× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80f8afb0890cfd3f6f8609772c7365ea6e40d97b682b0e669e52bd3a7f3fe189
File name: 80f8afb0890cfd3f6f8609772c7365ea6e40d97b682b0e669e52bd3a7f3fe189
Detection ratio: 18 / 69
Analysis date: 2018-09-27 08:11:27 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180927
CAT-QuickHeal Trojan.Emotet.X4 20180926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180927
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180927
Kaspersky UDS:DangerousObject.Multi.Generic 20180927
McAfee Emotet-FJG!98B5551A8032 20180927
Microsoft Trojan:Win32/Emotet.AC!bit 20180927
Palo Alto Networks (Known Signatures) generic.ml 20180927
Qihoo-360 HEUR/QVM20.1.23AF.Malware.Gen 20180927
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgKi6+X7tRFbWA) 20180927
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/EncPk-ANY 20180927
Symantec ML.Attribute.HighConfidence 20180927
VBA32 Malware-Cryptor.Limpopo 20180926
Webroot W32.Trojan.Emotet 20180927
Ad-Aware 20180927
AegisLab 20180927
AhnLab-V3 20180927
Alibaba 20180921
ALYac 20180927
Antiy-AVL 20180927
Arcabit 20180927
Avast 20180927
Avast-Mobile 20180927
Avira (no cloud) 20180927
AVware 20180925
Babable 20180918
Baidu 20180927
BitDefender 20180927
Bkav 20180927
ClamAV 20180927
CMC 20180926
Comodo 20180927
Cybereason 20180225
Cyren 20180927
DrWeb 20180927
eGambit 20180927
Emsisoft 20180927
ESET-NOD32 20180927
F-Prot 20180927
F-Secure 20180927
Fortinet 20180927
GData 20180927
Ikarus 20180926
Jiangmin 20180926
K7AntiVirus 20180927
Kingsoft 20180927
Malwarebytes 20180927
MAX 20180927
McAfee-GW-Edition 20180927
eScan 20180927
NANO-Antivirus 20180927
Panda 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180927
Tencent 20180927
TheHacker 20180927
TotalDefense 20180925
TrendMicro 20180927
TrendMicro-HouseCall 20180927
Trustlook 20180927
VIPRE 20180927
ViRobot 20180927
Yandex 20180926
Zillya 20180926
ZoneAlarm by Check Point 20180925
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Microsoft® Windows® Operat
Original name DeviceMetadata
Internal name DeviceMetadata
File version 6.1.7600.16385 (win7_rtm.090713-125
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 05:33:33
Entry Point 0x0002E42B
Number of sections 5
PE sections
PE imports
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
QueryUsersOnEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
CreatePipe
DecodePointer
GetModuleHandleA
HeapCompact
GetSystemDefaultLCID
CompareStringA
GetSystemTimes
UnlockFileEx
FillConsoleOutputCharacterW
GetSystemPowerStatus
SetFileBandwidthReservation
SetProcessShutdownParameters
MprAdminInterfaceTransportRemove
MprAdminInterfaceDisconnect
MprConfigInterfaceTransportSetInfo
NetApiBufferSize
SafeArrayCopy
glEvalMesh1
RpcBindingSetAuthInfoW
SetupDiClassNameFromGuidExW
SetupDiSetDeviceInstallParamsA
UrlEscapeW
StrRChrIW
ToUnicodeEx
CharPrevA
BeginDeferWindowPos
SendDlgItemMessageA
RealGetWindowClassW
DrawIconEx
LoadCursorFromFileA
InsertMenuW
PtInRect
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryW
InternetReadFileExA
waveOutSetVolume
mmioWrite
Ord(30)
iswascii
localeconv
StgOpenStorageEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
30720

EntryPoint
0x2e42b

OriginalFileName
DeviceMetadata

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights res

FileVersion
6.1.7600.16385 (win7_rtm.090713-125

TimeStamp
2018:09:27 06:33:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DeviceMetadata

ProductVersion
6.1.7600.163

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
193536

ProductName
Microsoft Windows Operat

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 98b5551a80321af4ce144cf6906c5b22
SHA1 7ba5d626598ac509e34b6902c4f07ad9d48b9e76
SHA256 80f8afb0890cfd3f6f8609772c7365ea6e40d97b682b0e669e52bd3a7f3fe189
ssdeep
1536:JrEgYDFZoT8gHxmiywjqUH2sMvPG8/d2gJ6Qh2W6AYZKB7Ii+QTGDa1k9O:IDFOg0xEwjqMMW8/EgJ5D6XKBv++GOI

authentihash 654053d7e11269cfdb47ceaeed56606f5703901db63bbc654e645b0e65b11771
imphash 69840be347f7133c8f24d87a8cfb3ecb
File size 214.5 KB ( 219648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-27 05:48:56 UTC ( 4 months, 4 weeks ago )
Last submission 2018-11-14 19:54:48 UTC ( 3 months, 1 week ago )
File names cDnf644yILj.exe
bvQkWWXDk0jK.exe
Y9KiRkWAyj.exe
cmzAtOIV.exe
v0qlBfnN.exe
iBj15BO5h7.exe
Ar61kf8ytQk.exe
srvtexas.exe
EsaaAAvFkETO.exe
bxk6MC1d.exe
98b5551a80321af4ce144cf6906c5b22
919.exe
srvtexas.exe
qQSEvgWDw9iD.exe
Ubb4Xa7yg5.exe
DeviceMetadata
dUik4UWv.exe
qBuP54FsZQ.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!