× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8075e78e3f6dca928d389514328cb84d5a4ae1d8063a0931a84e34196f1a2167
File name: PgtvTE.exe
Detection ratio: 46 / 64
Analysis date: 2018-07-04 18:08:03 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31017258 20180704
AegisLab Ml.Attribute.Gen!c 20180704
AhnLab-V3 Win-Trojan/Emotet.Exp 20180704
ALYac Trojan.Autoruns.GenericKDS.31017258 20180704
Antiy-AVL Trojan/Win32.TSGeneric 20180704
Arcabit Trojan.Autoruns.GenericS.D1D9492A 20180704
Avast FileRepMalware 20180704
AVG FileRepMalware 20180704
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9954 20180704
BitDefender Trojan.Autoruns.GenericKDS.31017258 20180704
CAT-QuickHeal Trojan.Cloxer 20180704
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.3db9a5 20180225
Cyren W32/Trojan.EINY-9250 20180704
Emsisoft Trojan.Emotet (A) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIFN 20180704
F-Secure Trojan.Autoruns.GenericKDS.31017258 20180704
Fortinet W32/Kryptik.GIHC!tr 20180704
GData Trojan.Autoruns.GenericKDS.31017258 20180704
Ikarus Trojan-Banker.Emotet 20180704
Sophos ML heuristic 20180601
Jiangmin Trojan.Banker.Emotet.bep 20180704
K7AntiVirus Riskware ( 0040eff71 ) 20180704
K7GW Riskware ( 0040eff71 ) 20180704
Kaspersky Trojan-Banker.Win32.Emotet.atuv 20180704
Malwarebytes Spyware.Emotet 20180704
MAX malware (ai score=94) 20180704
McAfee Emotet-FHP!D029B8271E3D 20180704
McAfee-GW-Edition BehavesLike.Win32.AdwareLinkury.dt 20180704
Microsoft Trojan:Win32/Emotet.AC!bit 20180704
eScan Trojan.Autoruns.GenericKDS.31017258 20180704
NANO-Antivirus Trojan.Win32.Emotet.feqtya 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/Emotet.C 20180704
Qihoo-360 HEUR/QVM20.1.1F68.Malware.Gen 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180704
Symantec Trojan.Emotet 20180704
TotalDefense Win32/FakeMS.WOCR 20180704
VBA32 BScope.Malware-Cryptor.Emotet 20180704
ViRobot Trojan.Win32.Z.Emotet.221184.G 20180704
Webroot W32.Trojan.Emotet 20180704
Yandex Trojan.PWS.Emotet! 20180704
Zillya Trojan.Emotet.Win32.2865 20180704
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.atuv 20180704
Avast-Mobile 20180704
Avira (no cloud) 20180704
AVware 20180704
Babable 20180406
Bkav 20180704
ClamAV 20180704
CMC 20180704
Comodo 20180704
DrWeb 20180704
eGambit 20180704
F-Prot 20180704
Kingsoft 20180704
SUPERAntiSpyware 20180704
TACHYON 20180704
Tencent 20180704
TheHacker 20180628
Trustlook 20180704
VIPRE 20180704
Zoner 20180704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Mic
File version 6.1.7601
Description TLS / SSL Secur
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-26 22:30:33
Entry Point 0x00001014
Number of sections 6
PE sections
PE imports
GetPixel
GetStockObject
GetThreadId
FileTimeToSystemTime
GetUserDefaultLCID
FlushInstructionCache
GlobalFlags
GetTickCount
GetSystemDirectoryA
GetUserGeoID
GetStringTypeW
GetVersion
DrawTextExW
GetPriorityClipboardFormat
LoadMenuA
IsWindowEnabled
GetUrlCacheEntryInfoExW
GetPrinterDriverW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Crypt file!!!!

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x1014

MIMEType
application/octet-stream

FileVersion
6.1.7601

TimeStamp
2018:06:27 00:30:33+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ddd R Semiconductor ealtek

CodeSize
102400

ProductName
Mic

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 d029b8271e3db93a6f6997b97536093e
SHA1 ece30473db9a53dda6916eb4c1bdd69b18236d46
SHA256 8075e78e3f6dca928d389514328cb84d5a4ae1d8063a0931a84e34196f1a2167
ssdeep
1536:Eo975keXXaB5U6stRLZb+2RmFrAbMRC+7jLHdXVr3ogXB:Eo9dkzvVYR42OukTHBF

authentihash c3aefeff4534489ec16bbc0c71bc4f8a100cce5165091c46544f4ce149abf1ff
imphash 99ae2fc43288aa20e61abe5a7559c474
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-26 22:33:41 UTC ( 8 months ago )
Last submission 2018-06-26 22:33:41 UTC ( 8 months ago )
File names PgtvTE.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!