× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9246194d25531451d05a84da0c737b905fc3e382e4dc7e6f9f158aad25bbbfad
File name: 59042016.exe
Detection ratio: 48 / 68
Analysis date: 2018-10-16 06:38:55 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40559574 20181016
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181016
ALYac Trojan.GenericKD.40559574 20181016
Arcabit Trojan.Generic.D26AE3D6 20181016
Avast Win32:BankerX-gen [Trj] 20181016
AVG Win32:BankerX-gen [Trj] 20181016
BitDefender Trojan.GenericKD.40559574 20181016
Bkav HW32.Packed. 20181014
CAT-QuickHeal Trojan.Emotet.X4 20181013
ClamAV Win.Trojan.Emotet-6715185-2 20181016
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.3bc4b6 20180225
Cylance Unsafe 20181016
Cyren W32/Emotet.HD.gen!Eldorado 20181016
DrWeb Trojan.EmotetENT.283 20181016
Emsisoft Trojan.Emotet (A) 20181016
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLHZ 20181016
F-Prot W32/Emotet.HD.gen!Eldorado 20181016
F-Secure Trojan.GenericKD.40559574 20181016
Fortinet Malicious_Behavior.SB 20181016
GData Trojan.GenericKD.40559574 20181016
Ikarus Trojan.Win32.Crypt 20181015
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dcm 20181016
K7AntiVirus Trojan ( 0053e1141 ) 20181016
K7GW Trojan ( 0053e1141 ) 20181015
Kaspersky Trojan-Banker.Win32.Emotet.bgbf 20181016
Malwarebytes Trojan.Emotet 20181016
MAX malware (ai score=100) 20181016
McAfee Emotet-FHK!F6CCD9B87AAC 20181016
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181016
Microsoft Trojan:Win32/Emotet!rfn 20181016
eScan Trojan.GenericKD.40559574 20181016
NANO-Antivirus Trojan.Win32.Emotet.firswq 20181016
Palo Alto Networks (Known Signatures) generic.ml 20181016
Panda Trj/Genetic.gen 20181015
Rising Trojan.Emotet!8.B95 (CLOUD) 20181016
Sophos AV Mal/EncPk-ANY 20181016
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181015
Symantec Trojan.Emotet 20181016
TACHYON Trojan/W32.Agent.139264.CNO 20181016
Tencent Win32.Trojan-banker.Emotet.Efay 20181016
TrendMicro TSPY_EMOTET.THJODAH 20181016
TrendMicro-HouseCall TSPY_EMOTET.THJODAH 20181016
VBA32 Malware-Cryptor.Limpopo 20181015
Webroot W32.Trojan.Emotet 20181016
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bgbf 20181016
AegisLab 20181016
Alibaba 20180921
Antiy-AVL 20181016
Avast-Mobile 20181016
Avira (no cloud) 20181016
Babable 20180918
Baidu 20181015
CMC 20181015
Comodo 20181016
eGambit 20181016
Kingsoft 20181016
Qihoo-360 20181016
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TheHacker 20181015
TotalDefense 20181016
Trustlook 20181016
VIPRE 20181015
ViRobot 20181016
Yandex 20181015
Zillya 20181015
Zoner 20181015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x000015B0
Number of sections 7
PE sections
PE imports
GetTokenInformation
RegEnumValueW
WriteEncryptedFileRaw
ImpersonateAnonymousToken
SetServiceObjectSecurity
RegisterEventSourceA
OpenBackupEventLogA
RegQueryValueW
ClusterRegCloseKey
ReplaceTextW
CertGetSubjectCertificateFromStore
CertOpenSystemStoreA
CertSetEnhancedKeyUsage
JetIntersectIndexes
SetTextAlign
PlayEnhMetaFileRecord
CreatePen
GetTextColor
CreateEllipticRgn
ImmGetConversionStatus
ImmGetContext
BuildCommDCBA
GlobalGetAtomNameW
SetSystemTime
SizeofResource
GetTimeZoneInformation
SetCurrentDirectoryW
FlsGetValue
GetNamedPipeServerProcessId
ReadFile
GetConsoleWindow
ConvertDefaultLocale
GetProcessPriorityBoost
Sleep
UnregisterWait
GetCommandLineA
PrepareTape
GetCurrentThread
WriteConsoleInputW
PulseEvent
GetThreadPriority
MprConfigInterfaceTransportGetHandle
MprAdminMIBEntryGet
VarBstrFromCy
VarI2FromR8
VarCyFromR8
DispGetParam
GetCurrentPowerPolicies
RpcErrorAddRecord
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupGetMultiSzFieldW
SetupDefaultQueueCallbackW
SHEnumValueW
PathRemoveExtensionA
UrlGetPartW
SHReleaseThreadRef
LoadAcceleratorsA
SetDlgItemInt
GetCapture
GetScrollInfo
CharNextExA
BroadcastSystemMessageA
SetProcessDPIAware
WindowFromPoint
WinHelpA
GetWindow
IsWindowEnabled
FindWindowA
SetCursor
ActivateKeyboardLayout
PtInRect
mixerOpen
waveOutMessage
midiInOpen
GetDriverModuleHandle
waveInClose
waveInUnprepareHeader
EnumMonitorsW
CryptCATPutMemberInfo
getprotobyname
SCardGetProviderIdW
SCardSetCardTypeProviderNameA
fgetpos
isxdigit
StgCreateStorageEx
HBITMAP_UserMarshal
HMENU_UserUnmarshal
OleDestroyMenuDescriptor
OleMetafilePictFromIconAndLabel
CoFreeLibrary
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:11:01 06:05:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15b0

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 f6ccd9b87aac3d9aeef2c0c72c554eea
SHA1 65cfc593bc4b6cfff354744ff122394c3f4a94f5
SHA256 9246194d25531451d05a84da0c737b905fc3e382e4dc7e6f9f158aad25bbbfad
ssdeep
3072:+lP70wZhvNS4XpY25cT+Ri27EcoGR+G1OwpThT3omgABEXUL42:+VDzXpH5cdmRHzlT4mgdX

authentihash 4be93a6bcc2d5e0e49865a4a638a4c87f5bce7538189aabbc9ed5129827536bf
imphash 775b3668a8dfca96147ee138736c16fa
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-03 09:04:53 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-03 09:04:53 UTC ( 4 months, 3 weeks ago )
File names routedfiles.exe
59042016.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!