× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 826afeaba04779f5c6970ddcdf0d5aecd5b5c0fa4a61553ee98e994098182006
File name: 63407659.exe_
Detection ratio: 42 / 66
Analysis date: 2018-05-29 03:04:33 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30869923 20180529
AegisLab Ml.Attribute.Gen!c 20180529
AhnLab-V3 Trojan/Win32.Emotet.R228996 20180529
ALYac Trojan.GenericKD.30869923 20180529
Antiy-AVL Trojan/Win32.TSGeneric 20180529
Arcabit Trojan.Generic.D1D709A3 20180529
Avast Win32:Malware-gen 20180528
AVG Win32:Malware-gen 20180528
Avira (no cloud) TR/Crypt.ZPACK.jkvti 20180528
AVware Trojan.Win32.Generic!BT 20180529
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180529
BitDefender Trojan.GenericKD.30869923 20180529
Cylance Unsafe 20180529
Cyren W32/Trojan.NZOB-5670 20180529
Emsisoft Trojan.GenericKD.30869923 (B) 20180529
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180528
F-Prot W32/S-d0689060!Eldorado 20180529
F-Secure Trojan.GenericKD.30869923 20180529
Fortinet W32/Kryptik.GHBV!tr 20180529
GData Win32.Trojan-Spy.Emotet.QR 20180529
Ikarus Trojan.Win32.Crypt 20180528
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 005329321 ) 20180528
K7GW Trojan ( 005329321 ) 20180528
Kaspersky Trojan.Win32.Agent.qwgswg 20180529
Malwarebytes Spyware.PasswordStealer 20180528
McAfee RDN/Generic.grp 20180528
McAfee-GW-Edition RDN/Generic.grp 20180528
eScan Trojan.GenericKD.30869923 20180528
Palo Alto Networks (Known Signatures) generic.ml 20180529
Panda Trj/GdSda.A 20180528
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180528
Symantec ML.Attribute.HighConfidence 20180528
TrendMicro TSPY_EMOTET.TTIBBIC 20180529
TrendMicro-HouseCall TSPY_EMOTET.TTIBBIC 20180529
VBA32 BScope.Trojan.Cloxer 20180528
VIPRE Trojan.Win32.Generic!BT 20180529
Webroot W32.Trojan.Emotet 20180529
Yandex Trojan.Agent!B976EhtBu70 20180528
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgswg 20180529
Alibaba 20180528
Avast-Mobile 20180527
Babable 20180406
Bkav 20180528
CAT-QuickHeal 20180528
ClamAV 20180528
CMC 20180528
Comodo 20180529
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180529
eGambit 20180529
Jiangmin 20180529
Kingsoft 20180529
MAX 20180529
Microsoft 20180528
NANO-Antivirus 20180528
nProtect 20180529
Qihoo-360 20180529
Rising 20180528
SUPERAntiSpyware 20180528
Symantec Mobile Insight 20180525
Tencent 20180529
TheHacker 20180524
TotalDefense 20180528
Trustlook 20180529
ViRobot 20180528
Zillya 20180528
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001F04
Number of sections 4
PE sections
PE imports
GetUserNameA
CertGetCertificateChain
CertOpenSystemStoreA
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
StrCpyNW
SHSetValueW
SHCopyKeyW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
188416

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.164

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

EntryPoint
0x1f04

ObjectFileType
Dynamic link library

File identification
MD5 20d850e7dc99d3c67af47d44083bd61c
SHA1 2ab81c7c47d86e26821d2f13feb72843665d3a44
SHA256 826afeaba04779f5c6970ddcdf0d5aecd5b5c0fa4a61553ee98e994098182006
ssdeep
1536:XaiMr6F5E5mSSGoGcwEzY6AbpgOGOLDLuJfe0KkiA7j+uc3/sPbaa:XaiaY58VSGfTppuxe0t7+t3/kb5

authentihash 942cca6e6fed000934f0fbe5a8f581859b027d89f818ae9e47e045efee0a3c8f
imphash 666c2fa5e8b422b174b5b1bafe5a9c13
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 20:28:13 UTC ( 9 months ago )
Last submission 2018-06-17 15:06:26 UTC ( 8 months ago )
File names 63407659.exe_
08849955180.exe_
494439722.exe_
0415258195.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!