× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b7ac92fe156f22d302d53411e39173293b6b0bc30edafaf500afc6192631d3c
File name: 3QP1xPCvCT.exe
Detection ratio: 13 / 61
Analysis date: 2018-08-15 16:44:42 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Endgame malicious (high confidence) 20180730
Fortinet W32/Kryptik.GJPT!tr 20180815
Sophos ML heuristic 20180717
Jiangmin Trojan/Inject.awre 20180815
K7AntiVirus Trojan ( 004e08351 ) 20180815
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180815
Palo Alto Networks (Known Signatures) generic.ml 20180815
Qihoo-360 HEUR/QVM20.1.3465.Malware.Gen 20180815
Rising Trojan.Cloxer!8.F54F (TFE:dGZlOgEXugy87y4fKA) 20180815
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180815
Webroot W32.Trojan.Emotet 20180815
Ad-Aware 20180815
AegisLab 20180815
AhnLab-V3 20180815
Alibaba 20180713
Antiy-AVL 20180815
Arcabit 20180815
Avast 20180815
Avast-Mobile 20180815
AVG 20180815
Avira (no cloud) 20180815
AVware 20180815
Babable 20180725
Bkav 20180815
CAT-QuickHeal 20180814
CMC 20180812
Comodo 20180815
Cybereason 20180225
Cylance 20180815
Cyren 20180815
DrWeb 20180815
eGambit 20180815
Emsisoft 20180815
ESET-NOD32 20180815
F-Prot 20180815
F-Secure 20180815
GData 20180815
K7GW 20180815
Kaspersky 20180815
Kingsoft 20180815
MAX 20180815
McAfee 20180815
Microsoft 20180815
eScan 20180815
NANO-Antivirus 20180815
Panda 20180815
Sophos AV 20180815
SUPERAntiSpyware 20180815
TACHYON 20180815
Tencent 20180815
TheHacker 20180815
TotalDefense 20180815
TrendMicro 20180815
TrendMicro-HouseCall 20180815
Trustlook 20180815
VBA32 20180815
VIPRE 20180815
ViRobot 20180815
Zillya 20180815
ZoneAlarm by Check Point 20180815
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hrelklewlkhr.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-15 16:35:43
Entry Point 0x00022D9D
Number of sections 5
PE sections
PE imports
IsValidSid
RegDeleteValueW
GetSecurityDescriptorControl
CreateWellKnownSid
IsWellKnownSid
ImageList_Create
PrintDlgExW
CryptSignAndEncodeCertificate
CryptInstallOIDFunctionAddress
CertDuplicateCRLContext
CertSetEnhancedKeyUsage
CryptSIPRemoveSignedDataMsg
GetMetaFileBitsEx
GetArcDirection
CopyMetaFileW
ScaleWindowExtEx
UnrealizeObject
GetDIBits
Ellipse
ImmDestroyContext
SetFileAttributesA
GetModuleHandleA
FindAtomW
GetNamedPipeInfo
EraseTape
DeleteFiber
GetCurrentDirectoryA
GetTempPathW
GetTimeZoneInformation
FlsGetValue
GetStringTypeExA
FlsFree
SleepEx
DsGetDomainControllerInfoW
VarUI1FromStr
RasGetSubEntryPropertiesA
RasSetAutodialParamA
NdrCorrelationInitialize
I_RpcMapWin32Status
SetupDiGetDeviceRegistryPropertyW
SetupDiCancelDriverInfoSearch
CM_Open_DevNode_Key
CM_Get_DevNode_Custom_PropertyW
DuplicateIcon
SHGetFolderPathA
SHAppBarMessage
DragFinish
PathFindSuffixArrayW
SHDeleteValueA
GetWindowThreadProcessId
wsprintfA
GetClassNameW
SendMessageW
DeferWindowPos
DlgDirSelectComboBoxExW
ScrollWindow
MonitorFromWindow
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersW
CryptCATAdminReleaseContext
SCardIntroduceCardTypeA
strncmp
CoWaitForMultipleHandles
RevokeBindStatusCallback
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
29696

EntryPoint
0x22d9d

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:08:15 18:35:43+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Win32

LegalCopyright
hrelklewlkhr.

MachineType
Intel 386 or later, and compatibles

CodeSize
148992

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 faea29635180236c41fc62941585cb7b
SHA1 3cc63d231d6ddb418aa4c2e14871562e28877de4
SHA256 7b7ac92fe156f22d302d53411e39173293b6b0bc30edafaf500afc6192631d3c
ssdeep
3072:GgCOIYpS8FSzFNc0iCtIbhRaVpd/BYrrKgjCE71vnG9:wOIL8FatI8pd/B23jCE

authentihash 36ac440076d86a31832bdb2ff4d7a755ed4f78b758037b3ca16f2f3995b0e332
imphash 2f371e8e37824e17b107a6a6b362ff36
File size 175.5 KB ( 179712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-15 16:44:42 UTC ( 6 months, 1 week ago )
Last submission 2018-08-15 16:44:42 UTC ( 6 months, 1 week ago )
File names 26535480.exe
34529912.exe
25748512.exe
23782592.exe
27191336.exe
3QP1xPCvCT.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!