× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77357d3d60d10da54c88a0cd56c5976cb77315fdbf289f0c1b170cbb652b1adb
File name: ddaae94591ae9abdcaab768b5ea02d39.virus
Detection ratio: 46 / 65
Analysis date: 2019-03-15 06:20:38 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Agent.DQVN 20190315
AegisLab Hacktool.Win32.Krap.lKMc 20190315
AhnLab-V3 Trojan/Win32.Emotet.R257997 20190314
ALYac Trojan.Agent.DQVN 20190315
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190315
Arcabit Trojan.Agent.DQVN 20190315
Avast Win32:BankerX-gen [Trj] 20190315
AVG Win32:BankerX-gen [Trj] 20190315
Avira (no cloud) TR/Agent.ykrkp 20190315
BitDefender Trojan.Agent.DQVN 20190315
CAT-QuickHeal Trojan.Fuerboos 20190314
CMC Trojan.Win32.Swizzor.1!O 20190314
Comodo TrojWare.Win32.Bunitu.RA@82mfda 20190315
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.2b7f0e 20190109
Cyren W32/Agent.AXA.gen!Eldorado 20190315
DrWeb Trojan.Siggen8.12604 20190315
Emsisoft Trojan.Agent.DQVN (B) 20190315
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQOU 20190315
Fortinet W32/Kryptik.GQOQ!tr 20190315
GData Trojan.Agent.DQVN 20190315
Ikarus Trojan-Banker.Emotet 20190314
Sophos ML heuristic 20190313
K7AntiVirus Riskware ( 0040eff71 ) 20190315
K7GW Riskware ( 0040eff71 ) 20190315
Kaspersky Trojan-Banker.Win32.Emotet.cjco 20190315
Malwarebytes Trojan.Emotet 20190315
MAX malware (ai score=85) 20190315
McAfee Emotet-FMG!DDAAE94591AE 20190315
McAfee-GW-Edition Emotet-FMG!DDAAE94591AE 20190315
Microsoft Trojan:Win32/Emotet!rfn 20190315
eScan Trojan.Agent.DQVN 20190315
Palo Alto Networks (Known Signatures) generic.ml 20190315
Panda Trj/GdSda.A 20190314
Qihoo-360 HEUR/QVM20.1.DA81.Malware.Gen 20190315
Rising Trojan.Kryptik!1.B4D7 (RDM+:cmRtazrKM+wqRedNyqktA666Sais) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Tencent Win32.Trojan.Falsesign.Wvaw 20190315
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.TrojanBanker.Chthonic 20190314
Zillya Trojan.Emotet.Win32.15235 20190314
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cjco 20190315
Alibaba 20190306
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
Bkav 20190314
ClamAV 20190314
eGambit 20190315
F-Secure 20190315
Jiangmin 20190315
Kingsoft 20190315
NANO-Antivirus 20190315
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
ViRobot 20190315
Yandex 20190314
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 AVG Technologies CZ, s.r.o.

