect
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
SendMessageA
DdeQueryConvInfo
CallWindowProcW
GetClassNameW
TranslateAcceleratorA
GetClientRect
ValidateRect
IsRectEmpty
GetFocus
InsertMenuItemW
CloseClipboard
DdeGetLastError
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.2001

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
WinPcap 4.1.2 ikstaller

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
34304

EntryPoint
0x11f0

MIMEType
application/octet-stream

FileVersion
4.1.0.2001

TimeStamp
2019:04:04 07:55:04+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
75776

ProductName
WinPcap

ProductVersionNumber
4.1.0.2001

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5e3ebd18b458e795e792b944c8c944b4
SHA1 038624a67ccf6084c7962127623c58d6e1f619d7
SHA256 6a4317473ec9c2a2e4e4e13597807664f10f1add84e639e866374f0c1700a4e0
ssdeep
3072:+zimcXvQuDsKmmpVXAF6XhO+KLIXVWR4c2U40i:+WmcbDs3mppAF6xOvBJVi

authentihash 796bdb60c310e4a4530acf39906eb64b5c77e61e0586c06511cbd7521537f16c
imphash 507fabbcbca2beaa73860f7f60235837
File size 111.8 KB ( 114440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-04 15:09:07 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-04 15:09:07 UTC ( 1 month, 2 weeks ago )
File names emotet_exe_e2_6a4317473ec9c2a2e4e4e13597807664f10f1add84e639e866374f0c1700a4e0_2019-04-04__100002.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!