× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b8b4de4a84dc8a38da76e256731e1663fadf7d04ad9755a00a3de83abbbd290
File name: 8b8b4de4a84dc8a38da76e256731e1663fadf7d04ad9755a00a3de83abbbd290
Detection ratio: 22 / 70
Analysis date: 2019-03-22 02:35:25 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190322
Ad-Aware Trojan.Emotet.VV 20190322
BitDefender Trojan.Emotet.VV 20190322
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.3654fb 20190109
Cylance Unsafe 20190322
DrWeb Trojan.Siggen8.19075 20190322
Emsisoft Trojan.Emotet.VV (B) 20190322
Endgame malicious (high confidence) 20190321
ESET-NOD32 a variant of Win32/Kryptik.GRDF 20190321
Fortinet W32/Generic.AP.28E8A8!tr 20190322
Sophos ML heuristic 20190313
MAX malware (ai score=86) 20190322
McAfee Emotet-FMI!351BD1B848AD 20190322
eScan Trojan.Emotet.VV 20190322
Qihoo-360 HEUR/QVM20.1.011D.Malware.Gen 20190322
Rising Malware.Heuristic.MLite(90%) (AI-LITE:ova6SQ+xuAOWms5cgU9Tlw) 20190322
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190322
Symantec Packed.Generic.534 20190321
Trapmine malicious.high.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Emotet 20190321
AegisLab 20190322
AhnLab-V3 20190322
Alibaba 20190306
Antiy-AVL 20190322
Arcabit 20190321
Avast 20190322
Avast-Mobile 20190321
AVG 20190322
Avira (no cloud) 20190322
Babable 20180918
Baidu 20190318
Bkav 20190320
CAT-QuickHeal 20190320
ClamAV 20190321
CMC 20190321
Comodo 20190322
Cyren 20190322
eGambit 20190322
F-Prot 20190322
F-Secure 20190321
GData 20190322
Ikarus 20190321
Jiangmin 20190321
K7AntiVirus 20190321
K7GW 20190321
Kaspersky 20190321
Kingsoft 20190322
Malwarebytes 20190322
McAfee-GW-Edition 20190321
Microsoft 20190321
NANO-Antivirus 20190322
Palo Alto Networks (Known Signatures) 20190322
Panda 20190321
SUPERAntiSpyware 20190320
Symantec Mobile Insight 20190220
TACHYON 20190322
Tencent 20190322
TheHacker 20190320
TotalDefense 20190318
TrendMicro 20190322
TrendMicro-HouseCall 20190322
Trustlook 20190322
VIPRE 20190322
ViRobot 20190322
Webroot 20190322
Yandex 20190321
Zillya 20190321
ZoneAlarm by Check Point 20190322
Zoner 20190321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DISM.EXE
Internal name dism
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Dism Image Servicing Utility
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:09 AM 4/2/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-22 02:29:55
Entry Point 0x0001DBD0
Number of sections 4
PE sections
Overlays
MD5 1d63f65c407f87b141966915c53645e1
File type data
Offset 187392
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
CreateHalftonePalette
SetStretchBltMode
ResizePalette
GetPaletteEntries
GetClipBox
EnumFontsA
GetObjectType
CreateMetaFileW
GetDeviceCaps
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
RealizePalette
GetCurrentObject
CreatePalette
GetStockObject
SelectPalette
GetDIBits
CreateRoundRectRgn
CreateCompatibleDC
StretchBlt
StretchDIBits
GdiSwapBuffers
ExtEscape
DeleteObject
GetEnhMetaFilePixelFormat
GetNearestPaletteIndex
SelectObject
CopyMetaFileA
GetBkColor
CreateCompatibleBitmap
ImmReleaseContext
ImmGetOpenStatus
ImmSetCompositionWindow
ImmGetContext
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
BindIoCompletionCallback
HeapDestroy
SetFileTime
GetFileAttributesW
DuplicateHandle
GetLocalTime
CreateJobObjectA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
GetSystemDefaultLCID
VerifyVersionInfoA
SetErrorMode
_llseek
WritePrivateProfileStringW
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
ContinueDebugEvent
GetCPInfo
lstrcmpiA
GetStringTypeA
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLocaleInfoW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
GlobalFindAtomW
WriteProcessMemory
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
lstrcpyW
GetModuleFileNameA
GlobalHandle
lstrcmpiW
FoldStringA
EnumSystemLocalesA
LoadLibraryExA
EnumResourceLanguagesW
SetConsoleCtrlHandler
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
MoveFileW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
UnlockFile
GetSystemDirectoryA
SetEnvironmentVariableA
lstrcpynW
TerminateProcess
FindAtomW
SetProcessShutdownParameters
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
CreateEventW
SetEndOfFile
DeleteAtom
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
MoveFileWithProgressW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
CopyFileW
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
SetVolumeMountPointW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
GetConsoleAliasesA
AddAtomW
GetProcessHeap
GetComputerNameW
GetTimeFormatW
WriteFile
GetFileSizeEx
GlobalReAlloc
CancelTimerQueueTimer
ExpandEnvironmentStringsW
lstrcmpA
WTSGetActiveConsoleSessionId
HeapValidate
GetTimeFormatA
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTimeZoneInformation
FindFirstVolumeA
EnumTimeFormatsA
CreateFileW
WriteConsoleA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrencyFormatW
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
HeapSize
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCurrentDirectoryA
GetAtomNameW
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
UnhandledExceptionFilter
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
SetConsoleTitleA
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
DeviceIoControl
WideCharToMultiByte
IsValidCodePage
HeapCreate
GetDefaultCommConfigW
VirtualFree
Sleep
SetThreadPriority
SetComputerNameExW
VirtualAlloc
CompareStringA
SHGetFileInfoA
ShellExecuteExA
DragFinish
SHInvokePrinterCommandW
SHQueryRecycleBinW
ShellHookProc
SHInvokePrinterCommandA
SHGetIconOverlayIndexW
SHGetPathFromIDList
SHGetDesktopFolder
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetMalloc
StrCmpNA
StrStrIA
StrRStrIA
SetFocus
EnumWindowStationsA
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
ValidateRect
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
EndPaint
ScrollWindowEx
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
DdeInitializeA
GetDlgCtrlID
GetMenu
UnregisterClassA
TranslateMessage
CharUpperW
UnregisterClassW
GetClientRect
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
ClientToScreen
GetTopWindow
GetWindowTextW
GetAltTabInfo
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
PtInRect
GetParent
UpdateWindow
GetPropW
EqualRect
CheckRadioButton
GetMessageW
ShowWindow
SetPropW
SetDlgItemInt
GetClipboardFormatNameA
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
GetClassInfoW
GetSystemMenu
SetParent
IsWindowEnabled
GetWindow
GetDlgItemInt
GetMenuBarInfo
CharNextExA
GetMenuItemRect
RegisterClassW
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
OemToCharBuffA
IsIconic
TrackPopupMenuEx
GetSubMenu
SetTimer
GetActiveWindow
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
GetDialogBaseUnits
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetWindowInfo
GetMenuStringW
IsChild
MapWindowPoints
RegisterWindowMessageW
DrawAnimatedRects
SetCapture
SystemParametersInfoW
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
CreateDialogIndirectParamW
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
EndDialog
DrawTextExW
CreatePopupMenu
CheckMenuItem
GetClassLongW
GetLastActivePopup
BeginDeferWindowPos
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
GetMenuItemInfoW
EnableWindow
GetScrollRange
GetScrollInfo
SetProcessDefaultLayout
GetCapture
BeginPaint
RealGetWindowClass
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
DestroyIcon
SetMenu
MoveWindow
DialogBoxParamW
DdePostAdvise
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
EnableMenuItem
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
GetWindowContextHelpId
GetGUIThreadInfo
UnionRect
GetDC
SetRect
DeleteMenu
GetKeyNameTextW
DdeQueryConvInfo
CallWindowProcW
GetClassNameW
DestroyWindow
ModifyMenuW
UnregisterDeviceNotification
IsRectEmpty
GetFocus
wsprintfW
GetDlgItemTextW
SetCursor
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
ReadClassStg
CoInitializeEx
CoUninitialize
OleRegGetUserType
CoTaskMemAlloc
StringFromCLSID
ReleaseStgMedium
CLSIDFromString
SetConvertStg
CoCreateInstance
WriteClassStg
CoTreatAsClass
CoInitializeSecurity
CreateBindCtx
CoDisconnectObject
ReadFmtUserTypeStg
OleDuplicateData
CoTaskMemFree
CoInitialize
StringFromGUID2
WriteFmtUserTypeStg
Number of PE resources by type
RT_STRING 7
RT_RCDATA 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
64000

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
DISM.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:22 03:29:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dism

ProductVersion
6.1.7600.16385

FileDescription
Dism Image Servicing Utility

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
122368

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1dbd0

ObjectFileType
Executable application

File identification
MD5 351bd1b848ad7732005529b45b396f6c
SHA1 d799d3b3654fbdc9e54e228981a103a98eca9bc3
SHA256 8b8b4de4a84dc8a38da76e256731e1663fadf7d04ad9755a00a3de83abbbd290
ssdeep
3072:qvuiWGxTMh36Qs8BWEi5VEm4oq5wmxvKgK5xa5eAZFklF0WpYynrtk:t9BwXKoSxvLK5xaJurO

authentihash e44064ec66a1e770017cf07e8bd29160c2c97eef7c3df07edd4f1d7d3622fa30
imphash b897d6d160935dd940b028024b42c50f
File size 186.3 KB ( 190728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-22 02:35:25 UTC ( 1 month ago )
Last submission 2019-03-22 03:04:07 UTC ( 1 month ago )
File names dism
emotet_e1_8b8b4de4a84dc8a38da76e256731e1663fadf7d04ad9755a00a3de83abbbd290_2019-03-22__023502.exe_
DISM.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections