× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 821a31d2552c05868ebad349cafe34e0a6e941b6e91c3cdaa03f8051e5738f0c
File name: STOCKACTION.EXE
Detection ratio: 44 / 69
Analysis date: 2018-07-16 01:36:25 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Krypt.9 20180715
AhnLab-V3 Trojan/Win32.Banki.R231390 20180715
ALYac Gen:Heur.Krypt.9 20180716
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180716
Arcabit Trojan.Krypt.9 20180716
Avast Win32:GenX-Banker 20180716
AVG Win32:GenX-Banker 20180716
Avira (no cloud) TR/AD.Emotet.qdbcy 20180715
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180712
BitDefender Gen:Heur.Krypt.9 20180716
CAT-QuickHeal Trojan.IGENERIC 20180714
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.492d91 20180225
Cylance Unsafe 20180716
Cyren W32/Emotet.DP.gen!Eldorado 20180716
Emsisoft Gen:Heur.Krypt.9 (B) 20180715
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIPS 20180715
F-Secure Gen:Heur.Krypt.9 20180716
Fortinet W32/Kryptik.GIPS!tr 20180715
GData Gen:Heur.Krypt.9 20180715
Ikarus Trojan-Banker.Emotet 20180715
Sophos ML heuristic 20180601
Jiangmin Trojan.Banker.Emotet.blu 20180715
K7AntiVirus Trojan ( 005372891 ) 20180715
K7GW Trojan ( 005372891 ) 20180715
Kaspersky Trojan-Banker.Win32.Emotet.awqd 20180715
Malwarebytes Spyware.Emotet 20180715
MAX malware (ai score=96) 20180716
McAfee Emotet-FHK!C3461368A213 20180715
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180715
eScan Gen:Heur.Krypt.9 20180715
NANO-Antivirus Trojan.Win32.Emotet.ffhxyb 20180715
Palo Alto Networks (Known Signatures) generic.ml 20180716
Qihoo-360 Win32/Trojan.ad1 20180716
Rising Trojan.Kryptik!8.8 (CLOUD) 20180716
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180716
Symantec ML.Attribute.HighConfidence 20180715
TrendMicro TROJ_GEN.R011C0DGB18 20180716
TrendMicro-HouseCall TROJ_GEN.R011C0DGB18 20180716
VBA32 BScope.TrojanBanker.Emotet 20180713
Webroot W32.Trojan.Emotet 20180716
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.awqd 20180716
AegisLab 20180715
Alibaba 20180713
Avast-Mobile 20180715
AVware 20180716
Babable 20180406
Bkav 20180713
ClamAV 20180715
CMC 20180714
Comodo 20180715
DrWeb 20180715
eGambit 20180716
F-Prot 20180715
Kingsoft 20180716
Microsoft 20180716
Panda 20180715
SUPERAntiSpyware 20180715
TACHYON 20180716
Tencent 20180716
TheHacker 20180712
TotalDefense 20180715
Trustlook 20180716
VIPRE 20180715
ViRobot 20180715
Yandex 20180713
Zillya 20180713
Zoner 20180715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-09 10:20:25
Entry Point 0x0000149D
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
EqualSid
[+] KERNEL32.dll
LCIDToLocaleName
AssignProcessToJobObject
GetCurrentProcessId
GetConsoleTitleW
GetSystemDefaultLangID
FindNextFileW
GetFileType
GetCurrentActCtx
GetCommandLineA
GetConsoleHistoryInfo
SetFileBandwidthReservation
[+] USER32.dll
GetCursorPos
SetTimer
GetQueueStatus
UnpackDDElParam
ChildWindowFromPoint
TrackMouseEvent
ChangeWindowMessageFilter
GetClassWord
DeregisterShellHookWindow
[+] WinSCard.dll
SCardGetCardTypeProviderNameW
Number of PE resources by type
RT_STRING 25
RT_BITMAP 2
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:07:09 11:20:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
11.0

FileTypeExtension
exe

InitializedDataSize
98304

SubsystemVersion
5.0

EntryPoint
0x149d

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c3461368a2137b762702e7be54bb4094
SHA1 7ac48f5492d9129e0c1c24b53d0b38003289eb08
SHA256 821a31d2552c05868ebad349cafe34e0a6e941b6e91c3cdaa03f8051e5738f0c
ssdeep
1536:XLkd82cvDGxymURdz8iw6RMN2W2/wp/y1bOtm0p7KBJwlJPmaffQNSrZN:od3kd4ids2XoIaEB+LPmFSrz

authentihash f280ba864006080ca7021fa542e01dc7e4578e1ab9d032ae25d64ad11bf08572
imphash 72e9af18048c8c43f92be463d3d5260f
File size 108.0 KB ( 110592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-10 01:40:02 UTC ( 7 months, 1 week ago )
Last submission 2018-07-10 01:40:02 UTC ( 7 months, 1 week ago )
File names STOCKACTION.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy