× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88136313c8beb4c88c3b2eb1d773e176b536420697b64c53d96014da0eabb304
File name: twYe1lVp4CrvcL.exe
Detection ratio: 39 / 69
Analysis date: 2018-10-03 23:52:43 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.31250822 20181003
ALYac Trojan.Autoruns.GenericKD.31250822 20181003
Arcabit Trojan.Autoruns.Generic.D1DCD986 20181004
Avast Win32:BankerX-gen [Trj] 20181003
AVG Win32:BankerX-gen [Trj] 20181003
BitDefender Trojan.Autoruns.GenericKD.31250822 20181004
Bkav HW32.Packed. 20181003
CMC Trojan.Win32.Obfuscated.en!O 20181003
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.a7128a 20180225
Cylance Unsafe 20181003
Cyren W32/Emotet.GQ.gen!Eldorado 20181003
DrWeb Trojan.EmotetENT.280 20181003
Emsisoft Trojan.Emotet (A) 20181003
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLGV 20181003
F-Prot W32/Emotet.GQ.gen!Eldorado 20181003
F-Secure Trojan.Autoruns.GenericKD.31250822 20181004
Fortinet W32/Kryptik.GLGV!tr 20181003
GData Trojan.Autoruns.GenericKD.31250822 20181003
Ikarus Trojan.Win32.Crypt 20181003
Sophos ML heuristic 20180717
K7GW Trojan ( 0053de8f1 ) 20181003
Kaspersky Trojan-Banker.Win32.Emotet.bfuk 20181003
Malwarebytes Trojan.Emotet 20181003
McAfee GenericRXGM-LX!702EF7FA7128 20181003
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181003
Microsoft Trojan:Win32/Emotet 20181003
eScan Trojan.Autoruns.GenericKD.31250822 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181003
Panda Trj/Genetic.gen 20181003
Qihoo-360 HEUR/QVM20.1.4141.Malware.Gen 20181003
Rising Trojan.Azden!8.F0E3 (CLOUD) 20181003
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/EncPk-ANX 20181003
Symantec Packed.Generic.517 20181003
TrendMicro TSPY_EMOTET.THJOCAH 20181003
TrendMicro-HouseCall TSPY_EMOTET.THJOCAH 20181003
Webroot W32.Trojan.Emotet 20181003
AegisLab 20181003
AhnLab-V3 20181003
Alibaba 20180921
Antiy-AVL 20181004
Avast-Mobile 20181003
Avira (no cloud) 20181004
AVware 20180925
Babable 20180918
Baidu 20180930
CAT-QuickHeal 20181001
ClamAV 20181003
Comodo 20181003
eGambit 20181003
Jiangmin 20181003
K7AntiVirus 20181003
Kingsoft 20181003
MAX 20181003
NANO-Antivirus 20181003
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181003
Trustlook 20181003
VBA32 20181003
VIPRE 20181003
ViRobot 20181003
Yandex 20180927
Zillya 20181003
ZoneAlarm by Check Point 20180925
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product GTCoach
Internal name DDODiag
File version 6.1.7600.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-02 11:17:33
Entry Point 0x000052F7
Number of sections 4
PE sections
PE imports
AccessCheckAndAuditAlarmW
CryptImportKey
CertCreateCTLContext
SetMiterLimit
GetDCOrgEx
EnumFontFamiliesExA
MaskBlt
GdiSetBatchLimit
GetNetworkParams
GetInterfaceInfo
GetStdHandle
SystemTimeToFileTime
GetBinaryTypeW
lstrcmpiA
GetFileSize
GetModuleHandleA
lstrcatA
FindFirstFileExA
GetDefaultCommConfigW
GetDateFormatW
CloseHandle
IsBadHugeReadPtr
SetMailslotInfo
IsThreadAFiber
WaitForMultipleObjects
GetLocalTime
MprConfigInterfaceCreate
NetLocalGroupDelMembers
SafeArrayRedim
glMultMatrixf
RpcMgmtInqComTimeout
RpcBindingSetAuthInfoExA
SetupQueryInfOriginalFileInformationW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceAlias
SetupDiDeleteDeviceInfo
SHRegSetUSValueW
StrCatBuffW
GetCursorPos
GetLastInputInfo
DefFrameProcW
FlashWindow
SetMenu
GetUpdateRgn
LoadCursorW
IsCharLowerW
CreateDesktopW
RealGetWindowClassA
InternetSetStatusCallbackW
InternetSetOptionA
ReadPrinter
AddFormW
WTHelperCertIsSelfSigned
CryptCATStoreFromHandle
FindCertsByIssuer
Ord(29)
fgetc
memset
wcstod
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:02 11:17:33+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x52f7

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4294967295

File identification
MD5 702ef7fa7128a113697071b29baa2ed8
SHA1 3c98bbabc058a827b60d5c8b857cd6841e76fb27
SHA256 88136313c8beb4c88c3b2eb1d773e176b536420697b64c53d96014da0eabb304
ssdeep
3072:x1nmHqOvWMc2BBkmpnwbvKFRNuvlWn04Fkhz3:/mHwMc2RFFRms04FG

authentihash 2326129c8e667b9a157e7144c988a8ee506b62fc237f8ffb2e278440ca357cf6
imphash 8ad6689dd6eb1f268184b154b98471e7
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-02 11:22:22 UTC ( 4 months, 2 weeks ago )
Last submission 2018-11-16 19:03:31 UTC ( 3 months ago )
File names TKGOOXXZJTUP6K1CSP4.EXE
scnwfp.exe
DDODiag
twYe1lVp4CrvcL.exe
AVKE.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!