× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70cf93703b720789aa697506380d45898630b458f40d08cc65c930b4b69ebfc2
File name: 70cf93703b720789aa697506380d45898630b458f40d08cc65c930b4b69ebfc2
Detection ratio: 16 / 67
Analysis date: 2019-03-15 07:42:16 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190313
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190315
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.e55fb8 20190314
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190315
Fortinet W32/Kryptik.CPES!tr 20190315
Sophos ML heuristic 20190313
Microsoft Trojan:Win32/Fuerboos.C!cl 20190315
Qihoo-360 HEUR/QVM20.1.DAE7.Malware.Gen 20190315
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgMPAP7Qmc8LBQ) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.Malware-Cryptor.Emotet 20190314
Ad-Aware 20190315
AegisLab 20190315
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190315
Antiy-AVL 20190315
Arcabit 20190315
Avast 20190315
Avast-Mobile 20190314
AVG 20190315
Babable 20180918
Baidu 20190306
BitDefender 20190315
Bkav 20190314
CAT-QuickHeal 20190314
ClamAV 20190314
CMC 20190314
Comodo 20190315
Cyren 20190315
DrWeb 20190315
eGambit 20190315
Emsisoft 20190315
F-Prot 20190315
F-Secure 20190315
GData 20190315
Ikarus 20190314
Jiangmin 20190315
K7AntiVirus 20190315
K7GW 20190315
Kaspersky 20190315
Kingsoft 20190315
Malwarebytes 20190315
MAX 20190315
McAfee 20190315
McAfee-GW-Edition 20190315
eScan 20190315
NANO-Antivirus 20190315
Palo Alto Networks (Known Signatures) 20190315
Panda 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190315
Tencent 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
VIPRE 20190312
ViRobot 20190315
Yandex 20190314
Zillya 20190314
ZoneAlarm by Check Point 20190315
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 Qihu 360 Software Co., Ltd.

Product 360 Internet Security
Original name WDSafeDown.exe
Internal name WDSafeDown.exe
File version 2, 0, 0, 1200
Description 360 Internet Security Internet Protection
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:39 PM 3/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 07:37:14
Entry Point 0x000013B0
Number of sections 4
PE sections
Overlays
MD5 c4f4c00e170f93aae127edfed3fe5d2a
File type data
Offset 206336
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
EncodePointer
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCommState
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetCommProperties
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
InterlockedIncrement
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
SetupComm
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SendDlgItemMessageA
CharNextExA
GetDCEx
EnableMenuItem
LoadStringA
DispatchMessageA
GetTopWindow
TranslateAccelerator
SendMessageTimeoutA
CreateIconFromResource
DdeCreateStringHandleA
MessageBoxA
PeekMessageA
SetForegroundWindow
CreateDialogParamA
FlashWindow
GetMessageTime
InvalidateRgn
GetSystemMenu
DestroyWindow
Number of PE resources by type
RT_STRING 21
RT_ICON 3
RT_VERSION 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 26
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.1200

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
360 Internet Security Internet Protection

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
98816

EntryPoint
0x13b0

OriginalFileName
WDSafeDown.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2014 Qihu 360 Software Co., Ltd.

FileVersion
2, 0, 0, 1200

TimeStamp
2019:03:15 08:37:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WDSafeDown.exe

ProductVersion
2, 0, 0, 1200

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Qihu 360 Software Co., Ltd.

CodeSize
106496

ProductName
360 Internet Security

ProductVersionNumber
2.0.0.1200

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c8e33d8e55fb8460149d0177753c0f24
SHA1 9946a95feb4a0e0e1fe8897e7022fe71365d6c47
SHA256 70cf93703b720789aa697506380d45898630b458f40d08cc65c930b4b69ebfc2
ssdeep
3072:o2B7dBvk2GgrQCz+VGUbqPM902yHydV1tTMCU37aEXp:ns29z+VGUQM9UHQzQP37H

authentihash 792b73774929f5477be0c57420dea531a78b072698cc44f5615dc8fc32da7d36
imphash 871b8b6d59c1e6ca20ad1137a5a68497
File size 204.8 KB ( 209672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 07:42:16 UTC ( 1 month, 1 week ago )
Last submission 2019-03-16 04:06:55 UTC ( 1 month, 1 week ago )
File names emotet_e1_70cf93703b720789aa697506380d45898630b458f40d08cc65c930b4b69ebfc2_2019-03-15__074003.exe_
WDSafeDown.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs