Antivirus scan for 6e1a90681cde4190af07457bcdc63149d2fcf816b5da821dd3b5f997898fe495 at 2018-08-12 18:05:11 UTC

Antivirus	Result	Update
Ad-Aware	Gen:Variant.Razy.374507	20180812
AhnLab-V3	Trojan/Win32.Emotet.R233699	20180812
ALYac	Gen:Variant.Razy.374507	20180812
Arcabit	Trojan.Razy.D5B6EB	20180812
Avast	Win32:GenX	20180812
AVG	Win32:GenX	20180812
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180810
BitDefender	Gen:Variant.Razy.374507	20180812
CAT-QuickHeal	Trojan.Emotet.X4	20180812
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20180723
Cybereason	malicious.430161	20180225
Cylance	Unsafe	20180812
DrWeb	Trojan.EmotetENT.258	20180812
Emsisoft	Gen:Variant.Razy.374507 (B)	20180812
Endgame	malicious (high confidence)	20180730
ESET-NOD32	a variant of Win32/Kryptik.GJRJ	20180812
F-Secure	Gen:Variant.Razy.374507	20180812
Fortinet	W32/Emotet.BAHY!tr	20180812
GData	Win32.Trojan-Spy.Emotet.SU	20180812
Ikarus	Trojan.Win32.Crypt	20180812
Sophos ML	heuristic	20180717
K7GW	Trojan ( 00539fb31 )	20180812
Kaspersky	Trojan-Banker.Win32.Emotet.bahy	20180812
Malwarebytes	Spyware.Emotet	20180812
MAX	malware (ai score=89)	20180812
McAfee	RDN/PWS-Banker	20180812
McAfee-GW-Edition	BehavesLike.Win32.Generic.dt	20180812
Microsoft	Trojan:Win32/Emotet.AC!bit	20180812
Panda	Trj/Emotet.C	20180812
Qihoo-360	Win32/Trojan.c84	20180812
Rising	Trojan.Fuerboos!8.EFC8 (TFE:1:84uMX5PIhTT)	20180812
SentinelOne (Static ML)	static engine - malicious	20180701
Sophos AV	Mal/Generic-S	20180812
Symantec	Trojan.Emotet	20180812
Tencent	Win32.Trojan-banker.Emotet.Sxns	20180812
TrendMicro	TSPY_EMOTET.THHOGAH	20180812
TrendMicro-HouseCall	TSPY_EMOTET.THHOGAH	20180812
Webroot	W32.Trojan.Emotet	20180812
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.bahy	20180812
AegisLab		20180812
Alibaba		20180713
Antiy-AVL		20180812
Avast-Mobile		20180812
Avira (no cloud)		20180812
AVware		20180812
Babable		20180725
Bkav		20180810
ClamAV		20180812
CMC		20180812
Comodo		20180812
Cyren		20180812
eGambit		20180812
F-Prot		20180812
Jiangmin		20180812
K7AntiVirus		20180812
Kingsoft		20180812
eScan		20180812
NANO-Antivirus		20180812
Palo Alto Networks (Known Signatures)		20180812
SUPERAntiSpyware		20180812
Symantec Mobile Insight		20180809
TACHYON		20180812
TheHacker		20180812
TotalDefense		20180812
Trustlook		20180812
VBA32		20180810
VIPRE		20180812
ViRobot		20180812
Yandex		20180810
Zillya		20180812
Zoner		20180811

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-08-06 21:49:12

Entry Point 0x000018BE

Number of sections 6

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.CRT 4096 10298 12288 5.71 113e0bc794e2886c91366e79b7aa88db

.rdata 16384 13360 14336 3.06 7a1697aa9bfd5fb6f82d3fd06180f31f

.data 32768 114996 112640 1.71 29bb2be94ef2d333b026a23e2851b9a1

CONST 151552 106972 108544 7.43 be88acaffa7b5a0080f0cb2bf70d3d87

.rsrc 262144 13920 14336 3.74 511394fcf14fff465dd8ec9b95213499

.reloc 278528 4240 6144 4.86 1ca81e0c0040d711ccdeaaf73d3ad5b9

PE imports

Number of PE resources by type

RT_STRING 15

RT_BITMAP 13

Number of PE resources by language

NEUTRAL 26

CHINESE TRADITIONAL 1

SPANISH 1

PE resources

0f5248f16fe2b1e73aa9be760a6f0bef933dc09e3cc6d8a8958eae1ce0bd0f97 data

1393255f51eb7f6ba1846c66ef93761f14661368eba6f110d2e34903e3653d2e ASCII text

17b07efdaa0a29047984ccc097bbbe258ffcb76dad8ea803f14e5473ec77791c ASCII text

2cb60d7d674640457497f54b82b42afaa8a2cbd7c28a1aae35f128b4471cfaaa data

369c5223029ea6d1b17b7f24a8d84c10f528457e79be3349a6c55efd0e8f0e02 ASCII text

3a0969803f248355c08a55fb93099ab7616142cd95b50750d3d0fb461e319448 ASCII text

3cf8dd24fcb6e2b44ee8af90436ccf5ff6876969031ee19d62ca7b6040b9675a ASCII text

4a217ca811d9c29363ead1d67b7ffa0f6e8b8e1d1a068730f4f7d557c3710b44 data

4ae8b4d06d5719e7f792fafdb8ecb1772862ca78d4747dbe7c17903c25f2f580 ASCII text

4f72c53f3bac49ce0b7c248152479a14e383a90c9fe95edbddec9f03784ca698 data

Debug information

Type Timestamp Offset Size

4359600 (4359600) Wed Feb 18 18:21:50 1970 1642399902 512450181 Bytes

1564706927 (1564706927) Sun Jan 25 03:43:36 2093 0 3328823049 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:08:06 21:49:12+00:00

FileType

Win32 EXE

PEType

PE32

CodeSize

12288

LinkerVersion

15.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x18be

InitializedDataSize

260096

SubsystemVersion

5.1

ImageVersion

0.0

OSVersion

5.0

UninitializedDataSize

File identification

MD5 c38084203066e0b2ef4f911db7730973

SHA1 b977af14301618e95f9ce21d1b27fbbe1afede03

SHA256 6e1a90681cde4190af07457bcdc63149d2fcf816b5da821dd3b5f997898fe495

ssdeep

3072:z+wBrtDDlT/u8LQP/IOoCfv6Tsxnzpqw2uuxRxViaIW95+1+YEPg42W:z+w/1mdP/LSTQlJfuxnVidW9EoN

authentihash bc17ad04dee6fca44b88e0e346bbb2f692cbf15cde3ad10c39db2199241d813c

imphash abb742391c2c9bc2f49b38db2af894b0

File size 264.0 KB ( 270336 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-08-12 18:05:11 UTC ( 6 months, 1 week ago )

Last submission 2018-08-12 18:05:11 UTC ( 6 months, 1 week ago )

SHA256:	6e1a90681cde4190af07457bcdc63149d2fcf816b5da821dd3b5f997898fe495
File name:	c38084203066e0b2ef4f911db7730973
Detection ratio:	39 / 68
Analysis date:	2018-08-12 18:05:11 UTC ( 6 months, 1 week ago ) View latest

Ciphered bundle