× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6eb52505f2ac6e70f5c84a910822806d2f068cc533b5a066c646567cad5b40db
File name: emotet_e2_6eb52505f2ac6e70f5c84a910822806d2f068cc533b5a066c646567...
Detection ratio: 43 / 66
Analysis date: 2019-03-26 05:16:07 UTC ( 2 months ago )
Antivirus Result Update
Acronis suspicious 20190325
Ad-Aware Trojan.Agent.DSGK 20190326
AegisLab Hacktool.Win32.Krap.lKMc 20190326
AhnLab-V3 Malware/Win32.Generic.C3121232 20190326
ALYac Trojan.Agent.DSGK 20190326
Arcabit Trojan.Agent.DSGK 20190325
Avast Win32:DangerousSig [Trj] 20190326
AVG Win32:DangerousSig [Trj] 20190326
Avira (no cloud) TR/Crypt.Agent.wweoa 20190325
BitDefender Trojan.Agent.DSGK 20190326
ClamAV Win.Malware.Emotet-6906357-0 20190325
Comodo Malware@#qgseiewqaatr 20190326
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.e32df8 20190325
Cyren W32/Trojan.XOVI-2961 20190326
DrWeb Trojan.MulDrop9.5592 20190326
Emsisoft Trojan.Agent.DSGK (B) 20190326
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.YHT 20190326
F-Secure Trojan.TR/Crypt.Agent.wweoa 20190325
FireEye Generic.mg.629c23fe32df8bb9 20190326
Fortinet W32/Krypik.YHT!tr 20190326
GData Trojan.Agent.DSGK 20190326
Ikarus Trojan-Banker.Emotet 20190325
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0034323e1 ) 20190325
K7GW Trojan ( 0034323e1 ) 20190326
Kaspersky Trojan-Banker.Win32.Emotet.crwf 20190326
MAX malware (ai score=84) 20190326
McAfee Emotet-FMI!629C23FE32DF 20190326
McAfee-GW-Edition Emotet-FMI!629C23FE32DF 20190325
Microsoft Trojan:Win32/Pynamer.A!ac 20190326
eScan Trojan.Agent.DSGK 20190326
Palo Alto Networks (Known Signatures) generic.ml 20190326
Panda Trj/GdSda.A 20190325
Qihoo-360 HEUR/QVM20.1.0BFF.Malware.Gen 20190326
Rising Trojan.Kryptik!8.8 (CLOUD) 20190326
Sophos AV Mal/Emotet-Q 20190326
Tencent Win32.Trojan.Falsesign.Wnwm 20190326
Trapmine malicious.moderate.ml.score 20190325
TrendMicro-HouseCall TROJ_GEN.R049C0OCP19 20190326
VBA32 BScope.Malware-Cryptor.Emotet 20190325
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.crwf 20190326
Alibaba 20190306
Antiy-AVL 20190326
Avast-Mobile 20190325
Babable 20180918
Baidu 20190318
Bkav 20190326
CAT-QuickHeal 20190325
CMC 20190321
eGambit 20190326
Jiangmin 20190326
Kingsoft 20190326
Malwarebytes 20190326
NANO-Antivirus 20190326
SentinelOne (Static ML) 20190317
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190325
TACHYON 20190326
TheHacker 20190324
TotalDefense 20190325
Trustlook 20190326
ViRobot 20190325
Yandex 20190324
Zillya 20190324
Zoner 20190326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name memdefrag.exe
Internal name memdefrag.exe
File version 5, 0, 0, 3
Description Memory Defrager
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:16 AM 3/26/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-23 17:58:13
Entry Point 0x00001550
Number of sections 4
PE sections
Overlays
MD5 6abdf9d199484061d836d47968731b43
File type data
Offset 180736
Size 3336
Entropy 7.34
PE imports
RegOpenKeyA
InitCommonControlsEx
_TrackMouseEvent
GetFontLanguageInfo
LineDDA
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetDriveTypeW
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
LoadLibraryExW
VerifyVersionInfoW
FreeEnvironmentStringsW
MultiByteToWideChar
lstrcatW
GetThreadContext
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
IsDBCSLeadByteEx
GetCPInfo
GetProcAddress
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
ResumeThread
EnumDateFormatsW
GetExitCodeProcess
LocalFree
FormatMessageW
GetThreadPriority
GetTimeZoneInformation
LoadResource
FatalExit
GetLogicalDriveStringsW
FindClose
DeleteCriticalSection
QueryDosDeviceW
MoveFileW
GetFullPathNameW
GetStringTypeExA
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
ConnectNamedPipe
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
ReadFile
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
Beep
IsDebuggerPresent
ExitProcess
GetVersionExA
SwitchToThread
GetModuleFileNameA
GetStringTypeExW
RaiseException
SetThreadPriority
GetCalendarInfoW
EnumSystemLocalesW
InterlockedDecrement
GetTempFileNameA
EnumCalendarInfoW
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
DisconnectNamedPipe
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetFileInformationByHandle
ExitThread
MoveFileExA
SetEnvironmentVariableA
WaitForMultipleObjectsEx
GlobalMemoryStatus
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
AssignProcessToJobObject
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetSystemTimes
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GlobalSize
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetDateFormatW
SetErrorMode
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetSystemInfo
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
GetTimeFormatW
WriteFile
WaitNamedPipeW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
ResetEvent
GetComputerNameExW
GetComputerNameA
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
lstrcpyn
InterlockedIncrement
GetLastError
LCMapStringW
LocalReAlloc
SystemTimeToFileTime
CreateFileMappingW
GetShortPathNameW
UnmapViewOfFile
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
OpenEventW
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
VirtualFree
GetCPInfoExW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
VerSetConditionMask
InterlockedCompareExchange
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
UnhandledExceptionFilter
TerminateProcess
MapViewOfFile
TlsFree
GetModuleHandleA
Module32NextW
GlobalFlags
CloseHandle
GetACP
GlobalLock
GetVersion
FreeResource
FileTimeToLocalFileTime
GetFileAttributesExW
SetStdHandle
SizeofResource
TlsGetValue
CompareFileTime
HeapCreate
FindResourceW
VirtualQuery
CreateProcessW
Sleep
IsBadReadPtr
LocalShrink
SystemTimeToTzSpecificLocalTime
GlobalHandle
VirtualAlloc
GetOEMCP
CompareStringA
SHPathPrepareForWriteA
DoEnvironmentSubstA
ShellExecuteEx
ShellExecuteW
SHGetDiskFreeSpaceExA
SHBrowseForFolder
ShellExecuteExW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrRChrIA
PathFindFileNameW
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassA
UnregisterClassW
GetClientRect
DefWindowProcW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetWindowTextW
CopyAcceleratorTableW
GetTopWindow
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
DestroyWindow
IsIconic
GetSubMenu
SetTimer
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
GetClassInfoW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
SetFocus
DrawIcon
KillTimer
ClipCursor
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
RemovePropW
ClientToScreen
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetCapture
MessageBeep
GetWindowThreadProcessId
MessageBoxW
GetMenu
UnhookWindowsHookEx
MoveWindow
GetWindowDC
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
EnableMenuItem
IsWindowVisible
WinHelpW
SystemParametersInfoW
DispatchMessageW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
ValidateRect
IsRectEmpty
GetFocus
SetCursor
GetMenuCheckMarkDimensions
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 5
RT_DIALOG 4
RT_BITMAP 4
RT_RCDATA 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 27
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.3

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Memory Defrager

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
174592

EntryPoint
0x1550

OriginalFileName
memdefrag.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

FileVersion
5, 0, 0, 3

TimeStamp
2019:03:23 18:58:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
memdefrag.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
5120

ProductName
Glary Utilities

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 629c23fe32df8bb9eb4f56f88e66208f
SHA1 67b7da80f1c8c027e79a685f4fac4f70124446c1
SHA256 6eb52505f2ac6e70f5c84a910822806d2f068cc533b5a066c646567cad5b40db
ssdeep
3072:344AJ4GLyfzK0R5vPNHYa0z8MHBp4Aq3npm9mX1YEXVWFsjffffffffffffffffK:ozLyfzX9PRYP4WRCnYsFpjfffffffffy

authentihash 67a236756be080058a183a16afca3df6a6ad131f8b25095630ea0c1750c0da4e
imphash ad8aabff47c1fe2ba3a9d3af7611fede
File size 179.8 KB ( 184072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-23 18:17:06 UTC ( 2 months ago )
Last submission 2019-03-26 05:16:07 UTC ( 2 months ago )
File names emotet_e2_6eb52505f2ac6e70f5c84a910822806d2f068cc533b5a066c646567cad5b40db_2019-03-23__180502.exe_
memdefrag.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections