× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a6209cfbc88466726c284fc8a004e5ec27f66373b601501a3753bd020ac411b
File name: FF36wBkCJs.exe
Detection ratio: 39 / 64
Analysis date: 2018-07-05 18:08:06 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40301942 20180705
AegisLab Packer.Generic!c 20180705
AhnLab-V3 Trojan/Win32.Emotet.R230948 20180705
ALYac Trojan.GenericKD.40301942 20180705
Antiy-AVL Trojan/Win32.TSGeneric 20180705
AVG FileRepMalware 20180705
AVware Trojan.Win32.Generic!BT 20180705
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9936 20180705
BitDefender Trojan.GenericKD.40301942 20180705
CAT-QuickHeal Trojan.Cloxer 20180705
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cyren W32/Trojan.VNZM-1835 20180705
DrWeb Trojan.EmotetENT.250 20180705
Emsisoft Trojan.Emotet (A) 20180705
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIJI 20180705
F-Prot W32/Trojan.BNJ.gen!Eldorado 20180705
F-Secure Trojan.GenericKD.40301942 20180705
Fortinet W32/Kryptik.GHTB!tr 20180705
GData Trojan.GenericKD.40301942 20180705
Ikarus Trojan-Banker.Emotet 20180705
K7AntiVirus Riskware ( 0040eff71 ) 20180705
K7GW Riskware ( 0040eff71 ) 20180705
Kaspersky Trojan.Win32.Dovs.oza 20180705
Malwarebytes Trojan.Emotet 20180705
McAfee Emotet-FHR!2B55188B893D 20180705
McAfee-GW-Edition BehavesLike.Win32.Emotet.nc 20180705
Microsoft Trojan:Win32/Emotet.AC!bit 20180705
eScan Trojan.GenericKD.40301942 20180705
Palo Alto Networks (Known Signatures) generic.ml 20180705
Panda Trj/CI.A 20180705
Qihoo-360 HEUR/QVM20.1.3767.Malware.Gen 20180705
Sophos AV Mal/EncPk-ANX 20180705
Symantec Packed.Generic.517 20180705
VBA32 Trojan.Dovs 20180705
VIPRE Trojan.Win32.Generic!BT 20180705
Webroot W32.Trojan.Emotet 20180705
Zillya Trojan.Dovs.Win32.5337 20180705
ZoneAlarm by Check Point Trojan.Win32.Dovs.oza 20180705
Arcabit 20180705
Avast 20180705
Avast-Mobile 20180705
Avira (no cloud) 20180705
Babable 20180406
Bkav 20180705
ClamAV 20180705
CMC 20180705
Comodo 20180705
Cybereason 20180225
eGambit 20180705
Sophos ML 20180601
Jiangmin 20180705
Kingsoft 20180705
MAX 20180705
NANO-Antivirus 20180705
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180705
TACHYON 20180705
Tencent 20180705
TheHacker 20180628
TotalDefense 20180705
Trustlook 20180705
ViRobot 20180705
Yandex 20180705
Zoner 20180704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-02 05:40:16
Entry Point 0x00012CA6
Number of sections 5
PE sections
PE imports
GetThreadId
GetUserDefaultLCID
GetTickCount
VarCyMul
CoGetCallerTID
ReleaseBindInfo
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x12ca6

MIMEType
application/octet-stream

TimeStamp
2018:07:01 22:40:16-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
13.33.111

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QweWWWemiconductor Corporation

CodeSize
76800

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 2b55188b893d3008dfa1c40a7d0060fc
SHA1 efc7258a74195a47fda10058817ba07b41d79f6c
SHA256 8a6209cfbc88466726c284fc8a004e5ec27f66373b601501a3753bd020ac411b
ssdeep
1536:0idSnOwJCesEDTWXSMzlPUxrtkOe9Lw73OHJc7Q:02Wf4evD6CMabkOe9LwaHJ

authentihash a2f50bc93de96022862a1a3038346f54e3c131748faa80b40e7573a54d42bd79
imphash a8d86729381657de6bd12d166cda4ce9
File size 90.0 KB ( 92160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-01 22:43:47 UTC ( 7 months, 3 weeks ago )
Last submission 2018-07-01 22:43:47 UTC ( 7 months, 3 weeks ago )
File names FF36wBkCJs.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!