× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87cc6edb15f94d2eb2b680b996904fcc8bef54becefb87ee1cdfa8f56c6c1b19
File name: x8NOSQKne82ElR0DNT8.exe
Detection ratio: 38 / 69
Analysis date: 2018-09-21 00:00:12 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40499148 20180920
AhnLab-V3 Malware/Win32.Generic.R237614 20180920
ALYac Trojan.GenericKD.40499148 20180921
Arcabit Trojan.Generic.D269F7CC 20180921
Avast FileRepMalware 20180921
AVG FileRepMalware 20180921
BitDefender Trojan.GenericKD.40499148 20180920
CAT-QuickHeal Trojan.Emotet.X4 20180918
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180921
Cyren W32/Trojan.AMQC-2868 20180920
Emsisoft Trojan.Emotet (A) 20180920
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKXP 20180920
F-Secure Trojan.GenericKD.40499148 20180920
Fortinet W32/Kryptik.GKXP!tr 20180920
GData Trojan.GenericKD.40499148 20180920
Ikarus Trojan.Win32.Krypt 20180920
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bdzw 20180920
Malwarebytes Trojan.Emotet 20180920
MAX malware (ai score=100) 20180921
McAfee RDN/Generic.grp 20180920
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fm 20180920
eScan Trojan.GenericKD.40499148 20180920
Palo Alto Networks (Known Signatures) generic.ml 20180921
Panda Trj/GdSda.A 20180920
Qihoo-360 HEUR/QVM20.1.F791.Malware.Gen 20180921
Rising Trojan.Emotet!8.B95 (CLOUD) 20180920
Sophos AV Mal/EncPk-ANY 20180920
Symantec Trojan.Gen.2 20180920
Tencent Win32.Trojan-banker.Emotet.Hvtg 20180921
TrendMicro TSPY_EMOTET.THIBOAH 20180920
TrendMicro-HouseCall TSPY_EMOTET.THIBOAH 20180920
VIPRE Trojan.Win32.Generic!BT 20180920
Webroot W32.Trojan.Emotet 20180921
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bdzw 20180921
AegisLab 20180920
Alibaba 20180912
Antiy-AVL 20180920
Avast-Mobile 20180920
Avira (no cloud) 20180920
AVware 20180920
Babable 20180918
Baidu 20180914
Bkav 20180921
ClamAV 20180920
CMC 20180920
Comodo 20180920
Cybereason 20180225
DrWeb 20180920
eGambit 20180921
F-Prot 20180920
Jiangmin 20180920
K7AntiVirus 20180920
K7GW 20180920
Kingsoft 20180921
Microsoft 20180921
NANO-Antivirus 20180920
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180920
TheHacker 20180920
TotalDefense 20180920
Trustlook 20180921
VBA32 20180920
ViRobot 20180920
Yandex 20180920
Zillya 20180920
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

Product GTCoach
Internal name keyboard
File version 1, 0, 0, 14
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 15:45:46
Entry Point 0x00021C10
Number of sections 8
PE sections
PE imports
InitiateSystemShutdownA
GetSidLengthRequired
EnumServicesStatusA
GetUserNameW
DeregisterEventSource
MakeSelfRelativeSD
InitiateSystemShutdownExW
IsValidSid
LogonUserA
GetWindowsAccountDomainSid
DeleteAce
IsValidSecurityDescriptor
AVIStreamStart
ImageList_SetBkColor
FindTextA
GetFileTitleW
CryptMsgSignCTL
CryptStringToBinaryA
GetPixelFormat
DeleteEnhMetaFile
GetSystemPaletteEntries
GetWindowOrgEx
GetRgnBox
FloodFill
GetTextMetricsA
GetClipBox
GetTextMetricsW
GetViewportOrgEx
GetPixel
GetLayout
GetObjectA
PaintRgn
GetCharacterPlacementW
GetTextExtentExPointI
GetTextColor
GetBitmapDimensionEx
GetWindowExtEx
GetBkMode
GetTextExtentPointW
ExtTextOutW
DescribePixelFormat
FrameRgn
GetStockObject
GetPath
EqualRgn
GetOutlineTextMetricsW
GetDIBits
GdiFlush
GetCharWidth32W
GetSystemPaletteUse
GetStretchBltMode
Escape
DeleteMetaFile
GetVolumePathNameW
GetLargestConsoleWindowSize
GetExitCodeProcess
FindNextFileA
GlobalFindAtomA
GetTickCount
GetThreadLocale
GetEnvironmentStringsW
FillConsoleOutputCharacterW
GetFileAttributesW
GetPrivateProfileStructW
GetVolumePathNamesForVolumeNameW
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetCurrentDirectoryW
GetSystemDefaultLCID
GetConsoleTitleW
GetCompressedFileSizeW
GetDateFormatW
GetEnvironmentVariableA
GetSystemDirectoryW
GetLocalTime
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
FindVolumeMountPointClose
GetProcAddress
GetThreadContext
DebugBreak
GetLocaleInfoW
ExitProcess
ExpandEnvironmentStringsW
GetTempPathA
GetCPInfo
VirtualLock
GetModuleHandleA
DeleteVolumeMountPointW
GetCommTimeouts
GlobalAddAtomA
GetAtomNameA
GetVolumeNameForVolumeMountPointW
GetCompressedFileSizeA
GetThreadTimes
WritePrivateProfileStructW
GetStringTypeW
GetUserDefaultLCID
EscapeCommFunction
WriteProfileStringW
GetThreadSelectorEntry
GetModuleFileNameA
SetCommConfig
LocalSize
GlobalHandle
VirtualFree
_lopen
GlobalGetAtomNameA
MprConfigInterfaceGetInfo
NetApiBufferReallocate
NetLocalGroupAddMembers
NetLocalGroupGetMembers
GetErrorInfo
SafeArrayAllocDescriptorEx
RasGetEntryPropertiesA
CM_Get_DevNode_Custom_PropertyW
FindExecutableW
FindExecutableA
ExtractAssociatedIconW
SHRegWriteUSValueW
StrStrW
EnumerateSecurityPackagesW
GetComputerObjectNameW
FreeCredentialsHandle
EmptyClipboard
GetUserObjectInformationW
DrawTextA
GetScrollRange
GetScrollPos
GetKeyboardLayoutNameW
DestroyMenu
GetKeyNameTextW
GetMessageW
DefWindowProcA
IsWinEventHookInstalled
GetCaretPos
FillRect
LoadMenuW
OemToCharBuffA
DefFrameProcW
GetWindowRect
GetCursorInfo
MessageBoxIndirectA
IsWindowUnicode
GetDlgItemTextA
GetMessageExtraInfo
CharLowerW
FindWindowExW
DestroyCaret
GetDlgItemInt
GetTabbedTextExtentW
ReleaseDC
GetClassInfoA
GetClipCursor
DestroyIcon
LoadStringA
GetLastActivePopup
GetRawInputData
IsZoomed
GetClassInfoW
GetKeyboardLayoutList
BringWindowToTop
GetShellWindow
FrameRect
InvalidateRect
InsertMenuA
GetWindowLongA
FindWindowExA
LoadIconA
GetClipboardSequenceNumber
DefDlgProcA
ModifyMenuW
DestroyAcceleratorTable
GetMenuState
CopyAcceleratorTableW
GetWindowTextLengthW
GetWindowRgnBox
GetWindowTextA
EnumWindowStationsW
GetMenuStringW
GetUrlCacheEntryInfoExW
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoW
DefDriverProc
GetPrinterDriverDirectoryW
DeletePrinter
CryptCATCDFEnumAttributes
CryptCATGetMemberInfo
GetColorProfileHeader
strncmp
fputc
fputws
fseek
fsetpos
vfprintf
setvbuf
fputwc
GetRunningObjectTable
MkParseDisplayName
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
268288

EntryPoint
0x21c10

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

FileVersion
1, 0, 0, 14

TimeStamp
2018:09:19 17:45:46+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
keyboard

ProductVersion
3, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GTek Technologies Ltd.

CodeSize
0

ProductName
GTCoach

ProductVersionNumber
3.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2ec0e805931ba5af5d245c123d106a32
SHA1 10002ee07609e2ac2e2881ec263717b10f84cc89
SHA256 87cc6edb15f94d2eb2b680b996904fcc8bef54becefb87ee1cdfa8f56c6c1b19
ssdeep
6144:zjE1mjMFlvkDOOJt5+zwCnPFlZCBqf92uu8:zjE1cMgDOOPEPl+38

authentihash 25cae51096905f4e52604803ac73ec8d7c1dde6a6f20aa92961a59115383a8ce
imphash 6d07ebe11be7a396c5d80c7e4aaa096b
File size 396.0 KB ( 405504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-19 08:50:30 UTC ( 5 months ago )
Last submission 2018-09-19 08:50:30 UTC ( 5 months ago )
File names x8NOSQKne82ElR0DNT8.exe
keyboard
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs