× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 730e803fb01d464c3e095386a0e87dd187e85d760ccd9729959ec0fb89a66834
File name: 361FD5BF.exe
Detection ratio: 37 / 67
Analysis date: 2018-11-13 15:20:39 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Injector.C2828853 20181113
Arcabit Trojan.Autoruns.GenericS.D1DE67CD 20181113
Avast Win32:BankerX-gen [Trj] 20181113
AVG Win32:BankerX-gen [Trj] 20181113
BitDefender Trojan.Autoruns.GenericKDS.31352781 20181113
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181113
Cyren W32/Trojan.NQMP-4817 20181113
DrWeb Trojan.EmotetENT.292 20181113
Emsisoft Trojan.Emotet (A) 20181113
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMQN 20181113
F-Prot W32/Emotet.IZ.gen!Eldorado 20181113
F-Secure Trojan.Autoruns.GenericKDS.31352781 20181113
Fortinet W32/Kryptik.GMQN!tr 20181113
GData Win32.Trojan-Spy.Emotet.7W1157 20181113
Ikarus Trojan-Banker.Emotet 20181113
Sophos ML heuristic 20181108
Kaspersky Trojan-Banker.Win32.Emotet.bppc 20181113
Malwarebytes Trojan.Emotet 20181113
McAfee RDN/Generic.grp 20181113
McAfee-GW-Edition Artemis!Trojan 20181113
Microsoft Trojan:Win32/Emotet!rfn 20181113
eScan Trojan.Autoruns.GenericKDS.31352781 20181113
NANO-Antivirus Virus.Win32.Gen.ccmw 20181113
Palo Alto Networks (Known Signatures) generic.ml 20181113
Panda Trj/Emotet.C 20181113
Qihoo-360 HEUR/QVM20.1.2D6A.Malware.Gen 20181113
Rising Trojan.Emotet!8.B95 (CLOUD) 20181113
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181113
Symantec ML.Attribute.HighConfidence 20181113
TrendMicro TSPY_EMOTET.OIBEAZ 20181113
TrendMicro-HouseCall TSPY_EMOTET.OIBEAZ 20181113
VBA32 Malware-Cryptor.Limpopo 20181113
Webroot W32.Trojan.Emotet 20181113
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181113
Ad-Aware 20181112
AegisLab 20181113
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Avast-Mobile 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
Cybereason 20180225
eGambit 20181113
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181113
Kingsoft 20181113
MAX 20181113
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TotalDefense 20181113
Trustlook 20181113
ViRobot 20181113
Yandex 20181112
Zillya 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft ActiveSync
Original name CEUTIL.DLL
Internal name Ceutil
File version 6.1.7600.
Description Registry Utility Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-13 05:48:26
Entry Point 0x0000DADA
Number of sections 6
PE sections
PE imports
SetTextJustification
StrokePath
FlattenPath
GetTempPathA
GetModuleHandleA
FlsFree
GlobalFindAtomW
DdeFreeStringHandle
CallMsgFilterA
SetRect
DrawTextA
TranslateAcceleratorA
FindFirstPrinterChangeNotification
memset
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
56320

SubsystemVersion
5.0

LinkerVersion
6.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
3.5.0.1176

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Registry Utility Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
380928

PrivateBuild
Development Build

EntryPoint
0xdada

OriginalFileName
CEUTIL.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.

TimeStamp
2018:11:12 21:48:26-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ceutil

ProductVersion
6.1.760

UninitializedDataSize
4294963199

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft and Windows are registered trademarks of Microsoft Corporation.

ProductName
Microsoft ActiveSync

ProductVersionNumber
3.5.0.1176

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fbe75994b790eba7a36962d53285eea2
SHA1 79681e3fde13a3b08802cf64fd5b9ef6d78d6591
SHA256 730e803fb01d464c3e095386a0e87dd187e85d760ccd9729959ec0fb89a66834
ssdeep
3072:o8/13dhiHSUy1ukCvNWU3K1ldSmuhkfBjnvHD7umEladPruxOyvs:oi3iyUUjCvTK1ldukpjnvklaprwOk

authentihash 142c7ffd475537eebf8b107dba807efa44dfab4c96488c4d77232d3b34fd03d8
imphash 41903a89c022293949c5aa99f7924b35
File size 419.0 KB ( 429056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-13 05:54:36 UTC ( 3 months, 1 week ago )
Last submission 2018-11-13 20:37:52 UTC ( 3 months, 1 week ago )
File names WLV2SBtp2r.exe
kW9yqj67O.exe
361FD5BF.exe
dividernotices.exe
Nu041sfkss.exe
componrestart_.exe_
Ye1zuSeYyA.exe
CEUTIL.DLL
8D25B28D.exe--
X1SpbwSnH.exe
MtdkPoBTfscI.exe
t6T3QJuVbad.exe
DBF68AC0.exe
31712280.exe
25354880.exe---
shooterdsm(31).gxe
5fKMo3XBkVRs.exe
Ceutil
H0blG1BtDXn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!