Product AVG Internet Security System
Original name aswChLic.exe
Internal name aswChLic
File version 17.3.3443.0
Description aswChLic component
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:20 AM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-05 21:25:14
Entry Point 0x00004DF0
Number of sections 4
PE sections
Overlays
MD5 ea6d7fc2ce75a3ef2d9bbf81365fc175
File type data
Offset 361472
Size 2760
Entropy 7.38
PE imports
RegCreateKeyExW
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
CreatePatternBrush
UpdateColors
DeleteEnhMetaFile
CloseFigure
GetObjectType
SaveDC
GetPolyFillMode
AbortPath
GetDCPenColor
GetTextCharset
GetFontLanguageInfo
CreateCompatibleDC
DeleteObject
AddFontResourceW
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
EnumUILanguagesA
SystemTimeToFileTime
CreateFileMappingW
UnmapViewOfFile
GetSystemInfo
GetOverlappedResult
GlobalFree
ReplaceFile
CompareStringW
IsDBCSLeadByte
SetConsoleOutputCP
GetCurrentProcess
GetVolumeInformationA
FileTimeToDosDateTime
OpenFileMappingW
WritePrivateProfileStringA
CopyFileExA
SetFileTime
GetCommandLineW
GetSystemDefaultLCID
MultiByteToWideChar
GenerateConsoleCtrlEvent
SetEnvironmentVariableW
GetProcAddress
GetNamedPipeHandleStateW
GetFileType
GetTempFileNameW
SetStdHandle
GetModuleHandleA
DosDateTimeToFileTime
CreateDirectoryExW
GetCPInfo
MapViewOfFile
MoveFileExW
SetFilePointer
SetComputerNameW
GetTempPathW
WaitForMultipleObjectsEx
CompareStringA
FindFirstFileW
Module32FirstW
GetPrivateProfileSectionW
CancelTimerQueueTimer
GetThreadSelectorEntry
InitAtomTable
GetTimeZoneInformation
GetCurrentDirectoryW
ResetWriteWatch
OpenSemaphoreA
CreateFileW
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
Sleep
MoveFileW
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
SetLastError
CloseHandle
MapWindowPoints
SetFocus
CharUpperA
GetSysColor
GetParent
EnableWindow
UpdateWindow
EndDialog
LoadBitmapW
GetClassNameW
DefWindowProcW
ReleaseCapture
CharToOemA
CopyRect
WaitForInputIdle
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
GetListBoxInfo
CharToOemBuffA
SetWindowLongW
IsWindow
PeekMessageW
GetMessageTime
DestroyIcon
RegisterClassExW
OpenIcon
IsWindowUnicode
LoadCursorFromFileA
GetMessageExtraInfo
IsMenu
CharToOemBuffW
IsCharAlphaA
wvsprintfA
SendDlgItemMessageW
IsWindowEnabled
GetWindow
PostMessageW
MessageBoxW
SetDlgItemTextW
GetDC
CreateWindowExW
ReleaseDC
GetDoubleClickTime
SendMessageW
EndMenu
DestroyWindow
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
CloseWindow
GetDlgItem
DrawMenuBar
IsCharAlphaNumericW
OemToCharBuffA
InSendMessage
CloseWindowStation
IsCharUpperA
IsClipboardFormatAvailable
CreateMenu
OemToCharA
FindWindowExW
GetWindowRect
DialogBoxParamW
GetClientRect
GetWindowTextW
GetDialogBaseUnits
CloseDesktop
CharUpperW
LoadCursorW
LoadIconW
GetFocus
DispatchMessageW
GetWindowLongW
SetForegroundWindow
GetDlgItemTextW
CharNextW
GetMenuContextHelpId
WindowFromDC
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
341504

ImageVersion
0.0

ProductName
AVG Internet Security System

FileVersionNumber
17.3.3443.0

UninitializedDataSize
0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
aswChLic.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
17.3.3443.0

TimeStamp
2019:03:05 22:25:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aswChLic

ProductVersion
17.3.3443.0

FileDescription
aswChLic component

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2014 AVG Technologies CZ, s.r.o.

MachineType
Intel 386 or later, and compatibles

CompanyName
AVG Technologies CZ, s.r.o.

CodeSize
18944

FileSubtype
0

ProductVersionNumber
17.3.3443.0

EntryPoint
0x4df0

ObjectFileType
Dynamic link library

File identification
MD5 ddaae94591ae9abdcaab768b5ea02d39
SHA1 ba419252b7f0e5d88f9a84cf6ec06ab0e799a7e8
SHA256 77357d3d60d10da54c88a0cd56c5976cb77315fdbf289f0c1b170cbb652b1adb
ssdeep
6144:sU1E2raLUedFWY0KLk368OLFDPMTJYhr64FgwJ:x1E2mLVdFMKL/8OLFPMdV4FgwJ

authentihash f3af91bb7a207628073002deb1174f682ae73b3480b6f02bdb8dbe4c51b10032
imphash 773bc2c9c715cdad81397ce3620a3dcf
File size 355.7 KB ( 364232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 06:20:38 UTC ( 1 month ago )
Last submission 2019-03-15 06:20:38 UTC ( 1 month ago )
File names aswChLic.exe
ddaae94591ae9abdcaab768b5ea02d39.virus
aswChLic
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!