× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c7605dc6f558bac6a0f21537b4bd03e7d8c739807f7f26feb8fae7584ebb47a
File name: Gmx5TfoZIdzzbp.exe
Detection ratio: 42 / 69
Analysis date: 2018-09-30 02:07:26 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40528768 20180930
AegisLab Packer.W32.Krap.ljju 20180930
AhnLab-V3 Trojan/Win32.Emotet.R234758 20180929
ALYac Trojan.GenericKD.40528768 20180929
Arcabit Trojan.Generic.D26A6B80 20180929
Avast Win32:BankerX-gen [Trj] 20180930
AVG Win32:BankerX-gen [Trj] 20180930
BitDefender Trojan.GenericKD.40528768 20180929
Bkav HW32.Packed. 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180929
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.54e3b7 20180225
Cylance Unsafe 20180930
Cyren W32/Trojan.MNYD-9077 20180930
Emsisoft Trojan.GenericKD.40528768 (B) 20180930
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLDB 20180929
F-Secure Trojan.GenericKD.40528768 20180929
Fortinet W32/Kryptik.GLDB!tr 20180930
GData Trojan.GenericKD.40528768 20180930
Ikarus Trojan-Banker.Emotet 20180929
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053d58a1 ) 20180929
K7GW Trojan ( 0053d58a1 ) 20180929
Kaspersky Trojan-Banker.Win32.Emotet.bfdw 20180930
Malwarebytes Trojan.Emotet 20180930
McAfee Emotet-FHK!A4F00D6ECB9E 20180930
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180929
Microsoft Trojan:Win32/Emotet.AC!bit 20180930
eScan Trojan.GenericKD.40528768 20180930
NANO-Antivirus Virus.Win32.Gen.ccmw 20180930
Palo Alto Networks (Known Signatures) generic.ml 20180930
Panda Trj/RnkBend.A 20180929
Qihoo-360 HEUR/QVM20.1.222C.Malware.Gen 20180930
Rising Trojan.Emotet!8.B95 (CLOUD) 20180929
Sophos AV Mal/Generic-S 20180930
Symantec Trojan.Gen.2 20180929
Tencent Win32.Trojan-banker.Emotet.Lorg 20180930
TrendMicro TSPY_EMOTET.THIBGAH 20180929
TrendMicro-HouseCall TSPY_EMOTET.THIBGAH 20180930
VIPRE Trojan.Win32.Generic!BT 20180930
Webroot W32.Trojan.Emotet 20180930
Alibaba 20180921
Antiy-AVL 20180930
Avast-Mobile 20180928
Avira (no cloud) 20180929
AVware 20180925
Babable 20180918
Baidu 20180929
ClamAV 20180930
CMC 20180929
Comodo 20180930
DrWeb 20180930
eGambit 20180930
F-Prot 20180930
Jiangmin 20180930
Kingsoft 20180930
MAX 20180930
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180930
TheHacker 20180927
TotalDefense 20180929
Trustlook 20180930
VBA32 20180928
ViRobot 20180929
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x0000143A
Number of sections 6
PE sections
PE imports
IsValidAcl
RegOpenKeyExA
DeregisterEventSource
GetBoundsRect
GetTextColor
SetWindowOrgEx
GetUserPreferredUILanguages
GetSystemTime
GetLastError
ConnectNamedPipe
UnregisterWait
IsSystemResumeAutomatic
GetSystemTimeAdjustment
DeleteFiber
Sleep
GetConsoleProcessList
GetCommandLineA
GetNamedPipeClientSessionId
GetActivePwrScheme
I_RpcNsInterfaceUnexported
GetCursorPos
GetClassInfoA
TrackPopupMenu
FlashWindow
IsGUIThread
GetShellWindow
IsWindow
NotifyWinEvent
IsChild
PdhGetFormattedCounterValue
Number of PE resources by type
RT_STRING 13
RT_BITMAP 12
Number of PE resources by language
NEUTRAL 18
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:10:31 22:05:43-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x143a

InitializedDataSize
126976

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a4f00d6ecb9e720610ce89114440ccb0
SHA1 85663ee54e3b7c03725f7c41319e7f69c9ac7d0a
SHA256 7c7605dc6f558bac6a0f21537b4bd03e7d8c739807f7f26feb8fae7584ebb47a
ssdeep
3072:eQSCKvGzzbgeQcYAcuc1QLKnoMyU6lxT2nuy42:eQSbeXkcu9SLidqxCn

authentihash 7edf7b1eb82a040fd080d01279bd856cb80078e870958c487e941aad67135661
imphash 5d3a9437aa9a66295edc55dfc1553b9a
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-26 23:22:05 UTC ( 4 months, 3 weeks ago )
Last submission 2018-09-26 23:22:05 UTC ( 4 months, 3 weeks ago )
File names Gmx5TfoZIdzzbp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!