× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7808b4f12f445b011bf13bda37ef1391df30f6390b8b214639fdd2cb3df86d99
File name: 29615792.exe
Detection ratio: 34 / 69
Analysis date: 2018-10-01 04:36:58 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40547901 20181001
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181001
Arcabit Trojan.Generic.D26AB63D 20181001
Avast Win32:Malware-gen 20181001
AVG Win32:Malware-gen 20181001
BitDefender Trojan.GenericKD.40547901 20181001
Bkav HW32.Packed. 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180930
ClamAV Win.Trojan.Emotet-6699550-0 20181001
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.daac52 20180225
Cylance Unsafe 20181001
Emsisoft Trojan.GenericKD.40547901 (B) 20181001
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CMRG 20181001
F-Secure Trojan.GenericKD.40547901 20181001
Fortinet W32/Generic.AP.1FF3C4!tr 20181001
GData Win32.Trojan-Spy.Emotet.B2MFFD 20181001
Ikarus Win32.Outbreak 20180930
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bfqy 20181001
McAfee RDN/Generic.dx 20181001
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20181001
Microsoft Trojan:Win32/Fuerboos.A!cl 20181001
eScan Trojan.GenericKD.40547901 20181001
NANO-Antivirus Virus.Win32.Gen.ccmw 20181001
Palo Alto Networks (Known Signatures) generic.ml 20181001
Qihoo-360 Win32/Trojan.0e5 20181001
Rising Trojan.Emotet!8.B95 (CLOUD) 20181001
Sophos AV Mal/EncPk-ANR 20181001
Symantec Packed.Generic.517 20180930
TrendMicro TROJ_GEN.R002C0OIU18 20181001
TrendMicro-HouseCall TROJ_GEN.R002C0OIU18 20181001
Webroot W32.Trojan.Emotet 20181001
AegisLab 20181001
Alibaba 20180921
ALYac 20181001
Antiy-AVL 20181001
Avast-Mobile 20180928
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
CMC 20181001
Comodo 20181001
Cyren 20181001
DrWeb 20181001
eGambit 20181001
F-Prot 20181001
Jiangmin 20181001
K7AntiVirus 20181001
K7GW 20180930
Kingsoft 20181001
Malwarebytes 20181001
MAX 20181001
Panda 20180930
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20181001
Tencent 20181001
TheHacker 20181001
TotalDefense 20180930
Trustlook 20181001
VBA32 20180928
VIPRE 20181001
ViRobot 20180930
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x00001428
Number of sections 6
PE sections
PE imports
ImpersonateAnonymousToken
InitiateSystemShutdownW
EnumServicesStatusA
OpenCluster
GetNodeClusterState
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptQueryObject
SetTextAlign
SelectObject
GetTextColor
CreateEllipticRgn
EnumSystemCodePagesW
TransmitCommChar
UnregisterWait
FindFirstChangeNotificationA
IsSystemResumeAutomatic
LocalFlags
GetNamedPipeServerProcessId
CreateFileW
lstrlenW
PulseEvent
Sleep
FlsGetValue
GetProcessPriorityBoost
ReadFileEx
GetCommandLineA
RemoveVectoredExceptionHandler
InterlockedIncrement
VarR4FromDate
GetCurrentPowerPolicies
SHCreateShellItem
StrSpnA
ToUnicodeEx
SetDlgItemInt
IsClipboardFormatAvailable
GetForegroundWindow
GetWindowLongA
GetKeyboardLayout
LoadCursorA
CreateIcon
BroadcastSystemMessageA
SetProcessDPIAware
ToUnicode
GetMessageW
IsWindowEnabled
GetWindow
GetProcessWindowStation
CreateAcceleratorTableA
ActivateKeyboardLayout
IsCharAlphaA
waveOutGetPitch
waveInGetDevCapsW
CryptCATGetCatAttrInfo
FindCertsByIssuer
ungetc
realloc
perror
OleIsCurrentClipboard
PdhBrowseCountersW
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:10:31 22:05:43-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1428

InitializedDataSize
122880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 48f5e0bc201fa94c78cff7f7d028fb1d
SHA1 931a43cdaac52e72f01f44b6c4bf9e659f13ad7a
SHA256 7808b4f12f445b011bf13bda37ef1391df30f6390b8b214639fdd2cb3df86d99
ssdeep
3072:QsIF0SYL59AyW0K/P2iWJVzbcWhoCLlCh42:rIFOPACK/uiMBbRoAC

authentihash 6e3156cb1773bd5b8df16a0d9cee0413fad9813f3e791142185fe88dc5ef8351
imphash eed7759b906e749258867af842add317
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-30 16:51:38 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-02 10:32:31 UTC ( 4 months, 2 weeks ago )
File names 29615792.exe
zVIeqhgg.exe
0Ab5mje5.exe
zVIeqhgg.exe
30664600.exe
output.114199812.txt
SaGF0u59.exe
0Ab5mje5.exe
42985976.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!