× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b137a4e439017ecc92fb9e1f5e2632eead6f58008c917a2a1c5bf64328880e4
File name: szMshield
Detection ratio: 48 / 57
Analysis date: 2016-06-03 20:53:25 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2243594 20160603
AegisLab Troj.W32.Inject.upov!c 20160603
AhnLab-V3 Trojan/Win32.Injector 20160603
ALYac Trojan.GenericKD.2243594 20160603
Antiy-AVL Trojan/Win32.Inject 20160603
Arcabit Trojan.Generic.D223C0A 20160603
Avast Win32:Emotet-Q [Trj] 20160603
AVG Inject2.BUSQ 20160603
Avira (no cloud) TR/Dropper.VB.28925 20160603
AVware Trojan.Win32.Generic.pak!cobra 20160603
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160603
Baidu-International Trojan.Win32.Emotet.r 20160603
BitDefender Trojan.GenericKD.2243594 20160603
CAT-QuickHeal Trojan.Emotet.rw3 20160603
Comodo UnclassifiedMalware 20160603
Cyren W32/Backdoor.AWSH-6002 20160603
DrWeb Trojan.Emotet.129 20160603
Emsisoft Trojan.Win32.Emotet (A) 20160603
ESET-NOD32 Win32/Emotet.AD 20160603
F-Prot W32/Backdoor2.HYBO 20160603
F-Secure Trojan:W32/Emotet.B 20160603
Fortinet W32/Emotet.AD!tr 20160603
GData Trojan.GenericKD.2243594 20160603
Ikarus Trojan.Win32.Emotet 20160603
Jiangmin Trojan/Inject.awyj 20160603
K7AntiVirus Trojan ( 004b8c611 ) 20160603
K7GW Trojan ( 004b8c611 ) 20160603
Kaspersky Trojan.Win32.Inject.upov 20160603
Malwarebytes Trojan.FakeAdobe.ED 20160603
McAfee Generic.dx!BBB080336BC3 20160603
McAfee-GW-Edition BehavesLike.Win32.Downloader.dt 20160603
Microsoft Trojan:Win32/Emotet!rfn 20160603
eScan Trojan.GenericKD.2243594 20160603
NANO-Antivirus Trojan.Win32.Emotet.dszwpe 20160603
nProtect Trojan.GenericKD.2243594 20160603
Panda Trj/Agent.IVN 20160603
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20160603
Rising Trojan.Win32.Emotet.x 20160603
Sophos AV Troj/Inject-BLP 20160603
SUPERAntiSpyware Trojan.Agent/Gen-VB 20160603
Symantec Trojan.Zbot 20160603
Tencent Win32.Trojan.Inject.Pitk 20160603
TrendMicro TSPY_EMOTET.LNE 20160603
TrendMicro-HouseCall TSPY_EMOTET.LNE 20160603
VBA32 Trojan.Emotet 20160603
VIPRE Trojan.Win32.Generic.pak!cobra 20160603
Yandex Trojan.Inject!J3sLvtsIJPc 20160603
Zillya Trojan.Emotet.Win32.56 20160603
Alibaba 20160603
Bkav 20160603
ClamAV 20160603
CMC 20160602
Kingsoft 20160603
TheHacker 20160602
TotalDefense 20160603
ViRobot 20160603
Zoner 20160603
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product de Porto Santo Antonio Da Patrulha
Original name szMshield.exe
Internal name szMshield
File version 1.00.0052
Description de Porto Santo Antonio Da Patrulha
Comments de Porto Santo Antonio Da Patrulha
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-23 12:02:37
Entry Point 0x00001480
Number of sections 3
PE sections
Overlays
MD5 a32089c9376650e12d8eef08678eee84
File type data
Offset 184320
Size 51329
Entropy 7.96
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
__vbaGet3
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaUI1Var
__vbaVarAnd
__vbaRedim
Ord(537)
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
Ord(608)
__vbaFreeStr
Ord(631)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaI4Str
__vbaLenBstr
Ord(525)
__vbaResume
__vbaRedimPreserve
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaLbound
__vbaFileOpen
_CIsin
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
__vbaVarLateMemCallLdRf
__vbaVarSetVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
Ord(570)
__vbaAryCopy
__vbaAryUnlock
__vbaVarLateMemSt
__vbaStrVarCopy
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaExitProc
__vbaVarOr
__vbaVarTstNe
__vbaVarXor
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(563)
_adj_fdiv_m32
Ord(685)
EVENT_SINK_AddRef
__vbaOnError
_adj_fpatan
Ord(712)
_adj_fdivr_m32i
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
__vbaVarCat
_CIexp
_CItan
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
RUSSIAN 1
ENGLISH US 1
KASHMIRI SASIA 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
de Porto Santo Antonio Da Patrulha

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.52

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
69632

EntryPoint
0x1480

OriginalFileName
szMshield.exe

MIMEType
application/octet-stream

FileVersion
1.00.0052

TimeStamp
2015:03:23 13:02:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
szMshield

SubsystemVersion
4.0

ProductVersion
1.00.0052

FileDescription
de Porto Santo Antonio Da Patrulha

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
de Porto Santo Antonio Da Patrulha

CodeSize
110592

ProductName
de Porto Santo Antonio Da Patrulha

ProductVersionNumber
1.0.0.52

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bbb080336bc3bfa054d9c8491db5e2d4
SHA1 4defae12f633e3e713f962758b80615c2f7066f2
SHA256 6b137a4e439017ecc92fb9e1f5e2632eead6f58008c917a2a1c5bf64328880e4
ssdeep
3072:RUdQ8XjlsLAgFI8OJmY5RoBtWqcvOrKV5LY:OdQ8XjlsLAgFI8jKM/VuV9Y

authentihash b7da0ec996b2cabb07a89020eed00c236d4e070073080de9b7bce1801588619e
imphash 2647beb047a48ef23ed21a284ba36f41
File size 230.1 KB ( 235649 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-03-23 12:29:08 UTC ( 2 years, 10 months ago )
Last submission 2015-03-25 14:19:32 UTC ( 2 years, 10 months ago )
File names dhl_aktueller_status.exe
szMshield
Dhl_Aktueller_Status_03_2015_nolp_dhl_de_id090383847023_member_user_userDHL_000394003520438_0_3_3874.exe
{C9324414-CFD7-7901-5714-99FEDC877C44}.exe.txt
Dhl_Aktueller_Status_03_2015_nolp_dhl_de_id090383847023_member_user_userDHL_000394003520438_0_3_3874_exe
2015_03Details_zur_Transaktion_7895111____sparkasse____08_02_11___id_0000239092388.exe
2015_03Details_zur_Transaktion_7895111____sparkasse____08_02_11___id_0000239092388.exe$
67F2.exe
szMshield.exe
2015_03Details_zur_Transaktion_1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!