× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7fa57ed39952cd44b94648a058f38d16cb635583fda916e553f951eb4d9ffe69
File name: output.114552339.txt
Detection ratio: 47 / 70
Analysis date: 2018-11-26 16:59:10 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31368615 20181126
AhnLab-V3 Trojan/Win32.Generic.C2850422 20181126
ALYac Trojan.Agent.Emotet 20181126
Arcabit Trojan.Generic.D1DEA5A7 20181126
Avast Win32:Malware-gen 20181126
AVG Win32:Malware-gen 20181126
BitDefender Trojan.GenericKD.31368615 20181126
CAT-QuickHeal Trojan.Emotet.X4 20181126
Comodo Malware@#2g3xdd14p4leg 20181126
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.a906d8 20180225
Cylance Unsafe 20181126
Cyren W32/Emotet.JK.gen!Eldorado 20181126
DrWeb Trojan.EmotetENT.305 20181126
Emsisoft Trojan.GenericKD.31368615 (B) 20181126
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNBJ 20181126
F-Prot W32/Emotet.JK.gen!Eldorado 20181126
F-Secure Trojan.GenericKD.31368615 20181126
Fortinet Malicious_Behavior.SB 20181126
GData Trojan.GenericKD.31368615 20181126
Ikarus Trojan.Win32.Crypt 20181126
K7AntiVirus Trojan ( 00541dfa1 ) 20181126
K7GW Trojan ( 00541dfa1 ) 20181126
Kaspersky Trojan-Banker.Win32.Emotet.brht 20181126
Malwarebytes Trojan.Emotet 20181126
MAX malware (ai score=98) 20181126
McAfee Emotet-FJR!4AD6315A906D 20181126
McAfee-GW-Edition Emotet-FJR!4AD6315A906D 20181126
Microsoft Trojan:Win32/Emotet.AC!bit 20181126
eScan Trojan.GenericKD.31368615 20181126
NANO-Antivirus Virus.Win32.Gen.ccmw 20181126
Palo Alto Networks (Known Signatures) generic.ml 20181126
Panda Trj/Genetic.gen 20181126
Qihoo-360 HEUR/QVM20.1.6141.Malware.Gen 20181126
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181126
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181126
Symantec Packed.Generic.517 20181126
TACHYON Banker/W32.Emotet.327680.C 20181126
Trapmine malicious.moderate.ml.score 20181126
TrendMicro TSPY_EMOTET.THAABCAH 20181126
TrendMicro-HouseCall TSPY_EMOTET.THAABCAH 20181126
VBA32 BScope.Trojan.Emotet 20181126
ViRobot Trojan.Win32.Z.Genetic.327680 20181126
Webroot W32.Trojan.Emotet 20181126
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.brht 20181126
AegisLab 20181126
Alibaba 20180921
Antiy-AVL 20181126
Avast-Mobile 20181126
Avira (no cloud) 20181126
Babable 20180918
Baidu 20181126
Bkav 20181126
ClamAV 20181126
CMC 20181126
eGambit 20181126
Sophos ML 20181108
Jiangmin 20181126
Kingsoft 20181126
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
Tencent 20181126
TheHacker 20181126
TotalDefense 20181126
Trustlook 20181126
VIPRE 20181125
Yandex 20181123
Zillya 20181123
Zoner 20181126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft®
Internal name catsrvps
File version 3.00.
Description CO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-22 16:36:58
Entry Point 0x00008B9D
Number of sections 6
PE sections
PE imports
DeregisterEventSource
RegSetKeySecurity
LookupAccountSidW
EnumServicesStatusA
GdiSetBatchLimit
GetRegionData
GetRandomRgn
GetCurrentPositionEx
GetVolumePathNamesForVolumeNameW
GetNamedPipeClientProcessId
FindResourceA
FreeConsole
GetStringScripts
FindFirstVolumeW
GetTimeZoneInformation
lstrlenA
GlobalFree
DeleteFiber
EnumTimeFormatsA
RequestWakeupLatency
GetLocaleInfoW
GlobalLock
GetProfileSectionA
GetModuleHandleW
WinExec
FatalAppExitA
VarUI4FromUI8
ExtractAssociatedIconA
StrChrNW
FreeCredentialsHandle
GetMessageTime
GetPriorityClipboardFormat
GetMenuDefaultItem
GetMenu
GetKeyboardLayoutNameA
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
CO

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
290816

EntryPoint
0x8b9d

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All

FileVersion
3.00.

TimeStamp
2018:11:22 17:36:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
catsrvps

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
0

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4ad6315a906d8bd060fc7c57ff3c70f8
SHA1 128d9ed30d5caa9a7ce20c13c1efcceab8683f45
SHA256 7fa57ed39952cd44b94648a058f38d16cb635583fda916e553f951eb4d9ffe69
ssdeep
3072:vMm2bJF4W4ttL32YSrx4andPqlGPgXnAuIrEz5tJrEJJN3eX:UBbJ+BtV3dS6andPenAuIrEz5t2JJ

authentihash 838c058eaebb14e1e106d0e6c4d2dca6435ca75b6e4f3603efc8e69ac6e4cf6e
imphash 607a1e926af3e10a1bbba3e9af9aeb11
File size 320.0 KB ( 327680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-22 16:39:29 UTC ( 2 months, 4 weeks ago )
Last submission 2018-12-29 01:48:50 UTC ( 1 month, 3 weeks ago )
File names catsrvps
56.exe
842.exe
352307.exe
2248484.exe
22267641.exe
67.exe
CSSie0uz4acPa.exe
41573429.exe
7992530.exe
69.exe
4820068.exe
output.114552339.txt
38841775.exe
49.exe
4ad6315a906d8bd060fc7c57ff3c70f8
6339.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!