× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78a2de239d871a04204f6c8884ecffacbd3e51ae6af20c2f89d75ab09427125d
File name: 78a2de239d871a04204f6c8884ecffacbd3e51ae6af20c2f89d75ab09427125d
Detection ratio: 45 / 69
Analysis date: 2018-12-26 11:11:09 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.GenericKD.40842744 20181226
AegisLab Trojan.Win32.Generic.4!c 20181226
AhnLab-V3 Malware/Win32.Trojanspy.C2899840 20181226
ALYac Trojan.GenericKD.40842744 20181226
Arcabit Trojan.Generic.D26F35F8 20181226
Avast Win32:BankerX-gen [Trj] 20181226
AVG Win32:BankerX-gen [Trj] 20181226
BitDefender Trojan.GenericKD.40842744 20181226
Bkav HW32.Packed. 20181224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181226
Cyren W32/Emotet.LE.gen!Eldorado 20181226
DrWeb Trojan.EmotetENT.329 20181226
eGambit Unsafe.AI_Score_61% 20181226
Emsisoft Trojan.GenericKD.40842744 (B) 20181226
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNYD 20181226
F-Prot W32/Emotet.LE.gen!Eldorado 20181226
F-Secure Trojan.GenericKD.40842744 20181226
Fortinet W32/Kryptik.GNYD!tr 20181226
GData Trojan.GenericKD.40842744 20181226
Ikarus Trojan-Banker.Emotet 20181226
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181226
K7GW Riskware ( 0040eff71 ) 20181226
Kaspersky Trojan-Banker.Win32.Emotet.bvrq 20181226
Malwarebytes Trojan.Emotet 20181226
MAX malware (ai score=81) 20181226
McAfee Emotet-FJX!350C40194804 20181226
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181226
Microsoft Trojan:Win32/Emotet.CJ 20181225
eScan Trojan.GenericKD.40842744 20181226
Palo Alto Networks (Known Signatures) generic.ml 20181226
Panda Trj/Genetic.gen 20181225
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181226
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181226
Symantec Trojan.Gen.2 20181225
Tencent Win32.Trojan-banker.Emotet.Lgto 20181226
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABAIAH 20181226
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABAIAH 20181226
Webroot W32.Trojan.Emotet 20181226
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvrq 20181226
Alibaba 20180921
Antiy-AVL 20181226
Avast-Mobile 20181225
Avira (no cloud) 20181226
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181225
ClamAV 20181226
CMC 20181225
Comodo 20181226
Cybereason 20180225
Jiangmin 20181226
Kingsoft 20181226
NANO-Antivirus 20181226
Qihoo-360 20181226
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181225
TACHYON 20181226
TheHacker 20181225
Trustlook 20181226
VBA32 20181226
ViRobot 20181225
Yandex 20181223
Zillya 20181225
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Cor

Product Microsoft®
Original name kbdth3.dll
Internal name kbdth3 (3.13)
Description Thai Pattachote (non-ShiftLock) Keyboa
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x000029C0
Number of sections 9
PE sections
PE imports
GetSecurityDescriptorRMControl
GetProcessId
GetNamedPipeClientProcessId
GetCurrentProcess
GetProcessHandleCount
GetDiskFreeSpaceExW
WaitForMultipleObjectsEx
GetTickCount64
QueryActCtxW
GetDynamicTimeZoneInformation
GetMenuItemCount
GetMessageExtraInfo
AddClipboardFormatListener
TrackPopupMenu
g_rgSCardRawPci
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
9.0.0.2719

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Thai Pattachote (non-ShiftLock) Keyboa

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x29c0

OriginalFileName
kbdth3.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Cor

TimeStamp
2002:07:17 19:23:20-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdth3 (3.13)

ProductVersion
6.1.76

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
135168

ProductName
Microsoft

ProductVersionNumber
9.0.0.2719

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 350c40194804a902b826e1b01e7bfa19
SHA1 019e509d72d02ffd50ef242672692b138d9ad0d3
SHA256 78a2de239d871a04204f6c8884ecffacbd3e51ae6af20c2f89d75ab09427125d
ssdeep
3072:nE/2huTQKV3yIxZ6fMggWC1MS8O6RO5DujLE76g:nE/2huTQKVbP6fHgkO605Duj06

authentihash 5126a04e0ded7e47d1042039672ff9710d90878c8a2a23cc76fc70d8ff418f26
imphash 47fa5cb4957ab9f693c5eb465033ad02
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-18 19:45:26 UTC ( 2 months ago )
Last submission 2018-12-18 19:45:26 UTC ( 2 months ago )
File names kbdth3 (3.13)
kbdth3.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!