× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bc16f6633c8286a50a59139fb2d27ee75eb58317412f719ecdce87a25045d05
File name: GLLYF9SRGIOMFQ4NK5.EXE
Detection ratio: 43 / 66
Analysis date: 2018-11-17 08:20:24 UTC ( 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31355338 20181117
AegisLab Trojan.Win32.Emotet.4!c 20181117
AhnLab-V3 Trojan/Win32.Emotet.R244694 20181116
ALYac Trojan.Agent.Emotet 20181117
Arcabit Trojan.Autoruns.GenericS.D1DE71CA 20181117
Avast Win32:Malware-gen 20181117
AVG Win32:Malware-gen 20181117
Avira (no cloud) TR/AD.Emotet.eff 20181116
BitDefender Trojan.Autoruns.GenericKDS.31355338 20181117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cyren W32/Trojan.IRDZ-1439 20181117
DrWeb Trojan.EmotetENT.295 20181117
Emsisoft Trojan.Autoruns.GenericKDS.31355338 (B) 20181117
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMTF 20181117
F-Prot W32/Emotet.JB.gen!Eldorado 20181117
F-Secure Trojan.Autoruns.GenericKDS.31355338 20181116
Fortinet W32/Kryptik.GMTF!tr 20181117
GData Win32.Trojan-Spy.Emotet.TP 20181117
Ikarus Trojan-Banker.Emotet 20181116
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 005412bb1 ) 20181117
K7GW Trojan ( 005412bb1 ) 20181117
Kaspersky Trojan-Banker.Win32.Emotet.bpzk 20181117
Malwarebytes Trojan.Emotet 20181117
MAX malware (ai score=100) 20181117
McAfee RDN/Generic.hbg 20181117
McAfee-GW-Edition RDN/Generic.hbg 20181117
Microsoft Trojan:Win32/Emotet.AC!bit 20181117
eScan Trojan.Autoruns.GenericKDS.31355338 20181117
NANO-Antivirus Virus.Win32.Gen.ccmw 20181117
Palo Alto Networks (Known Signatures) generic.ml 20181117
Panda Trj/RnkBend.A 20181116
Qihoo-360 HEUR/QVM20.1.3571.Malware.Gen 20181117
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181117
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181117
Symantec Trojan.Emotet 20181116
TrendMicro TSPY_EMOTET.THAAAEAH 20181117
TrendMicro-HouseCall TSPY_EMOTET.THAAAEAH 20181117
VBA32 BScope.Trojan.Emotet 20181116
Webroot W32.Trojan.Emotet 20181117
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpzk 20181117
Alibaba 20180921
Antiy-AVL 20181117
Avast-Mobile 20181117
Babable 20180918
Baidu 20181116
Bkav 20181116
CAT-QuickHeal 20181116
ClamAV 20181117
CMC 20181116
Cylance 20181117
eGambit 20181117
Jiangmin 20181117
Kingsoft 20181117
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181117
Tencent 20181117
TheHacker 20181113
TotalDefense 20181117
Trustlook 20181117
VIPRE 20181117
ViRobot 20181116
Yandex 20181116
Zillya 20181116
Zoner 20181117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Borland Corporation 1994,2005

Product Borland Developer Studio
Internal name Run Time Library
File version 8.0.0.0
Description Borland C++ Multi-thread RTL (WIN/VCL MT)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-15 06:24:04
Entry Point 0x0000EB29
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
GetCurrentHwProfileA
GetEventLogInformation
GetOpenFileNameW
GetCharWidth32A
DeleteDC
GetWindowOrgEx
FrameRgn
GetClipRgn
GetCurrentPositionEx
GetPixel
ExtTextOutA
FillPath
GetMapMode
GdiFlush
LineDDA
DeleteObject
GetDriveTypeW
WriteProcessMemory
SetEvent
DeleteTimerQueueEx
GetEnvironmentStringsW
lstrcpyW
FlushViewOfFile
GetProcessId
GetCurrentProcess
VirtualFreeEx
IsValidLanguageGroup
GetVolumeInformationW
GenerateConsoleCtrlEvent
GetConsoleTitleA
lstrcatW
FillConsoleOutputAttribute
GetPrivateProfileStringW
GetStartupInfoW
EnumResourceTypesA
FindResourceExA
WritePrivateProfileStructA
FindResourceExW
GetProfileStringA
lstrcpynA
FindFirstFileW
GlobalLock
GetStringTypeW
GetModuleHandleW
LocalFree
GetProfileIntW
GlobalMemoryStatus
GetThreadPriority
GetTimeZoneInformation
GetLogicalDriveStringsA
FindFirstVolumeMountPointW
GlobalHandle
LocalHandle
GetTickCount
GetSystemWindowsDirectoryW
GetDefaultCommConfigA
VirtualAlloc
GetRecordInfoFromTypeInfo
ExtractAssociatedIconW
InitializeSecurityContextA
FreeCredentialsHandle
DdeAbandonTransaction
IsWinEventHookInstalled
GetPropW
EqualRect
GetMessageW
VkKeyScanExA
GetMessagePos
GetCaretPos
LoadKeyboardLayoutW
DrawFrameControl
GetLastInputInfo
FlashWindowEx
GetDlgItemTextA
GetMessageExtraInfo
DialogBoxParamA
MessageBoxIndirectW
EndDialog
GetTabbedTextExtentW
LoadMenuA
GetClipCursor
GetTitleBarInfo
IsZoomed
GetDlgItem
IsIconic
GetWindowLongA
GetKeyboardLayout
GetTopWindow
GetCursor
LoadAcceleratorsW
GetKeyboardType
GetUrlCacheEntryInfoA
timeGetTime
DefDriverProc
FindClosePrinterChangeNotification
fputc
tolower
fputs
MkParseDisplayName
MkParseDisplayNameEx
IsValidURL
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
100

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Borland C++ Multi-thread RTL (WIN/VCL MT)

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
368640

EntryPoint
0xeb29

MIMEType
application/octet-stream

LegalCopyright
Copyright Borland Corporation 1994,2005

FileVersion
8.0.0.0

TimeStamp
2018:11:15 06:24:04+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Run Time Library

ProductVersion
5.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Borland Corporation

CodeSize
0

ProductName
Borland Developer Studio

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f57ffe23372b120fb6aa2abbe608285f
SHA1 25624787c83ed74d95e18c279a0b1d9bffa0c8e7
SHA256 8bc16f6633c8286a50a59139fb2d27ee75eb58317412f719ecdce87a25045d05
ssdeep
6144:3cxq/IVr/eCDLFOQCkfV/PR5n6u+/qPBCxw:3cUwVz9Ckd3R5n6u9k

authentihash 15ab391e6410f5f7a9dfc58c68b4858abc094b218f14f908a897de608930d77d
imphash 60642ae8eea8a5c2ecdc25e31a83d9b1
File size 424.0 KB ( 434176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-14 22:27:40 UTC ( 3 months, 1 week ago )
Last submission 2018-11-19 18:19:30 UTC ( 3 months ago )
File names HMSQT46PW.EXE
RA8lzKefW.exe
GLLYF9SRGIOMFQ4NK5.EXE
Run Time Library
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!