× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6dbf9c4695bf4317d86282acdb1d28a5e33e81393f0395c34a5c159250c20d3e
File name: G4_Bi.exe
Detection ratio: 47 / 70
Analysis date: 2019-04-05 17:38:26 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190330
Ad-Aware Trojan.GenericKD.41177913 20190405
AegisLab Trojan.Win32.Emotet.L!c 20190405
Alibaba Trojan:Win32/Emotet.c7f66ff1 20190401
ALYac Trojan.GenericKD.41177913 20190405
Arcabit Trojan.Generic.D2745339 20190405
Avast Win32:Trojan-gen 20190405
AVG Win32:DangerousSig [Trj] 20190405
Avira (no cloud) TR/Crypt.Agent.xadrr 20190405
BitDefender Trojan.GenericKD.41177913 20190405
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.e52236 20190403
Cylance Unsafe 20190405
Cyren W32/Emotet.SI.gen!Eldorado 20190405
DrWeb Trojan.Siggen8.23424 20190405
Emsisoft Trojan.GenericKD.41177913 (B) 20190405
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRFS 20190405
F-Prot W32/Emotet.SI.gen!Eldorado 20190405
F-Secure Trojan.TR/Crypt.Agent.xadrr 20190405
FireEye Generic.mg.be394c09f691d934 20190405
Fortinet W32/Generic.AP.290658!tr 20190405
GData Trojan.GenericKD.41177913 20190405
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a7b41 ) 20190405
K7GW Trojan ( 0054a7b41 ) 20190405
Kaspersky Trojan-Banker.Win32.Emotet.cvlo 20190405
Malwarebytes Trojan.Emotet 20190405
MAX malware (ai score=100) 20190405
McAfee GenericRXHI-PI!BE394C09F691 20190405
McAfee-GW-Edition Artemis!Trojan 20190405
Microsoft Trojan:Win32/Emotet.PA!MTB 20190405
eScan Trojan.GenericKD.41177913 20190405
Palo Alto Networks (Known Signatures) generic.ml 20190405
Panda Trj/GdSda.A 20190404
Qihoo-360 HEUR/QVM20.1.4DBF.Malware.Gen 20190405
Rising Trojan.Kryptik!8.8 (CLOUD) 20190405
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190405
Symantec Packed.Generic.459 20190405
Trapmine malicious.high.ml.score 20190325
TrendMicro TROJ_GEN.R002C0OD419 20190405
TrendMicro-HouseCall TROJ_GEN.R002C0OD419 20190405
VBA32 BScope.Malware-Cryptor.Emotet 20190405
VIPRE Trojan.Win32.Generic!BT 20190405
Webroot W32.Trojan.Gen 20190405
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cvlo 20190405
AhnLab-V3 20190405
Antiy-AVL 20190405
Avast-Mobile 20190405
Babable 20180918
Baidu 20190318
Bkav 20190405
CAT-QuickHeal 20190405
CMC 20190321
Comodo 20190405
eGambit 20190405
Jiangmin 20190405
Kingsoft 20190405
NANO-Antivirus 20190405
SUPERAntiSpyware 20190403
Symantec Mobile Insight 20190325
TACHYON 20190405
Tencent 20190405
TheHacker 20190405
TotalDefense 20190405
Trustlook 20190405
ViRobot 20190405
Yandex 20190404
Zillya 20190405
Zoner 20190404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGEDIT.EXE
Internal name REGEDIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Editor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 3:10 AM 4/11/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-04 09:44:40
Entry Point 0x00001830
Number of sections 4
PE sections
Overlays
MD5 ad5412efb9823a553a9dfab1e9eda90a
File type data
Offset 105984
Size 3336
Entropy 7.33
PE imports
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumKeyW
RegQueryValueExW
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW
ImageList_Create
PrintDlgExW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
SetDIBits
SetGraphicsMode
GetDIBColorTable
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
SetStretchBltMode
CreatePen
GetClipBox
Rectangle
BitBlt
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
EndDoc
SetBkMode
SetLayout
StretchBlt
SetWorldTransform
StartPage
DeleteObject
IntersectClipRect
CreateDCW
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
ExtTextOutW
GetObjectW
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
GetDIBits
ExtSelectClipRgn
SetROP2
SelectClipRgn
RoundRect
StartDocW
CreateRoundRectRgn
SetBrushOrgEx
EndPage
CreateRectRgn
SelectObject
AbortDoc
SetDIBColorTable
GdiRealizationInfo
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CreateToolhelp32Snapshot
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
HeapDestroy
GetHandleInformation
QueueUserAPC
GetCommandLineW
GetPrivateProfileStructW
VirtualAllocEx
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
InitializeSListHead
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
lstrcmpiA
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
Thread32First
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
ReadFile
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleScreenBufferSize
GetFileAttributesW
RaiseException
FreeLibrary
FatalAppExitW
SetConsoleCtrlHandler
AllocConsole
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
FindNextFileA
CreateEventW
_lclose
GetFullPathNameW
GlobalAddAtomW
CreateSemaphoreA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
SetThreadContext
WaitForMultipleObjectsEx
GlobalMemoryStatus
FindAtomW
GetModuleHandleExW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
FindFirstFileW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
WriteConsoleInputW
Process32Next
CreateRemoteThread
GetWindowsDirectoryW
LCMapStringW
GetWindowsDirectoryA
GetDateFormatW
GetEnvironmentVariableA
GetStartupInfoW
LoadModule
_hread
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
