× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bd2d294440ef5e6977062ac558be9ba8a1828cc9a01a9d30b9abb71d54f88ea
File name: 3VktmYsDSN7eou.exe
Detection ratio: 43 / 68
Analysis date: 2019-01-01 01:51:04 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40879906 20190101
ALYac Trojan.GenericKD.40879906 20190101
Arcabit Trojan.Generic.D26FC722 20190101
Avast Win32:MalwareX-gen [Trj] 20181231
AVG Win32:MalwareX-gen [Trj] 20181231
Avira (no cloud) TR/AD.Emotet.jwcnv 20181231
BitDefender Trojan.GenericKD.40879906 20181231
CAT-QuickHeal Trojan.Emotet.X4 20181231
Comodo Malware@#27lscedrpqz2j 20181231
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20190101
Cyren W32/Agent.ATJ.gen!Eldorado 20181231
Emsisoft Trojan.GenericKD.40879906 (B) 20181231
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOEF 20181231
F-Prot W32/Agent.ATJ.gen!Eldorado 20181231
F-Secure Trojan.GenericKD.40879906 20181231
Fortinet W32/Kryptik.GOEF!tr 20181231
Ikarus Trojan-Spy.Win32.Emotet 20181231
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181231
K7GW Riskware ( 0040eff71 ) 20181231
Kaspersky Trojan-Banker.Win32.Emotet.bxmr 20181231
Malwarebytes Trojan.Emotet.Generic 20181231
MAX malware (ai score=100) 20190101
McAfee RDN/Generic.grp 20181231
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20181231
Microsoft Trojan:Win32/Emotet.AC!bit 20181231
eScan Trojan.GenericKD.40879906 20181231
Palo Alto Networks (Known Signatures) generic.ml 20190101
Panda Trj/CI.A 20181231
Qihoo-360 HEUR/QVM20.1.27C9.Malware.Gen 20190101
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181231
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181231
Symantec Trojan.Emotet 20181231
Tencent Win32.Trojan-banker.Emotet.Pfsw 20190101
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R002C0OLU18 20181231
TrendMicro-HouseCall TROJ_GEN.R002C0OLU18 20190101
VBA32 BScope.Trojan.Emotet 20181229
Webroot W32.Trojan.Emotet 20190101
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxmr 20190101
Acronis 20181227
AegisLab 20181231
Alibaba 20180921
Antiy-AVL 20190101
Avast-Mobile 20181231
Babable 20180918
Baidu 20181207
Bkav 20181227
ClamAV 20181231
CMC 20181231
Cybereason 20180225
DrWeb 20181231
eGambit 20190101
Jiangmin 20181231
Kingsoft 20190101
NANO-Antivirus 20181231
SUPERAntiSpyware 20181226
TACHYON 20181231
TheHacker 20181230
TotalDefense 20181231
Trustlook 20190101
ViRobot 20190101
Yandex 20181229
Zillya 20181231
Zoner 20190101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation.

Product Micros
Internal name kbdughr
File version 6.1.7601.17514
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x000161F0
Number of sections 8
PE sections
PE imports
GetColorAdjustment
GetFileSizeEx
VerifyScripts
Wow64EnableWow64FsRedirection
FlsFree
GetModuleHandleW
GetNamedPipeClientSessionId
DestroyMenu
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
92160

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
219136

EntryPoint
0x161f0

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation.

FileVersion
6.1.7601.17514

TimeStamp
2004:08:04 00:56:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdughr

ProductVersion
1.4: 2003062408

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla, Netscape

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b1d6ad5d159097c43da5afc535bed0dd
SHA1 82214dd56dcde014d3a3f8f3e2b4d6e3b16c51cc
SHA256 8bd2d294440ef5e6977062ac558be9ba8a1828cc9a01a9d30b9abb71d54f88ea
ssdeep
3072:YtDMChlgmBb5lYV0nE0c7J28X4QrcXF2:qh6iAb0c7J28QXF

authentihash 3d945c1a7d83dd83e73bfd15bdf0473744670eace3bb06ffa2f015debdadabae
imphash 0fe18ee2144ae1029ab63a19d884c6c3
File size 298.0 KB ( 305152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-27 23:23:11 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-29 14:02:50 UTC ( 1 month, 3 weeks ago )
File names mfS2mz1fU.exe
0p1AKEK0sxb2ct6O.exe
3VktmYsDSN7eou.exe
kbdughr
Kmi9x0BqhSQgYw3DQf.exe
worXmQAhg87WYO.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!