× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74d8515ed339e49d1d6cd23f14d0047ba4c39ffe8796a0d666aa6eab66c912b8
File name: qdABo4.exe
Detection ratio: 50 / 69
Analysis date: 2018-11-27 16:17:06 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40783962 20181127
AegisLab Trojan.Win32.Emotet.4!c 20181127
AhnLab-V3 Trojan/Win32.Emotet.R246431 20181127
ALYac Trojan.GenericKD.40783962 20181127
Arcabit Trojan.Generic.D26E505A 20181127
Avast FileRepMalware 20181127
AVG FileRepMalware 20181127
BitDefender Trojan.GenericKD.40783962 20181127
Bkav HW32.Packed. 20181127
CAT-QuickHeal Trojan.Fuerboos 20181127
ClamAV Win.Trojan.Emotet-6758463-0 20181127
Comodo Malware@#11gs5rdvcxqpd 20181127
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.41ab56 20180225
Cylance Unsafe 20181127
Cyren W32/Emotet.JI.gen!Eldorado 20181127
DrWeb Trojan.EmotetENT.304 20181127
eGambit Unsafe.AI_Score_52% 20181127
Emsisoft Trojan.Emotet (A) 20181127
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNBY 20181127
F-Prot W32/Emotet.JI.gen!Eldorado 20181127
F-Secure Trojan.GenericKD.40783962 20181127
Fortinet W32/GenKryptik.CRRV!tr 20181127
GData Trojan.GenericKD.40783962 20181127
Ikarus Trojan-Banker.Emotet 20181127
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00541eb91 ) 20181127
K7GW Trojan ( 00541eb91 ) 20181127
Kaspersky Trojan-Banker.Win32.Emotet.brjy 20181127
Malwarebytes Trojan.Emotet 20181127
MAX malware (ai score=99) 20181127
McAfee Emotet-FKM!032DF858046E 20181127
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181127
Microsoft Trojan:Win32/Emotet.AC!bit 20181127
eScan Trojan.GenericKD.40783962 20181127
NANO-Antivirus Trojan.Win32.EmotetENT.fkntmo 20181127
Palo Alto Networks (Known Signatures) generic.ml 20181127
Panda Trj/Genetic.gen 20181127
Qihoo-360 HEUR/QVM20.1.63CA.Malware.Gen 20181127
Rising Trojan.Kryptik!1.B4D6 (CLASSIC) 20181127
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181127
Symantec Trojan.Emotet 20181127
Trapmine malicious.high.ml.score 20181126
TrendMicro TSPY_EMOTET.THAABGAH 20181127
TrendMicro-HouseCall TSPY_EMOTET.THAABGAH 20181127
VBA32 BScope.Trojan.Emotet 20181127
Webroot W32.Trojan.Emotet 20181127
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.brjy 20181127
Alibaba 20180921
Antiy-AVL 20181127
Avast-Mobile 20181127
Avira (no cloud) 20181127
Babable 20180918
Baidu 20181127
CMC 20181127
Jiangmin 20181127
Kingsoft 20181127
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181127
Tencent 20181127
TheHacker 20181126
TotalDefense 20181127
Trustlook 20181127
ViRobot 20181127
Yandex 20181127
Zillya 20181126
Zoner 20181127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name kb
Description Sinha
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-13 23:08:05
Entry Point 0x00003140
Number of sections 8
PE sections
PE imports
PrivilegeCheck
JetEndSession
GetSystemWow64DirectoryA
GetCommandLineW
SetTimer
GetForegroundWindow
GetScrollPos
GetDialogBaseUnits
GetClipboardSequenceNumber
IsChild
Number of PE resources by type
RT_STRING 2
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1995:11:13 15:08:05-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3140

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 032df858046ef5eb050782da709526f8
SHA1 9da673241ab565aaefe8246048d8319e1c3da9ad
SHA256 74d8515ed339e49d1d6cd23f14d0047ba4c39ffe8796a0d666aa6eab66c912b8
ssdeep
3072:DFv/kcu5ftITqU6nkhJ8eIqdjY9vezFNG9:DucClmR6G8sSv

authentihash 0d30f6b3a573c330fc3285d7a86f1166df5182a4b41c47ada9b26d8e3955de7e
imphash db4bf0f4bcbc2c346205bbbc25134d23
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-23 06:13:47 UTC ( 3 months ago )
Last submission 2018-11-23 06:13:47 UTC ( 3 months ago )
File names kb
qdABo4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.