× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8812c0b814f3e39b76793ddd2aee5f3ca0c8735e70ff0a5c3f10ca6f21c5a798
File name: cf5f37f306bb36e690804675aca69e17
Detection ratio: 45 / 68
Analysis date: 2018-10-25 21:19:52 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31234847 20181025
ALYac Trojan.Autoruns.GenericKDS.31234847 20181025
Antiy-AVL Trojan/Win32.Emotet 20181025
Arcabit Trojan.Autoruns.GenericS.D1DC9B1F 20181025
Avast Win32:Malware-gen 20181025
AVG Win32:Malware-gen 20181025
BitDefender Trojan.Autoruns.GenericKDS.31234847 20181025
Bkav HW32.Packed. 20181025
CAT-QuickHeal Trojan.Emotet.X4 20181025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.e92378 20180225
Cylance Unsafe 20181025
Cyren W32/Trojan.RPKW-1869 20181025
Emsisoft Trojan.Autoruns.GenericKDS.31234847 (B) 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJQT 20181025
F-Secure Trojan.Autoruns.GenericKDS.31234847 20181025
Fortinet W32/Kryptik.GJQT!tr 20181025
GData Trojan.Autoruns.GenericKDS.31234847 20181025
Ikarus Trojan-Banker.Emotet 20181025
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053a19e1 ) 20181025
K7GW Trojan ( 0053a19e1 ) 20181025
Kaspersky Trojan-Banker.Win32.Emotet.bepo 20181025
Malwarebytes Trojan.Emotet.Generic 20181025
McAfee Emotet-FIB!CF5F37F306BB 20181025
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181025
Microsoft Trojan:Win32/Emotet.AC!bit 20181025
eScan Trojan.Autoruns.GenericKDS.31234847 20181025
NANO-Antivirus Trojan.Win32.Emotet.fiincl 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Trj/CI.A 20181025
Qihoo-360 Win32/Trojan.15d 20181025
Rising Trojan.Emotet!8.B95 (CLOUD) 20181025
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181025
SUPERAntiSpyware Trojan.Agent/Gen-Occamy 20181022
Symantec Trojan.Gen.2 20181025
Tencent Win32.Trojan-banker.Emotet.Tayx 20181025
TrendMicro TSPY_EMOTET.THIBGAH 20181025
TrendMicro-HouseCall TSPY_EMOTET.THIBGAH 20181025
VBA32 BScope.TrojanBanker.Emotet 20181025
Webroot W32.Trojan.Emotet 20181025
Zillya Trojan.Emotet.Win32.4094 20181024
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bepo 20181025
AegisLab 20181025
AhnLab-V3 20181025
Alibaba 20180921
Avast-Mobile 20181025
Avira (no cloud) 20181025
Babable 20180918
Baidu 20181024
ClamAV 20181024
CMC 20181025
DrWeb 20181025
eGambit 20181025
F-Prot 20181025
Jiangmin 20181025
Kingsoft 20181025
MAX 20181025
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181025
Trustlook 20181025
VIPRE 20181025
ViRobot 20181025
Yandex 20181025
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name diantz.exe
Internal name diantz.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft® Cabinet Maker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-24 16:30:33
Entry Point 0x000187E9
Number of sections 5
PE sections
PE imports
RemoveUsersFromEncryptedFile
StrokePath
GetSystemDefaultLCID
GetModuleHandleA
HeapCompact
GetStartupInfoW
PowerRestoreDefaultPowerSchemes
PathIsRootA
ToUnicodeEx
DispatchMessageW
PrivacyGetZonePreferenceW
DeleteFormW
Ord(30)
memset
IsAccelerator
CompatFlagsFromClsid
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Cabinet Maker

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
14336

EntryPoint
0x187e9

OriginalFileName
diantz.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:09:24 18:30:33+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
diantz.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
100352

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cf5f37f306bb36e690804675aca69e17
SHA1 937c381e92378ad0820200ecc782c5fd718eb1ec
SHA256 8812c0b814f3e39b76793ddd2aee5f3ca0c8735e70ff0a5c3f10ca6f21c5a798
ssdeep
1536:1pe2bpOfFIzvQIm8yTzEm4zdjTxv70E58aPrO04jLtpHNBRIXbz2CzL7qOoEU4c0:1nb8jllTQVzpxD0E58amf6fUNmI

authentihash c8a70c86bc3cdc64dd7092eb6c7e23bceb62fa1b8b72022b0e7cba4e973e9347
imphash f8de3c862a29585d4993f99d808cf111
File size 113.0 KB ( 115712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-24 16:49:12 UTC ( 5 months ago )
Last submission 2018-09-25 23:23:49 UTC ( 4 months, 4 weeks ago )
File names diantz.exe
Z4EgnY3wLHWdTh08v.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!