× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d906d927c0a17326cf1c6e430572ceccce94d5531ff59ac73bf35f871b8319d
File name: 6d906d927c0a17326cf1c6e430572ceccce94d5531ff59ac73bf35f871b8319d
Detection ratio: 45 / 66
Analysis date: 2018-10-19 01:42:39 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.PasswordStealer.GenericKD.31215497 20181019
AhnLab-V3 Trojan/Win32.Emotet.R237100 20181018
ALYac Trojan.Agent.Emotet 20181018
Antiy-AVL Trojan/Win32.Kryptik 20181019
Arcabit Trojan.PasswordStealer.Generic.D1DC4F89 20181018
Avast Win32:Malware-gen 20181019
AVG Win32:Malware-gen 20181019
BitDefender Trojan.PasswordStealer.GenericKD.31215497 20181019
CAT-QuickHeal Trojan.Emotet.X4 20181018
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20181019
Cyren W32/Emotet.GH.gen!Eldorado 20181019
DrWeb Trojan.EmotetENT.281 20181019
Emsisoft Trojan.PasswordStealer.GenericKD.31215497 (B) 20181019
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKTJ 20181018
F-Prot W32/Emotet.GH.gen!Eldorado 20181019
F-Secure Trojan.PasswordStealer.GenericKD.31215497 20181018
Fortinet W32/Kryptik.GKUW!tr 20181019
GData Trojan.PasswordStealer.GenericKD.31215497 20181019
K7AntiVirus Trojan ( 0053c65d1 ) 20181018
K7GW Trojan ( 0053c65d1 ) 20181018
Kaspersky Trojan-Banker.Win32.Emotet.bdoe 20181018
Malwarebytes Trojan.Emotet 20181019
McAfee RDN/Generic.grp 20181018
McAfee-GW-Edition BehavesLike.Win32.Emotet.fm 20181018
Microsoft Trojan:Win32/Emotet.AC!bit 20181019
eScan Trojan.PasswordStealer.GenericKD.31215497 20181018
NANO-Antivirus Trojan.Win32.Emotet.fhuckq 20181019
Palo Alto Networks (Known Signatures) generic.ml 20181019
Panda Trj/Genetic.gen 20181018
Qihoo-360 HEUR/QVM20.1.EF31.Malware.Gen 20181019
Rising Spyware.Ursnif!8.1DEF (TFE:1:0KHXwQGJ8ON) 20181019
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181018
SUPERAntiSpyware Trojan.Agent/Gen-Emotet 20181015
Symantec Packed.Generic.517 20181018
TACHYON Trojan/W32.Agent.356352.ADB 20181019
Tencent Win32.Trojan-banker.Emotet.Wstt 20181019
TrendMicro TSPY_EMOTET.THIBOAH 20181019
TrendMicro-HouseCall TSPY_EMOTET.THIBOAH 20181018
VBA32 TrojanBanker.Emotet 20181018
Webroot W32.Trojan.Emotet 20181019
Zillya Trojan.Emotet.Win32.3902 20181018
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bdoe 20181018
AegisLab 20181019
Alibaba 20180921
Avast-Mobile 20181018
Avira (no cloud) 20181019
Babable 20180918
Baidu 20181018
Bkav 20181018
ClamAV 20181018
CMC 20181018
Cybereason 20180225
eGambit 20181019
Sophos ML 20180717
Jiangmin 20181018
Kingsoft 20181019
MAX 20181019
Symantec Mobile Insight 20181001
TheHacker 20181018
TotalDefense 20181018
Trustlook 20181019
ViRobot 20181018
Yandex 20181018
Zoner 20181018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-14 17:51:17
Entry Point 0x0001BDFB
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
FrameRgn
FlushFileBuffers
SetThreadLocale
GetModuleHandleA
VerifyScripts
GetProcessHeap
BSTR_UserFree
RasDeleteEntryW
I_RpcGetExtendedError
SetupDiBuildClassInfoListExW
StrChrNW
IsCharLowerW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1bdfb

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:14 19:51:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
118784

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d2f9df32a137f2a8b01658fee1c161f7
SHA1 aeb58fa9f900878b6a6d47f9040846655e43de0e
SHA256 6d906d927c0a17326cf1c6e430572ceccce94d5531ff59ac73bf35f871b8319d
ssdeep
6144:GTHaOFxUe7LNg0YZCGMT68PNCPutP0Ejs2oefGZ7Zf:GOO/UkNOcGMPPNC2Z0EjCef2lf

authentihash c970600be19a7a091322fcf18b4ca05a47647026e7eebb938e4f37ed23bd6ed6
imphash 98b4ad37c5c1cc0eaad2a8ba1e7f027b
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-14 10:55:24 UTC ( 5 months, 1 week ago )
Last submission 2018-09-14 10:55:24 UTC ( 5 months, 1 week ago )
File names 828.exe
QllZd.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!