Antivirus scan for 914ffc100871990914e2b4727deafe94e3c2a12d66340d55c562a95e4b51cf16 at 2019-01-19 07:21:17 UTC

Antivirus	Result	Update
Acronis	suspicious	20190119
AegisLab	Trojan.Multi.Generic.4!c	20190119
Alibaba	Trojan:Win32/EmotetedCryptc.6415f7c0	20180921
AVG	FileRepMalware	20190119
Bkav	HW32.Packed.	20190119
Comodo	.UnclassifiedMalware@0	20190119
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20181023
Cylance	Unsafe	20190119
eGambit	Unsafe.AI_Score_76%	20190119
Endgame	malicious (high confidence)	20181108
ESET-NOD32	a variant of Win32/GenKryptik.CWYG	20190119
Fortinet	W32/FakeAV.CWYG!tr	20190119
GData	Win32.Trojan-Spy.Emotet.R8GZ67	20190119
Sophos ML	heuristic	20181128
Kaspersky	UDS:DangerousObject.Multi.Generic	20190119
Malwarebytes	Trojan.Emotet	20190119
McAfee	Artemis!110C1F03F6CE	20190119
McAfee-GW-Edition	BehavesLike.Win32.Dropper.ch	20190119
Microsoft	Trojan:Win32/Emotet.AC!bit	20190119
Palo Alto Networks (Known Signatures)	generic.ml	20190119
Qihoo-360	HEUR/QVM20.1.A319.Malware.Gen	20190119
Rising	Trojan.GenKryptik!8.AA55 (TFE:1:v7XiahyKoeT)	20190119
Sophos AV	Mal/FakeAV-OP	20190119
Symantec	ML.Attribute.HighConfidence	20190118
Trapmine	malicious.high.ml.score	20190103
Webroot	W32.Trojan.Emotet	20190119
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.camj	20190119
Ad-Aware		20190119
AhnLab-V3		20190118
ALYac		20190119
Antiy-AVL		20190119
Arcabit		20190119
Avast		20190119
Avast-Mobile		20190118
Avira (no cloud)		20190119
Babable		20180918
Baidu		20190118
BitDefender		20190119
CAT-QuickHeal		20190118
CMC		20190118
Cybereason		20190109
Cyren		20190119
DrWeb		20190119
Emsisoft		20190119
F-Prot		20190119
F-Secure		20190119
Ikarus		20190118
Jiangmin		20190119
K7AntiVirus		20190119
K7GW		20190119
Kingsoft		20190119
MAX		20190119
eScan		20190119
NANO-Antivirus		20190119
Panda		20190118
SentinelOne (Static ML)		20190118
SUPERAntiSpyware		20190116
TACHYON		20190119
Tencent		20190119
TheHacker		20190118
TotalDefense		20190119
TrendMicro		20190119
TrendMicro-HouseCall		20190119
Trustlook		20190119
VBA32		20190118
VIPRE		20190119
ViRobot		20190118
Yandex		20190118
Zillya		20190118
Zoner		20190118

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1994-07-09 09:45:28

Entry Point 0x000038F0

Number of sections 10

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 11162 12288 6.23 2531b3aa6e7de3fd083c2c2143e23d67

.rdata 16384 1474 4096 2.41 8a242bb776644d6345c91eb70736d41c

.data 20480 9184 4096 2.20 a21f452d3114c8f4f63b3466081a16f3

.qdata 32768 182 4096 0.53 e30fb13d53e7e73c54736a5a9892f1fd

.code 36864 19045 20480 7.43 aa00bc2dda91b262a1bbd3ad44c7ca2d

.crt 57344 49045 49152 7.92 252e808b588b3827decbb15f1f592192

.ida 106496 17403 20480 7.24 8354c02806dd3d13dac56d8f8ad8b581

.crt1 126976 20224 20480 7.89 6419f44ecdc28d1a3565b99e16e441c5

.rsrc 147456 6120 8192 2.83 9e8d1ced764971a9e823640376cae7f1

.reloc 155648 460 4096 1.10 2270e485d774d6c5e02e334eef1026d2

PE imports

Number of PE resources by type

RT_DIALOG 7

Number of PE resources by language

ENGLISH US 7

PE resources

06799ef271eb95801eee3d603673ed73562ee7db5cf029c5b315b8b5d0e00fa7 data

334aec895e44f03ce7c1fef9da813753110db5cb8e4478b087ff90dc079df9f3 data

7356d043b41fb8738874b1e1ce60c7b72d5f9acc237dac647829256b2a862a30 data

a6c0a3c69beaa971d36bc1ce1371346a3fac98e41e7fd59b38d137e65294607a data

d66b75108526af2578bd0410e6578e5508d53400ff02acb4d4e98e9e9ec18191 data

db0bdd35f08ef74fe1f648eb6959de6275ed185fccb8e7f6351067f57bffb42d data

dce9abd4e17c4691ca1fa3f8599e5615f484d5c821f80fb993f15e1e504332ab data

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

1994:07:09 02:45:28-07:00

FileType

Win32 EXE

PEType

PE32

CodeSize

12288

LinkerVersion

10.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x38f0

InitializedDataSize

143360

SubsystemVersion

6.1

ImageVersion

0.0

OSVersion

6.0

UninitializedDataSize

File identification

MD5 110c1f03f6cea56bbc5aea62e9705d24

SHA1 b8e482cb8aa943f7f815f0a9a4c88dde6a9a4bcf

SHA256 914ffc100871990914e2b4727deafe94e3c2a12d66340d55c562a95e4b51cf16

ssdeep

3072:PpUOZBeD4RGP2owQ46MphLz5RqDao3AYSJ4gOF+4C:PpBZBw6Q4LpBmCYS

authentihash f5df14f7e83f3c220a00818ca198dd3f8fb44bc96c4d14781959653a6c082085

imphash 655d260785b5fac765675a861647f445

File size 148.0 KB ( 151552 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win64 Executable (generic) (61.7%) Win32 Dynamic Link Library (generic) (14.7%) Win32 Executable (generic) (10.0%) OS/2 Executable (generic) (4.5%) Generic Win/DOS Executable (4.4%)

VirusTotal metadata

First submission 2019-01-18 21:22:46 UTC ( 4 weeks, 1 day ago )

Last submission 2019-01-19 23:04:11 UTC ( 4 weeks ago )

File names

emotet_e2_914ffc100871990914e2b4727deafe94e3c2a12d66340d55c562a95e4b51cf16_2019-01-18__213001.exe_
wyBV.exe

SHA256:	914ffc100871990914e2b4727deafe94e3c2a12d66340d55c562a95e4b51cf16
File name:	emotet_e2_914ffc100871990914e2b4727deafe94e3c2a12d66340d55c562a95...
Detection ratio:	27 / 70
Analysis date:	2019-01-19 07:21:17 UTC ( 4 weeks, 1 day ago ) View latest

Ciphered bundle