× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a7f784141344d93d7a6f6713a917b7c7675600b4e2e30412f899254e4dc2098
File name: 2ledHzcADZqkWsneMY2.exe
Detection ratio: 27 / 68
Analysis date: 2018-10-06 04:04:20 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31262054 20181006
BitDefender Trojan.Autoruns.GenericKDS.31262054 20181006
CMC Trojan.Win32.Obfuscated.en!O 20181005
Comodo TrojWare.Win32.Emotet.~AAQ 20181006
Cylance Unsafe 20181006
Emsisoft Trojan.Emotet (A) 20181006
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNFI 20181006
GData Win32.Trojan-Spy.Emotet.RX026C 20181006
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bgye 20181006
Malwarebytes Trojan.Emotet 20181006
MAX malware (ai score=51) 20181006
McAfee Artemis!4CEBBF9941AE 20181006
McAfee-GW-Edition Artemis!Trojan 20181006
Microsoft Trojan:Win32/Casdet!rfn 20181006
NANO-Antivirus Virus.Win32.Gen.ccmw 20181006
Palo Alto Networks (Known Signatures) generic.ml 20181006
Qihoo-360 HEUR/QVM20.1.5291.Malware.Gen 20181006
Rising Trojan.Azden!8.F0E3 (CLOUD) 20181006
Sophos AV Mal/Generic-S 20181006
Symantec ML.Attribute.HighConfidence 20181005
TrendMicro TROJ_GEN.F0C2C00J518 20181006
TrendMicro-HouseCall TROJ_GEN.F0C2C00J518 20181006
ViRobot Trojan.Win32.Z.Mdeclass.581632 20181005
Webroot W32.Trojan.Emotet 20181006
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bgye 20181006
AegisLab 20181006
AhnLab-V3 20181005
Alibaba 20180921
ALYac 20181006
Antiy-AVL 20181005
Arcabit 20181006
Avast 20181006
Avast-Mobile 20181005
AVG 20181006
Avira (no cloud) 20181005
AVware 20180925
Baidu 20180930
Bkav 20181005
CAT-QuickHeal 20181005
ClamAV 20181005
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181006
DrWeb 20181006
eGambit 20181006
F-Prot 20181006
F-Secure 20181006
Fortinet 20181006
Ikarus 20181005
Jiangmin 20181006
K7AntiVirus 20181006
K7GW 20181005
Kingsoft 20181006
eScan 20181006
Panda 20181005
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181006
Tencent 20181006
TheHacker 20181001
TotalDefense 20181005
Trustlook 20181006
VBA32 20181005
VIPRE 20181006
Yandex 20181005
Zillya 20181005
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© C Corporation. All rights reserved.

Product C® Windows® Operating System
Original name berwww.dll
Internal name berwww (3.11)
File version 5.1.2600.0 (xpclient.010817-1148)
Description Serbian_Cyrillic Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 21:57:07
Entry Point 0x00010048
Number of sections 4
PE sections
PE imports
RegGetKeySecurity
CryptAcquireContextA
SetPrivateObjectSecurity
IsTokenRestricted
RegSetKeySecurity
LookupPrivilegeNameA
CreatePrivateObjectSecurityWithMultipleInheritance
AuthzFreeContext
ClusterRegQueryValue
CertGetCTLContextProperty
CryptMsgOpenToEncode
CertCloseStore
SetDCBrushColor
PlayMetaFileRecord
GdiSetBatchLimit
GetCharWidth32W
GetSystemPaletteEntries
ImmGetCompositionWindow
UnregisterWait
SetConsoleHistoryInfo
HeapAlloc
GetTempFileNameA
CreateWaitableTimerA
GetDynamicTimeZoneInformation
GetSystemTimes
HeapReAlloc
GetThreadContext
SetThreadExecutionState
LZSeek
MprInfoDuplicate
acmStreamOpen
acmStreamPrepareHeader
NetGroupDel
NetUserChangePassword
I_RpcBindingToStaticStringBindingW
RpcBindingSetAuthInfoW
IUnknown_Release_Proxy
RpcMgmtIsServerListening
SetupFindFirstLineA
CM_Locate_DevNode_ExW
SetupScanFileQueueW
CMP_WaitNoPendingInstallEvents
SHPathPrepareForWriteW
PathRemoveExtensionW
PathUnmakeSystemFolderW
DeleteSecurityContext
LoadAcceleratorsA
MessageBoxExA
CharNextExA
OemToCharBuffA
SendDlgItemMessageA
PostThreadMessageW
RegisterDeviceNotificationA
InvalidateRgn
RegisterClassA
GetUrlCacheEntryInfoExW
midiOutGetNumDevs
waveOutGetID
waveOutGetPitch
mixerGetLineControlsA
AddMonitorA
CryptCATPutMemberInfo
RtlCompareMemory
RtlInterlockedPopEntrySList
OleMetafilePictFromIconAndLabel
CoReleaseMarshalData
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.1.2600.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Serbian_Cyrillic Keyboard Layout

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x10048

OriginalFileName
berwww.dll

MIMEType
application/octet-stream

LegalCopyright
C Corporation. All rights reserved.

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2001:08:17 22:57:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
berwww (3.11)

ProductVersion
5.1.2600.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
C Corporation

CodeSize
512000

ProductName
C Windows Operating System

ProductVersionNumber
5.1.2600.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4cebbf9941ae17707c22bf94b21fb347
SHA1 46ef346fdddf7f40f91228f21092fed3264d63f6
SHA256 7a7f784141344d93d7a6f6713a917b7c7675600b4e2e30412f899254e4dc2098
ssdeep
3072:aoc0bKOqBgItezSSAgk1UubkpZZjNavZ038dWIopAWUCOzL1:c0bqRabAgkf8ZZjcv2Mde59

authentihash 152658373eb20a8f86b3373752e81552b809600ba0323275dc3090edd38e53eb
imphash 7da8624e25316998f0554b1dbb9f93c3
File size 568.0 KB ( 581632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-05 14:36:17 UTC ( 1 month, 1 week ago )
Last submission 2018-10-07 03:16:04 UTC ( 1 month, 1 week ago )
File names gq38MD2wuDlC.exe
8HA9arzwvSmT.exe
2jnibTzkklrZ.exe
Roj3FqrYBn.exe
480.exe
output.114262357.txt
kyA6qb4w7.exe
berwww.dll
mOnTWjodSn0h.exe
pagesshl.exe
aRuf4263b.exe
2ledHzcADZqkWsneMY2.exe
46ef346fdddf7f40f91228f21092fed3264d63f6.exe
berwww (3.11)
yahvayxd.exe
20244952.exe
auYcUDXX.exe
KjHe6mtv.exe
qRhLW0uoFcx.exe
md1BgMaBU.exe
FFU8JHco.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!