× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b913f181402f5b26c5b0416abab30df55522ee3d8c18d1073d6600a65820b3c
File name: 8b913f181402f5b26c5b0416abab30df55522ee3d8c18d1073d6600a65820b3c
Detection ratio: 46 / 70
Analysis date: 2019-01-21 19:38:53 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.31544304 20190121
AhnLab-V3 Malware/Gen.Generic.C2950109 20190121
ALYac Trojan.GenericKD.31544304 20190121
Arcabit Trojan.Generic.D1E153F0 20190121
Avast Win32:BankerX-gen [Trj] 20190121
AVG Win32:BankerX-gen [Trj] 20190121
Avira (no cloud) TR/AD.Emotet.kiiwe 20190121
BitDefender Trojan.GenericKD.31544304 20190121
CAT-QuickHeal Trojan.Emotet.X4 20190121
Comodo Malware@#2a7wiyt3tuwad 20190121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.3bcdc1 20190109
Cylance Unsafe 20190121
eGambit Unsafe.AI_Score_99% 20190121
Emsisoft Trojan.GenericKD.31544304 (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOUY 20190121
F-Secure Trojan.GenericKD.31544304 20190121
Fortinet W32/GenKryptik.CWYW!tr 20190121
GData Trojan.GenericKD.31544304 20190121
Ikarus Trojan.Crypt 20190121
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545efc1 ) 20190121
K7GW Trojan ( 00545efc1 ) 20190121
Kaspersky Trojan-Banker.Win32.Emotet.capu 20190121
Malwarebytes Trojan.Emotet 20190121
McAfee RDN/PWS-Banker 20190121
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20190121
Microsoft Trojan:Win32/Emotet.DN 20190121
eScan Trojan.GenericKD.31544304 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Trj/GdSda.A 20190121
Qihoo-360 Win32/Trojan.Multi.daf 20190121
Rising Trojan.Fuerboos!8.EFC8 (TFE:3:0YMW7FV3XNG) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Generic-S 20190121
Symantec Trojan.Emotet 20190121
Tencent Win32.Trojan-banker.Emotet.Ymmn 20190121
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOABAAI 20190121
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOABAAI 20190121
VBA32 BScope.Trojan.Refinka 20190121
VIPRE Trojan.Win32.Generic!BT 20190121
Webroot W32.Trojan.Emotet 20190121
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.capu 20190121
AegisLab 20190121
Alibaba 20180921
Antiy-AVL 20190121
Avast-Mobile 20190121
AVware 20180925
Babable 20180918
Baidu 20190121
Bkav 20190121
CMC 20190121
Cyren 20190121
F-Prot 20190121
Jiangmin 20190121
Kingsoft 20190121
MAX 20190121
NANO-Antivirus 20190121
SUPERAntiSpyware 20190116
TACHYON 20190121
TheHacker 20190118
TotalDefense 20190121
Trustlook 20190121
ViRobot 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) America Online, Inc. 1999 - 2004

Product America Online
Internal name MISCUTIL
File version 9.00.001
Description Utilities
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-19 09:02:09
Entry Point 0x0001BF35
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
CryptHashSessionKey
GetSidIdentifierAuthority
TreeResetNamedSecurityInfoW
LogonUserA
QueryUsersOnEncryptedFile
EqualPrefixSid
GetClusterFromResource
JetTerm2
GetLogColorSpaceA
GetCurrentPositionEx
GetPolyFillMode
GetObjectW
GetFontLanguageInfo
GetObjectType
GetSystemTime
GetSystemWindowsDirectoryA
GetOverlappedResult
DeactivateActCtx
GetTapeStatus
GetThreadLocale
IsValidLocale
FlushFileBuffers
GetShortPathNameA
GetVolumePathNamesForVolumeNameW
GetAtomNameA
GetVolumeInformationA
GetWindowsDirectoryA
GetConsoleMode
WriteProfileStringA
GetConsoleCursorInfo
GetCurrentDirectoryA
GetLocalTime
GetLogicalDrives
MapViewOfFile
GetTapePosition
GetPrivateProfileIntW
GetSystemPowerStatus
GetCurrentThread
EnumResourceTypesA
EnumResourceNamesW
GetTimeFormatW
GetThreadSelectorEntry
GetModuleFileNameW
GetModuleHandleA
ReadFile
GlobalAddAtomA
FindResourceExW
GetCurrentProcess
GetExitCodeThread
GetComputerNameExW
QueryIdleProcessorCycleTime
GetSystemDirectoryA
GetPrivateProfileSectionW
LocalFree
GetProfileSectionA
IsWow64Process
FindAtomW
GetTimeZoneInformation
DebugActiveProcess
GetPrivateProfileStringA
GetFileType
LocalUnlock
FlsGetValue
LoadTypeLib
VariantTimeToSystemTime
GetRecordInfoFromGuids
SystemTimeToVariantTime
RasGetEapUserIdentityA
RpcRaiseException
RpcServerListen
SetupDiGetClassDescriptionExW
ExtractIconA
HashData
SHDeleteValueA
GetMenuPosFromID
DecryptMessage
LoadCursorW
FindWindowW
GetComboBoxInfo
PostQuitMessage
GetDialogBaseUnits
FlashWindowEx
GetMenuState
ReleaseCapture
LookupIconIdFromDirectoryEx
DestroyCaret
GetTabbedTextExtentW
GetWindowRgn
LockWorkStation
GetMenuItemRect
GetLastActivePopup
IsWindowVisible
GetWindowPlacement
DrawMenuBar
DrawTextW
GetThreadDesktop
LoadAcceleratorsA
GetPriorityClipboardFormat
DdeClientTransaction
ChangeMenuA
GetKeyboardLayout
GetMenuItemCount
DeferWindowPos
CreateIconFromResource
ExcludeUpdateRgn
GetWindowLongW
GetWindowTextA
CharNextW
GetMenuContextHelpId
GetFileVersionInfoSizeW
FindNextUrlCacheEntryW
InternetGoOnline
DeleteUrlCacheEntryW
mmioSendMessage
DeletePortW
shutdown
getservbyname
realloc
fputws
fgetws
strcmp
CoUninitialize
MkParseDisplayName
CoTaskMemFree
CoGetClassObjectFromURL
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:19 10:02:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
130048

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x1bf35

InitializedDataSize
106496

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b4842b357c8ea9306b254504569ae6d0
SHA1 4e4975a3bcdc10fe29d6e45669a67b6d05f05df1
SHA256 8b913f181402f5b26c5b0416abab30df55522ee3d8c18d1073d6600a65820b3c
ssdeep
3072:zhXGc60yexmXiQUOfrf4gfEyqZp69OcjK/8yXVVtsnzFOwm3gEZcyiSmXxPoVLxY:FG8VeLBcp6gca8yXV

authentihash edc2b4fd39a09d821e8ae7775bb52f046226f4862b8afa0a6b3c7af929cae14f
imphash c8c1df973b68d8214047fe5e470ae469
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (46.2%)
Win32 Dynamic Link Library (generic) (18.4%)
Win32 Executable (generic) (12.6%)
Win16/32 Executable Delphi generic (5.8%)
OS/2 Executable (generic) (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-19 09:06:24 UTC ( 4 months ago )
Last submission 2019-01-19 09:06:24 UTC ( 4 months ago )
File names wMwrDL74luP8.exe
adminearcon.exe
477.exe
MISCUTIL
msQ8ocI6yhG.exe
QdFyo0CARr.exe
351.exe
578.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!