× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85ae5b3dff1a2de972928dca88ad8784f5437990fb3c8b6ea4259b01b9ac940c
File name: 97TETMeq.exe
Detection ratio: 43 / 70
Analysis date: 2018-12-31 01:07:25 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40875242 20181231
ALYac Trojan.GenericKD.40875242 20181231
Arcabit Trojan.Generic.D26FB4EA 20181230
Avast Win32:BankerX-gen [Trj] 20181230
AVG Win32:BankerX-gen [Trj] 20181230
Avira (no cloud) TR/AD.Emotet.oppmn 20181230
BitDefender Trojan.GenericKD.40875242 20181230
Comodo Malware@#1m8gaybfyan0a 20181230
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181231
Cyren W32/Trojan.OXWA-1202 20181230
eGambit Unsafe.AI_Score_84% 20181231
Emsisoft Trojan.GenericKD.40875242 (B) 20181230
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GODV 20181230
Fortinet W32/Kryptik.GODV!tr 20181230
GData Trojan.GenericKD.40875242 20181230
Ikarus Trojan.Win32.Crypt 20181230
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181230
K7GW Riskware ( 0040eff71 ) 20181230
Kaspersky Trojan-Banker.Win32.Emotet.bwyh 20181230
Malwarebytes Trojan.Emotet.Generic 20181230
McAfee Emotet-FID!17FBB2F68063 20181230
McAfee-GW-Edition Emotet-FID!17FBB2F68063 20181230
Microsoft Trojan:Win32/Emotet.AC!bit 20181230
eScan Trojan.GenericKD.40875242 20181230
NANO-Antivirus Trojan.Win32.Emotet.flpndd 20181230
Palo Alto Networks (Known Signatures) generic.ml 20181231
Panda Trj/RnkBend.A 20181230
Qihoo-360 Win32/Trojan.e8b 20181231
Rising Trojan.Emotet!8.B95 (CLOUD) 20181230
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181230
Symantec Packed.Generic.517 20181230
TACHYON Banker/W32.Emotet.242176.D 20181230
Tencent Win32.Trojan-banker.Emotet.Ebhr 20181231
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R002C0OLS18 20181230
TrendMicro-HouseCall TROJ_GEN.R002C0OLS18 20181230
VBA32 BScope.Trojan.Emotet 20181229
Webroot W32.Trojan.Emotet 20181231
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bwyh 20181231
Acronis 20181227
AegisLab 20181230
Alibaba 20180921
Antiy-AVL 20181230
Avast-Mobile 20181230
Babable 20180918
Baidu 20181207
Bkav 20181227
CAT-QuickHeal 20181230
ClamAV 20181230
CMC 20181230
Cybereason 20180225
DrWeb 20181230
F-Prot 20181230
F-Secure 20181230
Jiangmin 20181230
Kingsoft 20181231
MAX 20181231
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TheHacker 20181230
TotalDefense 20181230
Trustlook 20181231
VIPRE 20181230
ViRobot 20181231
Yandex 20181229
Zillya 20181228
Zoner 20181231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Al

Product Mozilla
Internal name palmsync
File version 1.4: 2003062408
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x000061B4
Number of sections 6
PE sections
PE imports
GetServiceKeyNameW
CryptHashData
ChangeServiceConfigW
RegSetValueA
SwapBuffers
GetColorAdjustment
DeleteDC
FrameRgn
GetFontData
RealizePalette
ImmIsIME
VerifyScripts
GetModuleHandleExW
Wow64EnableWow64FsRedirection
SetConsoleOutputCP
FlsFree
GetModuleHandleW
GetLocaleInfoW
GetExpandedNameW
RpcErrorStartEnumeration
SHGetFolderLocation
PathRemoveFileSpecA
PathIsRootA
RegisterClassExW
AttachThreadInput
waveInReset
CLSIDFromProgID
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
28672

UninitializedDataSize
1

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
219136

EntryPoint
0x61b4

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. Al

FileVersion
1.4: 2003062408

TimeStamp
2004:08:04 09:56:09+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
palmsync

ProductVersion
1.4: 2003062408

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Mozilla

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 17fbb2f6806368e96febd0744973aaca
SHA1 48fbff09cdf26e370895f7d2e6140d2a127c65ac
SHA256 85ae5b3dff1a2de972928dca88ad8784f5437990fb3c8b6ea4259b01b9ac940c
ssdeep
3072:2NT8zJ0m4KMZlzjpwsVDbGkSSsAm54cO/PiKAt:2VYJsb7ukSS5x/PhA

authentihash 6fd2f7f3a52a0899b67a56686e82329743da53206b5c1bd9ac1539c568bdf20e
imphash 572ac356e1bc7046b017da8eff00ec8b
File size 236.5 KB ( 242176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-26 16:53:30 UTC ( 1 month, 4 weeks ago )
Last submission 2018-12-26 16:53:30 UTC ( 1 month, 4 weeks ago )
File names palmsync
97TETMeq.exe
msratap.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!