× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8483ab0cda4d1ee5c90e2117bd928d776c6f4d87e76a5a01a890ae115d052d0a
File name: xkcMzeQD1G53MaKI.exe
Detection ratio: 42 / 67
Analysis date: 2018-10-25 13:42:30 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40628707 20181025
AhnLab-V3 Malware/Win32.Generic.C2777344 20181025
ALYac Trojan.GenericKD.40628707 20181025
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181025
Arcabit Trojan.Generic.D26BF1E3 20181025
Avast Win32:Malware-gen 20181025
AVG Win32:Malware-gen 20181025
BitDefender Trojan.GenericKD.40628707 20181025
Bkav W32.eHeur.Malware12 20181025
CAT-QuickHeal Trojan.Emotet.X4 20181024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181025
Cyren W32/Trojan.UGII-1778 20181025
Emsisoft Trojan.GenericKD.40628707 (B) 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLXZ 20181025
F-Secure Trojan.GenericKD.40628707 20181025
Fortinet W32/GenKryptik.COOI!tr 20181025
GData Trojan.GenericKD.40628707 20181025
Ikarus Trojan.Win32.Krypt 20181025
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053c2ba1 ) 20181025
K7GW Trojan ( 0053c2ba1 ) 20181025
Kaspersky Trojan-Banker.Win32.Emotet.bjto 20181025
Malwarebytes Trojan.Emotet 20181025
MAX malware (ai score=100) 20181025
McAfee RDN/PWS-Banker 20181025
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181025
Microsoft Trojan:Win32/Emotet.AC!bit 20181025
eScan Trojan.GenericKD.40628707 20181025
NANO-Antivirus Trojan.Win32.Emotet.fjmhgf 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Trj/GdSda.A 20181025
Qihoo-360 Win32/Trojan.88c 20181025
Sophos AV Mal/EncPk-ANY 20181025
Symantec Trojan.Emotet 20181025
Tencent Win32.Trojan-banker.Emotet.Lmat 20181025
TrendMicro TROJ_GEN.R002C0DJN18 20181025
TrendMicro-HouseCall TROJ_GEN.R002C0DJN18 20181025
VBA32 Trojan.Emotet 20181025
Webroot W32.Trojan.Emotet 20181025
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bjto 20181025
AegisLab 20181025
Alibaba 20180921
Avast-Mobile 20181025
Avira (no cloud) 20181025
Babable 20180918
Baidu 20181024
ClamAV 20181024
CMC 20181025
Cybereason 20180225
DrWeb 20181025
eGambit 20181025
F-Prot 20181025
Jiangmin 20181025
Kingsoft 20181025
Rising 20181025
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181025
Trustlook 20181025
VIPRE 20181024
ViRobot 20181025
Zillya 20181024
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1998-2004 America Online, Inc.

Product COOL Runtime Libraries
Original name Xprt.dll
Internal name Xprt
File version 3.6.8.2277
Description Zonder Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-21 00:32:28
Entry Point 0x0007B47C
Number of sections 5
PE sections
PE imports
ChangeServiceConfig2A
OpenEventLogA
SetServiceStatus
AVIFileRelease
CryptVerifyMessageSignature
CryptFindOIDInfo
CreateMetaFileA
CreatePolyPolygonRgn
SetViewportOrgEx
ImmGetOpenStatus
GetInterfaceInfo
NotifyRouteChange
GetTickCount64
UnregisterWait
HeapCreate
lstrcpyA
GlobalGetAtomNameA
GetMailslotInfo
Wow64SetThreadContext
GetConsoleTitleA
GetPrivateProfileSectionNamesW
GetModuleHandleW
MprInfoDelete
NetServerComputerNameDel
VarBstrFromBool
VarI2FromStr
VARIANT_UserSize
GetPwrCapabilities
RasSetEapUserDataW
I_RpcAsyncSetHandle
RpcRevertToSelfEx
NdrUserMarshalUnmarshall
UuidToStringW
I_RpcFreeBuffer
SetupDiCreateDeviceInfoW
SHGetSpecialFolderPathA
StrCSpnIW
wvnsprintfA
PathMakePrettyW
SHRegGetBoolUSValueW
SHSkipJunction
UrlEscapeW
SHRegGetUSValueA
MapWindowPoints
SetWindowWord
MonitorFromWindow
GetAncestor
GetLastActivePopup
RegisterHotKey
GetClipboardData
ArrangeIconicWindows
GetFocus
RemovePropW
ExcludeUpdateRgn
RemoveMenu
DefDlgProcW
SetScrollInfo
DrawMenuBar
GetFileVersionInfoA
SetUrlCacheEntryInfoW
FtpFindFirstFileA
InternetWriteFile
OpenPrinterA
EnumJobsW
FreePrinterNotifyInfo
strtol
CoIsOle1Class
CoRegisterInitializeSpy
CreateItemMoniker
CreateAsyncBindCtx
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.8.2277

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Zonder Runtime Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
33280

EntryPoint
0x7b47c

OriginalFileName
Xprt.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1998-2004 America Online, Inc.

FileVersion
3.6.8.2277

TimeStamp
2018:10:20 17:32:28-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Xprt

ProductVersion
3.6.8.2277

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
America Online, Inc.

CodeSize
510976

ProductName
COOL Runtime Libraries

ProductVersionNumber
3.6.8.2277

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a75bc64c2a3d5da57ad84a917226cb25
SHA1 657a3e1a4e945f3ea86d4d71b8d1e402c73d762d
SHA256 8483ab0cda4d1ee5c90e2117bd928d776c6f4d87e76a5a01a890ae115d052d0a
ssdeep
3072:T1r5Zt5cGh49meCigAr7WTUVBSymo8PCYpau:TljtWGh6OA3ZmoiCYf

authentihash 5e0a20edda5ab8992ec6620f7c261baa940ddb03aeeda8858310776671e02b9d
imphash ac91fede7c24067c0af67610fc97ae22
File size 527.0 KB ( 539648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-20 17:45:11 UTC ( 4 months ago )
Last submission 2018-10-20 17:45:11 UTC ( 4 months ago )
File names Xprt.dll
Xprt
xkcMzeQD1G53MaKI.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!