× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ff2bef1b3c0156ad74c85a190ae997eb68c85043f989ce7baa43af0448493f1
File name: executable.1324.exe
Detection ratio: 28 / 68
Analysis date: 2018-06-19 12:02:32 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab W32.Troj.Spy!c 20180619
AhnLab-V3 Trojan/Win32.Emotet.R230152 20180619
Avast Win32:Malware-gen 20180619
AVG FileRepMalware 20180619
Avira (no cloud) TR/Crypt.ZPACK.Gen 20180619
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9975 20180615
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.c1e9a8 20180225
Cylance Unsafe 20180619
Cyren W32/GenBl.5ED6B884!Olympus 20180619
DrWeb Trojan.EmotetENT.244 20180619
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHWT 20180619
Fortinet W32/Kryptik.GHWC!tr 20180619
GData Win32.Trojan-Spy.Emotet.RJ 20180619
Ikarus Trojan-Banker.Emotet 20180619
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180619
Malwarebytes Trojan.Emotet 20180619
McAfee Artemis!5ED6B8846968 20180619
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180619
Microsoft Trojan:Win32/Fuery.B!cl 20180619
Palo Alto Networks (Known Signatures) generic.ml 20180619
Qihoo-360 Win32/Trojan.be3 20180619
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180619
TACHYON Trojan/W32.Agent.192512.BPY 20180619
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180619
Ad-Aware 20180619
Alibaba 20180619
ALYac 20180619
Antiy-AVL 20180619
Arcabit 20180619
Avast-Mobile 20180619
AVware 20180618
Babable 20180406
BitDefender 20180619
Bkav 20180619
CAT-QuickHeal 20180619
ClamAV 20180619
CMC 20180619
Comodo 20180619
eGambit 20180619
Emsisoft 20180619
F-Prot 20180619
F-Secure 20180619
Jiangmin 20180619
K7AntiVirus 20180619
K7GW 20180619
Kingsoft 20180619
MAX 20180619
eScan 20180619
NANO-Antivirus 20180619
Panda 20180618
Rising 20180619
Sophos AV 20180619
SUPERAntiSpyware 20180619
Symantec Mobile Insight 20180619
Tencent 20180619
TheHacker 20180613
TotalDefense 20180619
TrendMicro 20180619
TrendMicro-HouseCall 20180619
Trustlook 20180619
VBA32 20180619
VIPRE 20180619
ViRobot 20180619
Webroot 20180619
Yandex 20180618
Zillya 20180618
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-18 09:10:24
Entry Point 0x00001C1F
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorDacl
EnumServicesStatusW
RegSetKeySecurity
GetDeviceCaps
PlayMetaFileRecord
GetWindowExtEx
CreateHalftonePalette
CopyEnhMetaFileW
SetLayout
GetWorldTransform
UnrealizeObject
DPtoLP
ExtSelectClipRgn
GetSystemTime
GlobalGetAtomNameW
GlobalReAlloc
lstrcmpiA
GetThreadUILanguage
GetCommandLineA
GetNamedPipeClientSessionId
VarR8FromR4
SafeArrayCopy
I_RpcServerRegisterForwardFunction
RpcServerUseProtseqA
RpcServerRegisterIf
RpcAsyncInitializeHandle
SetupOpenLog
GetSubMenu
GetDCEx
GetParent
GetQueueStatus
IsWindowVisible
CreateIconIndirect
GetThreadDesktop
GetClientRect
PeekMessageA
GetDlgItem
GetActiveWindow
ClientToScreen
CloseWindowStation
AddPrinterConnectionW
SCardSetCardTypeProviderNameW
OleCreateEmbeddingHelper
CoInternetCreateZoneManager
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:18 10:10:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17408

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1c1f

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5ed6b884696833bb1eb4238a8c6585b2
SHA1 29d8173c1e9a8cb2bdf9764a436b773e74b00daa
SHA256 7ff2bef1b3c0156ad74c85a190ae997eb68c85043f989ce7baa43af0448493f1
ssdeep
1536:9/J/R/FSu38prtqY3pFs/WxS8IoE3tJaw5teM1e7DUCWQkbj9eCzjtgIkJGvRQEW:xNSQECWPE3/P5kMgPdkjzH71FYPv

authentihash 5534295d6324965a92b6e0bb9b7a243812029ab0b49e1ebd6fe816cb958b4a3d
imphash a1f27e27153bddf7b9ab14ffd8f4fa81
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 08:55:57 UTC ( 8 months, 1 week ago )
Last submission 2018-06-19 08:55:57 UTC ( 8 months, 1 week ago )
File names executable.1324.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!