× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 732adbc5d8838bb0303e6b9a1e9906edb9eaf1283a88685122a2a8c6ac6fb1d6
File name: Okt5R63lAxDwBv.exe
Detection ratio: 36 / 67
Analysis date: 2018-07-02 20:28:43 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31035046 20180702
AegisLab Packer.Generic!c 20180702
Avast FileRepMalware 20180702
AVG FileRepMalware 20180702
Avira (no cloud) TR/Crypt.Agent.nflkv 20180702
Babable Malware.HighConfidence 20180406
BitDefender Trojan.GenericKD.31035046 20180702
Bkav HW32.Packed.C798 20180702
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180702
Cyren W32/Trojan.BNJ.gen!Eldorado 20180702
Emsisoft Trojan.Emotet (A) 20180702
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIJI 20180702
F-Prot W32/Trojan.BNJ.gen!Eldorado 20180702
F-Secure Trojan.GenericKD.31035046 20180702
Fortinet W32/Kryptik.GIHY!tr 20180702
GData Win32.Trojan-Spy.Emotet.N9TH3H 20180702
Ikarus Trojan.Win32.Crypt 20180702
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Dovs.ozi 20180702
Malwarebytes Trojan.Emotet 20180702
MAX malware (ai score=88) 20180702
McAfee Emotet-FHR!33D0120D7A52 20180702
Microsoft Trojan:Win32/Emotet.AC!bit 20180702
eScan Trojan.GenericKD.31035046 20180702
Palo Alto Networks (Known Signatures) generic.ml 20180702
Panda Trj/RnkBend.A 20180702
Qihoo-360 HEUR/QVM20.1.39C0.Malware.Gen 20180702
Rising Trojan.Kryptik!8.8 (CLOUD) 20180702
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180702
Symantec Packed.Generic.517 20180702
TrendMicro-HouseCall TROJ_GEN.R020H05G218 20180702
Webroot W32.Trojan.Emotet 20180702
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180702
AhnLab-V3 20180702
Alibaba 20180702
ALYac 20180702
Antiy-AVL 20180702
Arcabit 20180702
Avast-Mobile 20180702
AVware 20180702
Baidu 20180702
CAT-QuickHeal 20180702
ClamAV 20180702
CMC 20180702
Comodo 20180702
Cybereason 20180225
DrWeb 20180702
eGambit 20180702
Jiangmin 20180702
K7AntiVirus 20180702
K7GW 20180702
Kingsoft 20180702
McAfee-GW-Edition 20180702
NANO-Antivirus 20180702
SUPERAntiSpyware 20180702
TACHYON 20180702
Tencent 20180702
TheHacker 20180628
TrendMicro 20180702
Trustlook 20180702
VBA32 20180629
VIPRE 20180702
ViRobot 20180702
Yandex 20180702
Zillya 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-02 10:10:20
Entry Point 0x00012CFF
Number of sections 5
PE sections
PE imports
GetThreadId
GetUserDefaultLCID
GetTickCount
VarCyMul
CoGetCallerTID
ReleaseBindInfo
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x12cff

MIMEType
application/octet-stream

TimeStamp
2018:07:02 11:10:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
13.33.111

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QweWWWemiconductor Corporation

CodeSize
77312

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 33d0120d7a52940c942f07a2c5583a76
SHA1 47e22fa72eec1e4f0110e0c5c87c968d6c49d433
SHA256 732adbc5d8838bb0303e6b9a1e9906edb9eaf1283a88685122a2a8c6ac6fb1d6
ssdeep
1536:UVw4KcTRbTipprbz5KdpP5yB3zMnXNDv8kDTK/64vB+:Uq4lRXyfY7x0D8XFv8kK/6wB

authentihash 8ac2743e60ec00f2e03c7c4b0e035144eb5cbb8c5b96e04918de46b17e611e39
imphash 06eac660727cf3e58937693af41dcd6c
File size 90.5 KB ( 92672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-02 03:23:34 UTC ( 7 months, 3 weeks ago )
Last submission 2018-07-02 03:23:34 UTC ( 7 months, 3 weeks ago )
File names Okt5R63lAxDwBv.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!