× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f076d36307be5cfbe2c10d63f1fc533e287632547eccd9d6e47d031c41f5456
File name: emotet_e2_7f076d36307be5cfbe2c10d63f1fc533e287632547eccd9d6e47d03...
Detection ratio: 39 / 65
Analysis date: 2019-03-19 00:54:26 UTC ( 2 months ago )
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Gen:Variant.Ulise.33069 20190318
AhnLab-V3 Malware/Win32.Trojanspy.C3104500 20190318
ALYac Gen:Variant.Ulise.33069 20190318
Arcabit Trojan.Ulise.D812D 20190318
Avast Win32:Trojan-gen 20190318
AVG Win32:Trojan-gen 20190318
Avira (no cloud) TR/Crypt.Agent.ihhwu 20190318
BitDefender Gen:Variant.Ulise.33069 20190318
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
DrWeb Trojan.Emotet.652 20190318
Emsisoft Gen:Variant.Ulise.33069 (B) 20190318
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CGB 20190319
F-Secure Trojan.TR/Crypt.Agent.ihhwu 20190318
Fortinet W32/Kryptik.CGB!tr 20190318
GData Gen:Variant.Ulise.33069 20190319
Ikarus Trojan-Banker.Emotet 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0014f7c21 ) 20190318
Kaspersky Trojan-Banker.Win32.Emotet.coqf 20190318
Malwarebytes Trojan.Emotet 20190318
MAX malware (ai score=84) 20190319
McAfee Emotet-FMI!D8EC7CB5ED46 20190319
McAfee-GW-Edition Emotet-FMI!D8EC7CB5ED46 20190318
Microsoft Trojan:Win32/Emotet.AC!bit 20190318
eScan Gen:Variant.Ulise.33069 20190319
NANO-Antivirus Trojan.Win32.Emotet.fobzlg 20190319
Palo Alto Networks (Known Signatures) generic.ml 20190319
Panda Trj/GdSda.A 20190318
Qihoo-360 Win32/Trojan.9d6 20190319
Rising Trojan.Kryptik!8.8 (CLOUD) 20190319
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190318
Tencent Win32.Trojan.Falsesign.Wurc 20190319
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMF 20190319
VBA32 BScope.Malware-Cryptor.Emotet 20190318
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.coqf 20190319
AegisLab 20190318
Alibaba 20190306
Antiy-AVL 20190318
Avast-Mobile 20190318
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190318
CMC 20190318
Comodo 20190318
Cybereason 20190109
Cyren 20190318
Jiangmin 20190318
K7GW 20190315
Kingsoft 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190318
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190319
VIPRE 20190319
ViRobot 20190318
Yandex 20190318
Zillya 20190318
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Cmd.Exe
Internal name cmd
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Command Processor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:54 AM 3/19/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-16 11:23:47
Entry Point 0x000011A0
Number of sections 4
PE sections
Overlays
MD5 64d6623077545455e07779a86ac3b04b
File type data
Offset 232448
Size 3336
Entropy 7.36
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetOverlappedResult
SetEvent
HeapAlloc
EncodePointer
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
lstrcmpiA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
GetOEMCP
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
GlobalFindAtomW
lstrcpynW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
SwitchToThread
GetModuleFileNameA
InterlockedExchangeAdd
SetConsoleCtrlHandler
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
DisconnectNamedPipe
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
WaitForMultipleObjectsEx
TerminateProcess
GetModuleHandleExW
GlobalAlloc
VirtualQueryEx
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
LCMapStringW
WaitForMultipleObjects
GetDateFormatW
GetCommProperties
GetStartupInfoW
GetUserDefaultLCID
GetSystemInfo
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetProcAddress
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetCommState
lstrlenW
VirtualFree
SetupComm
GetCPInfoExW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
ResumeThread
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
IsValidCodePage
FindResourceW
VirtualQuery
CreateProcessW
Sleep
IsBadReadPtr
SetThreadPriority
VirtualAlloc
ResetEvent
Shell_NotifyIconW
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
GetWindowThreadProcessId
SendMessageTimeoutA
GetDCEx
GetMessageTime
GetTopWindow
FlashWindow
LoadStringW
TranslateAccelerator
SendMessageA
CreateIconFromResource
MessageBoxA
DdeCreateStringHandleA
RegisterWindowMessageA
SetForegroundWindow
InvalidateRgn
LoadStringA
Number of PE resources by type
RT_ICON 10
MUI 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Command Processor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
108544

EntryPoint
0x11a0

OriginalFileName
Cmd.Exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2019:03:16 12:23:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmd

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
122880

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d8ec7cb5ed466211ffcdfb80843b1f99
SHA1 9b0f0091d5dc517197004651b0e5e4c1407ffe36
SHA256 7f076d36307be5cfbe2c10d63f1fc533e287632547eccd9d6e47d031c41f5456
ssdeep
3072:POp/0A48k2GgrQCz+VGUbqPM902ypydVi4aZynjjyGMs:GM9b29z+VGUQM9UpQzJjmU

authentihash 13955b9e5c01b7eb14f35fb2734ecda7224a0f1849444c12da414d9afe6edd68
imphash d63705d407e04b765563fe84f33f8db0
File size 230.3 KB ( 235784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-16 11:35:40 UTC ( 2 months ago )
Last submission 2019-03-19 00:54:26 UTC ( 2 months ago )
File names cmd
Cmd.Exe
emotet_e2_7f076d36307be5cfbe2c10d63f1fc533e287632547eccd9d6e47d031c41f5456_2019-03-16__113005.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections