× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 779b41964fd74f8601d09a28f87c3dabb565063373051a89388c56c5d9b3f76d
File name: 779b41964fd74f8601d09a28f87c3dabb565063373051a89388c56c5d9b3f76d
Detection ratio: 25 / 67
Analysis date: 2018-11-30 11:02:58 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.4!c 20181130
Avast FileRepMalware 20181130
AVG FileRepMalware 20181130
CAT-QuickHeal Trojan.Emotet.X4 20181130
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181130
Emsisoft Trojan.Emotet (A) 20181130
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNFC!tr 20181130
Ikarus Win32.Outbreak 20181130
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c2ba1 ) 20181130
K7GW Trojan ( 0053c2ba1 ) 20181130
Kaspersky UDS:DangerousObject.Multi.Generic 20181130
McAfee Emotet-FKN!B4FDBFE7A9BA 20181130
Microsoft Trojan:Win32/Emotet.AC!bit 20181130
Palo Alto Networks (Known Signatures) generic.ml 20181130
Panda Trj/Genetic.gen 20181129
Qihoo-360 HEUR/QVM20.1.8CDC.Malware.Gen 20181130
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazp6aS2huLDb0VBCXTaZDUp0) 20181130
Sophos AV Mal/Generic-S 20181130
Symantec Packed.Generic.517 20181129
Trapmine malicious.high.ml.score 20181128
Webroot W32.Trojan.Emotet 20181130
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181130
Ad-Aware 20181130
AhnLab-V3 20181130
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181130
Avast-Mobile 20181130
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
BitDefender 20181130
Bkav 20181129
ClamAV 20181130
CMC 20181129
Comodo 20181130
Cyren 20181130
DrWeb 20181130
eGambit 20181130
ESET-NOD32 20181130
F-Prot 20181130
F-Secure 20181130
GData 20181130
Jiangmin 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
McAfee-GW-Edition 20181130
eScan 20181130
NANO-Antivirus 20181130
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181130
Tencent 20181130
TheHacker 20181129
TrendMicro 20181130
TrendMicro-HouseCall 20181130
Trustlook 20181130
VBA32 20181130
ViRobot 20181130
Yandex 20181129
Zillya 20181129
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Low Corporation

Product Microsoft®
Internal name securit
File version 3.00.
Description V
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-30 09:45:42
Entry Point 0x00063CFD
Number of sections 5
PE sections
PE imports
PrivilegeCheck
ImpersonateLoggedOnUser
GetNamedSecurityInfoW
AVIStreamReadFormat
SetWorldTransform
CreatePen
CreateBrushIndirect
ImmSetOpenStatus
GetNativeSystemInfo
GetNamedPipeClientProcessId
FreeConsole
GetEnvironmentStrings
GetTimeZoneInformation
GetStringScripts
GetProcessWorkingSetSize
SetTapeParameters
GetLogicalDrives
GetComputerNameA
GetEnvironmentStringsW
GetCompressedFileSizeA
GetModuleHandleW
I_RpcBindingInqLocalClientPID
SetupOpenInfFileA
SetupDiDestroyDriverInfoList
StrChrNW
SHIsLowMemoryMachine
DrawTextExW
DdeConnect
LoadBitmapA
mixerClose
gethostbyname
fsetpos
HPALETTE_UserMarshal
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
V

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
26112

EntryPoint
0x63cfd

MIMEType
application/octet-stream

LegalCopyright
Low Corporation

FileVersion
3.00.

TimeStamp
2018:11:30 01:45:42-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
securit

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
411136

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b4fdbfe7a9ba7174df4214b8aabdd4d7
SHA1 070165970bbe2fd2c870dbadb7d914d389568b20
SHA256 779b41964fd74f8601d09a28f87c3dabb565063373051a89388c56c5d9b3f76d
ssdeep
1536:0bO/pIyb4N7a0SGx7o0CEL6x2Dc2Ktdw+vkl9wUFtvSybSVpT/Ra3yWEiDL4TH3U:LIX7aVGtCm68D0g+vkvwG83zccHTH3U

authentihash af7127081a0ea690be77ba9ea1de99a66c288630f3682d31f1d35603ab336d91
imphash 435fd428e6f267d3121604846b07b283
File size 421.0 KB ( 431104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-30 09:50:38 UTC ( 5 months, 2 weeks ago )
Last submission 2018-11-30 11:42:57 UTC ( 5 months, 2 weeks ago )
File names HhSteXLwlVaI.exe
vmxxe3mc7nK.exe
UvScoFrH1.exe
Bln1l3gZ.exe
heZ4QOvU.exe
Jdp75aUZE66K.exe
b4fdbfe7a9ba7174df4214b8aabdd4d7_exe
securit
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!