× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c7aa0e4c5a16383b87a31df0e31c19d8c57a6db2e4e15fdafae12c65020e347
File name: peCISudRnLV.exe
Detection ratio: 19 / 71
Analysis date: 2019-01-30 04:09:18 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190128
Avast FileRepMalware 20190130
AVG FileRepMalware 20190130
Bkav HW32.Packed. 20190129
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190130
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CXYA 20190130
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190129
Microsoft Program:Win32/Unwaders.C!ml 20190130
NANO-Antivirus Virus.Win32.Gen.ccmw 20190130
Qihoo-360 HEUR/QVM20.1.E277.Malware.Gen 20190130
Rising Trojan.Emotet!8.B95/N3#80% (RDM+:cmRtazrvSBuG9KtEDgw/xwXMMUTp) 20190130
SentinelOne (Static ML) static engine - malicious 20190124
Symantec ML.Attribute.HighConfidence 20190130
Trapmine malicious.high.ml.score 20190123
VBA32 BScope.Trojan.Emotet 20190129
VIPRE LooksLike.Win32.Dridex.e (v) 20190129
Ad-Aware 20190130
AegisLab 20190130
AhnLab-V3 20190129
Alibaba 20180921
ALYac 20190130
Antiy-AVL 20190130
Arcabit 20190130
Avast-Mobile 20190129
Avira (no cloud) 20190130
Babable 20180918
Baidu 20190129
BitDefender 20190130
CAT-QuickHeal 20190129
ClamAV 20190129
CMC 20190129
Comodo 20190130
Cybereason 20190109
Cyren 20190130
DrWeb 20190130
eGambit 20190130
Emsisoft 20190130
F-Prot 20190130
F-Secure 20190130
Fortinet 20190130
GData 20190130
Ikarus 20190129
Jiangmin 20190130
K7AntiVirus 20190129
K7GW 20190129
Kaspersky 20190130
Kingsoft 20190130
Malwarebytes 20190130
MAX 20190130
McAfee 20190130
eScan 20190130
Palo Alto Networks (Known Signatures) 20190130
Panda 20190129
Sophos AV 20190130
SUPERAntiSpyware 20190123
TACHYON 20190130
Tencent 20190130
TheHacker 20190129
TotalDefense 20190129
TrendMicro 20190130
TrendMicro-HouseCall 20190130
Trustlook 20190130
ViRobot 20190129
Webroot 20190130
Yandex 20190129
Zillya 20190129
ZoneAlarm by Check Point 20190130
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995 Microsoft Corporation

Product Microsoft Picstore
Original name amstoune.exe
Internal name amstoune
File version 2.0
Description lispfile
Comments Built-in compression
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-30 04:02:08
Entry Point 0x00002382
Number of sections 5
PE sections
PE imports
IsTokenRestricted
SetWorldTransform
BeginPath
TransmitCommChar
LockFileEx
SetCriticalSectionSpinCount
GetCommandLineW
GetThreadLocale
GetCurrentThreadId
GetTapePosition
CloseHandle
PathBuildRootA
SetThreadDesktop
GetDesktopWindow
MonitorFromWindow
DestroyAcceleratorTable
SCardGetCardTypeProviderNameA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
MAORI DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

Comments
Built-in compression

LinkerVersion
0.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.0.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
lispfile

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x2382

OriginalFileName
amstoune.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995 Microsoft Corporation

FileVersion
2.0

TimeStamp
2019:01:30 05:02:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
amstoune

ProductVersion
2.2

UninitializedDataSize
102400

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Picstore

ProductVersionNumber
2.0.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 cb12bf7f7a2c1956a01ebcfeb338b8ca
SHA1 241e2f2e1475da5683718a1a13cb8bbec9f887e9
SHA256 8c7aa0e4c5a16383b87a31df0e31c19d8c57a6db2e4e15fdafae12c65020e347
ssdeep
3072:MNVCYau+6Lc/Le4v5OsuSlDt1cS8RvFe5UrjeJ/:8qxYcTrJuvjueje

authentihash 6989803f6c20d07b6000c942cbd26939c4da5b1cdae3e40b1325b0c6f9a78a50
imphash 7f5bb63248f6a4194e41e37ab29326e5
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-30 04:07:33 UTC ( 1 month, 2 weeks ago )
Last submission 2019-02-14 09:54:18 UTC ( 1 month ago )
File names 21751136.EXE
amstoune.exe
peCISudRnLV.exe
In0h7nT5A.exe
amstoune
emotet_e2_8c7aa0e4c5a16383b87a31df0e31c19d8c57a6db2e4e15fdafae12c65020e347_2019-01-30__041005.exe_
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!