lstrcpyW
GetFileSizeEx
FreeEnvironmentStringsW
FindFirstFileExA
FindNextFileW
GetModuleHandleA
ResetEvent
Thread32Next
IsValidLocale
GlobalLock
SetVolumeLabelW
GetConsoleScreenBufferInfo
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
SetFileApisToOEM
GetFileType
TlsSetValue
ExitProcess
PrepareTape
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
CreateNamedPipeA
GetACP
WaitForSingleObjectEx
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
CompareFileTime
GetCompressedFileSizeW
GetCPInfo
HeapSize
GetCommandLineA
UpdateResourceA
CancelIo
WritePrivateProfileStringW
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
VerSetConditionMask
Module32NextW
GetAtomNameA
CloseHandle
VerifyVersionInfoW
GetModuleHandleW
SetThreadExecutionState
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
GetConsoleAliasExesLengthW
Sleep
TerminateProcess
GetProcAddress
CreateHardLinkW
SHGetFolderPathW
SHPathPrepareForWriteA
SHAddToRecentDocs
DragFinish
SHBindToParent
SHChangeNotify
SHIsFileAvailableOffline
SHGetPathFromIDListW
DragAcceptFiles
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileW
CommandLineToArgvW
PathIsNetworkPathW
SHSetValueW
StrRStrIW
SHDeleteKeyW
StrRChrW
StrCmpNW
StrStrIW
PathAppendW
StrCmpNA
StrStrW
SHDeleteValueW
PathIsRelativeW
SHGetValueW
RedrawWindow
GetForegroundWindow
LoadBitmapW
DestroyMenu
PostQuitMessage
DdeUninitialize
WINNLSGetIMEHotkey
SetWindowPos
DdeDisconnect
IsWindow
GrayStringW
SetDeskWallpaper
EndPaint
GrayStringA
WindowFromPoint
AppendMenuW
DdeCreateStringHandleW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
BeginPaint
SendMessageW
DefFrameProcA
GetClientRect
DdeInitializeW
DefWindowProcW
AllowSetForegroundWindow
SetMenuDefaultItem
DdeFreeStringHandle
GetScrollPos
DdeFreeDataHandle
LoadImageW
CountClipboardFormats
ClientToScreen
EnumClipboardFormats
GetWindowTextLengthW
LoadAcceleratorsW
LoadMenuIndirectW
InvalidateRgn
DrawTextW
CopyImage
TrackMouseEvent
DrawEdge
GetParent
UpdateWindow
GetWindow
GetPropW
SetClassLongW
CheckRadioButton
GetClassInfoExA
GetWindowContextHelpId
ShowWindow
DrawFrameControl
SetPropW
ValidateRect
PeekMessageW
EnableWindow
ShowWindowAsync
DdeKeepStringHandle
GetSystemMenu
TranslateMessage
FindWindowExW
RegisterClassW
CreateCursor
GetIconInfo
InsertMenuW
SetParent
SetClipboardData
IsZoomed
DestroyWindow
DdeConnect
IsIconic
GetPriorityClipboardFormat
SetTimer
DdeClientTransaction
FillRect
MonitorFromPoint
DeferWindowPos
IsWindowUnicode
CreateWindowExW
RemovePropW
GetWindowLongW
GetUpdateRect
GetWindowInfo
OpenClipboard
IMPQueryIMEW
MapWindowPoints
GetMonitorInfoW
OpenInputDesktop
IsCharAlphaNumericW
OffsetRect
SetFocus
DrawIcon
KillTimer
MapVirtualKeyW
DefMDIChildProcA
CheckMenuRadioItem
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SendDlgItemMessageW
PostMessageW
InvalidateRect
CheckDlgButton
WINNLSEnableIME
CreatePopupMenu
ShowCaret
GetLastActivePopup
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetScrollInfo
CreateDialogIndirectParamA
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuItemCount
IsDlgButtonChecked
TileChildWindows
BeginDeferWindowPos
GetMenuState
LoadCursorW
LoadIconW
ReuseDDElParam
GetDC
CheckMenuItem
SetForegroundWindow
GetMenuItemInfoW
EmptyClipboard
CharLowerBuffW
SetLayeredWindowAttributes
EndDialog
GetMessageW
HideCaret
GetMessagePos
FindWindowW
GetCapture
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
MessageBoxA
GetCursor
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
SetUserObjectInformationW
GetSysColor
DispatchMessageW
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
MenuItemFromPoint
EnableMenuItem
EnumDisplayMonitors
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
SystemParametersInfoW
MonitorFromWindow
FrameRect
MonitorFromRect
wsprintfA
CallWindowProcW
ModifyMenuW
IsCharUpperW
GetFocus
CloseClipboard
SetCursor
GetAncestor
ReplyMessage
TranslateAcceleratorW
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 5
RT_GROUP_CURSOR 1
RT_RCDATA 1
REGINST 1
RT_CURSOR 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
30208

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
REGEDIT.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:04:04 11:44:40+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGEDIT

ProductVersion
6.1.7600.16385

FileDescription
Registry Editor

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
74752

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1830

ObjectFileType
Executable application

File identification
MD5 be394c09f691d93400604c897e2b4b7d
SHA1 5f9e0bae522363867d80a8b55628fe72fbab44f4
SHA256 6dbf9c4695bf4317d86282acdb1d28a5e33e81393f0395c34a5c159250c20d3e
ssdeep
1536:RSm6p0b1vTe3GdGKUXZBCfQ5twTcERcdTyS+w4JKdQ3nhQKJDM+xsag+9L:83gftfQoTcHGS+w4sdQ3OsI+2b+9L

authentihash edc1361bcbbc9cc4a2bb7a0d5662843f905dbf60573abd950307877ccf94bac7
imphash 99974651238a496b444f866146823a3b
File size 106.8 KB ( 109320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-04 13:56:31 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-04 13:56:31 UTC ( 1 month, 2 weeks ago )
File names REGEDIT.EXE
G4_Bi.exe
REGEDIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections