× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70fe811e7c16fc8f42d80d704349819eb9044af3e858ce1c6e8875563a6f0817
File name: 70fe811e7c16fc8f42d80d704349819eb9044af3e858ce1c6e8875563a6f0817
Detection ratio: 12 / 66
Analysis date: 2019-02-22 23:07:54 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190223
Endgame malicious (high confidence) 20190215
Sophos ML heuristic 20181128
Malwarebytes Trojan.Emotet 20190222
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20190222
Microsoft Trojan:Win32/Fuerboos.A!cl 20190222
Qihoo-360 HEUR/QVM20.1.6863.Malware.Gen 20190223
Rising Trojan.Kryptik!8.8/N3#98% (RDM+:cmRtazosFW5RLFpa7Hejv81lmtTW) 20190222
SentinelOne (Static ML) static engine - malicious 20190203
Symantec Packed.Generic.517 20190222
Ad-Aware 20190222
AegisLab 20190222
AhnLab-V3 20190222
Alibaba 20180921
ALYac 20190222
Antiy-AVL 20190222
Arcabit 20190222
Avast 20190222
Avast-Mobile 20190222
AVG 20190222
Avira (no cloud) 20190222
Babable 20180918
Baidu 20190215
BitDefender 20190222
CAT-QuickHeal 20190222
ClamAV 20190222
CMC 20190222
Comodo 20190222
Cybereason 20190109
Cyren 20190222
DrWeb 20190222
eGambit 20190223
Emsisoft 20190222
ESET-NOD32 20190222
F-Secure 20190222
Fortinet 20190222
GData 20190222
Ikarus 20190222
Jiangmin 20190222
K7AntiVirus 20190222
K7GW 20190222
Kaspersky 20190222
Kingsoft 20190223
MAX 20190223
McAfee 20190222
eScan 20190222
NANO-Antivirus 20190222
Palo Alto Networks (Known Signatures) 20190223
Panda 20190222
Sophos AV 20190222
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190222
Tencent 20190223
TheHacker 20190217
TotalDefense 20190222
Trapmine 20190123
Trustlook 20190223
VBA32 20190222
VIPRE 20190222
ViRobot 20190222
Webroot 20190223
Yandex 20190222
ZoneAlarm by Check Point 20190222
Zoner 20190222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name IEDKCS32.DLL
Internal name IEDKCS32
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft Internet Explorer Customization DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-23 07:00:35
Entry Point 0x00002BDD
Number of sections 5
PE sections
PE imports
LockServiceDatabase
JetRetrieveColumn
GetVolumePathNameW
LocalReAlloc
FreeLibraryAndExitThread
IsValidLocaleName
GetProfileSectionW
GetCommState
GetCommandLineW
SetProcessWorkingSetSize
DeleteTimerQueueEx
CloseHandle
SetNamedPipeHandleState
GetLocalTime
VarCyFromI1
VarCyCmpR8
VarCyFromR8
RasGetAutodialAddressA
SHAutoComplete
InsertMenuA
MapDialogRect
SwitchToThisWindow
HideCaret
GetDesktopWindow
GetMenuContextHelpId
CloseWindowStation
mixerGetDevCapsW
DeletePrinterDriverExW
Number of PE resources by type
RT_STRING 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
16.0.2900.2180

UninitializedDataSize
131072

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
IEDKCS32.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2019:02:23 08:00:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEDKCS32

ProductVersion
6.00.2900.2180

FileDescription
Microsoft Internet Explorer Customization DLL

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
0

ProductVersionNumber
6.0.2900.2180

EntryPoint
0x2bdd

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 364905239f6de57c28451f5c2deb1207
SHA1 61fc4fa777ad935b2e5fd7ddc76a58c3e145a131
SHA256 70fe811e7c16fc8f42d80d704349819eb9044af3e858ce1c6e8875563a6f0817
ssdeep
1536:uBMiFo+iAxq0QOXmF0+Vda5DL5y0AMsbUc7t5fO7yKbT9q4j5O0gOaMsIXafVfjT:e8+i0X+dapL5ERLmekqaETlGOf4xA

authentihash 4d7b25e33f00aec1d7e61ae51058e666ef2885214f2cfe7f574148093e6d99b6
imphash 39ae5a10243f33534a6e0dd78a26ba82
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-22 23:07:54 UTC ( 2 months ago )
Last submission 2019-02-24 00:06:47 UTC ( 1 month, 4 weeks ago )
File names 2QqQX9jLII5.exe
0m1S1whCyuDM.exe
Mnm4OPUgIP.exe
d9v5syRA1d.exe
d71XBnfzO0Ab.exe
880.exe
IEDKCS32
emotet_e1_70fe811e7c16fc8f42d80d704349819eb9044af3e858ce1c6e8875563a6f0817_2019-02-23__004501.exe_
IEDKCS32.DLL
70fe811e7c16fc8f42d80d704349819eb9044af3e858ce1c6e8875563a6f0817.exe
PIaeY8YXhWAg.exe
rLMWzpp8.exe
KILjjYY3.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!