× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b4274a84a6014d33cafdd63ff6d44000380be119d88609bf692b08f9e2ede12
File name: emotet_e1_7b4274a84a6014d33cafdd63ff6d44000380be119d88609bf692b08...
Detection ratio: 43 / 66
Analysis date: 2019-03-19 07:38:28 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Trojan.GenericKDZ.54555 20190319
AhnLab-V3 Malware/Win32.Trojanspy.C3099401 20190319
ALYac Trojan.Agent.Emotet 20190319
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190319
Arcabit Trojan.Generic.DD51B 20190319
Avast Win32:BankerX-gen [Trj] 20190319
AVG Win32:BankerX-gen [Trj] 20190319
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190318
BitDefender Trojan.GenericKDZ.54555 20190319
Comodo Malware@#286uun96p55ff 20190319
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.a412a9 20190109
Cyren W32/Trojan.NTPB-0179 20190319
Emsisoft Trojan.Emotet (A) 20190319
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Emotet.BY 20190319
F-Secure Trojan.TR/Crypt.ZPACK.Gen2 20190319
Fortinet W32/Kryptik.CPES!tr 20190319
GData Trojan.GenericKDZ.54555 20190319
Ikarus Trojan-Banker.Emotet 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0051a4f91 ) 20190319
Kaspersky Trojan.Win32.Agent.qwishs 20190319
Malwarebytes Trojan.Emotet 20190319
MAX malware (ai score=83) 20190319
McAfee RDN/Generic.grp 20190319
McAfee-GW-Edition RDN/Generic.grp 20190319
Microsoft Trojan:Win32/Skeeyah.A!rfn 20190319
eScan Trojan.GenericKDZ.54555 20190319
NANO-Antivirus Trojan.Win32.Emotet.foauvz 20190319
Palo Alto Networks (Known Signatures) generic.ml 20190319
Panda Trj/Emotet.D 20190318
Qihoo-360 HEUR/QVM20.1.DB6F.Malware.Gen 20190319
Rising Trojan.Kryptik!8.8 (CLOUD) 20190319
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190319
Tencent Win32.Trojan.Falsesign.Htwn 20190319
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190319
VBA32 BScope.Malware-Cryptor.Emotet 20190318
ViRobot Trojan.Win32.Z.Kryptik.209672.G 20190319
ZoneAlarm by Check Point Trojan.Win32.Agent.qwishs 20190319
AegisLab 20190319
Alibaba 20190306
Avast-Mobile 20190318
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190318
CMC 20190318
DrWeb 20190319
eGambit 20190319
F-Prot 20190319
Jiangmin 20190319
K7GW 20190315
Kingsoft 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190319
Yandex 20190318
Zillya 20190318
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 Qihu 360 Software Co., Ltd.

Product 360 Internet Security
Original name WDSafeDown.exe
Internal name WDSafeDown.exe
File version 2, 0, 0, 1200
Description 360 Internet Security Internet Protection
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:39 PM 3/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-15 08:18:33
Entry Point 0x000013B0
Number of sections 4
PE sections
Overlays
MD5 19555192b17343d8d2023b20d01d2c87
File type data
Offset 206336
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTextMetricsW
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CombineRgn
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
EncodePointer
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCommState
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetDateFormatW
GetCommProperties
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
InterlockedIncrement
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
SetupComm
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SendDlgItemMessageA
CharNextExA
GetDCEx
EnableMenuItem
LoadStringA
DispatchMessageA
GetTopWindow
TranslateAccelerator
SendMessageTimeoutA
CreateIconFromResource
DdeCreateStringHandleA
MessageBoxA
PeekMessageA
SetForegroundWindow
CreateDialogParamA
FlashWindow
GetMessageTime
InvalidateRgn
GetSystemMenu
DestroyWindow
Number of PE resources by type
RT_STRING 21
RT_ICON 3
RT_VERSION 2
RT_RCDATA 2
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 26
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.1200

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
360 Internet Security Internet Protection

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
98816

EntryPoint
0x13b0

OriginalFileName
WDSafeDown.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2014 Qihu 360 Software Co., Ltd.

FileVersion
2, 0, 0, 1200

TimeStamp
2019:03:15 09:18:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WDSafeDown.exe

ProductVersion
2, 0, 0, 1200

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Qihu 360 Software Co., Ltd.

CodeSize
106496

ProductName
360 Internet Security

ProductVersionNumber
2.0.0.1200

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2f6d389a412a96c73262c882b5791f2a
SHA1 d279fa0c2067475e7d5e06e854919dc6ec55970c
SHA256 7b4274a84a6014d33cafdd63ff6d44000380be119d88609bf692b08f9e2ede12
ssdeep
3072:52B7dBvk2GgrQCz+VGUbqPM902yHydV1tTMCU37aEXK:ss29z+VGUQM9UHQzQP37U

authentihash a24bddfa8e3f8bcd1f897a059633060178eb14563c0b751862961a15cb51593c
imphash 871b8b6d59c1e6ca20ad1137a5a68497
File size 204.8 KB ( 209672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-15 08:25:29 UTC ( 1 month ago )
Last submission 2019-03-16 04:06:44 UTC ( 1 month ago )
File names WDSafeDown.exe
emotet_e1_7b4274a84a6014d33cafdd63ff6d44000380be119d88609bf692b08f9e2ede12_2019-03-15__082501.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections