× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 93f0e83504251033cc9379021831241c4e57614e7a24a06264bc88fc1bbf333d
File name: 806.exe
Detection ratio: 44 / 70
Analysis date: 2018-12-14 23:01:20 UTC ( 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40832542 20181214
AhnLab-V3 Trojan/Win32.Dovs.R248344 20181214
ALYac Trojan.Agent.Emotet 20181214
Arcabit Trojan.Generic.D26F0E1E 20181214
Avast Win32:BankerX-gen [Trj] 20181214
AVG Win32:BankerX-gen [Trj] 20181214
Avira (no cloud) TR/AD.Emotet.iirhl 20181214
BitDefender Trojan.GenericKD.40832542 20181214
CAT-QuickHeal Trojan.Emotet.X4 20181214
Comodo Malware@#2q59y3r052sau 20181214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181215
Cyren W32/Trojan.VTCQ-1864 20181214
Emsisoft Trojan.Emotet (A) 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181214
F-Secure Trojan.GenericKD.40832542 20181214
Fortinet W32/Emotet.BN!tr 20181214
GData Win32.Trojan-Spy.Emotet.UK 20181214
Ikarus Trojan-Banker.Emotet 20181214
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054356f1 ) 20181214
K7GW Trojan ( 0054356f1 ) 20181214
Kaspersky Trojan-Banker.Win32.Emotet.buox 20181214
Malwarebytes Trojan.Emotet 20181214
MAX malware (ai score=100) 20181215
McAfee Emotet-FKK!3FDD99E8D0E1 20181214
McAfee-GW-Edition BehavesLike.Win32.Emotet.ht 20181214
Microsoft Trojan:Win32/Emotet.CB 20181214
eScan Trojan.GenericKD.40832542 20181214
NANO-Antivirus Virus.Win32.Gen.ccmw 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181215
Panda Trj/GdSda.A 20181214
Qihoo-360 Win32/Trojan.88c 20181215
Sophos AV Troj/Emotet-AQB 20181214
Symantec Trojan.Emotet 20181214
Tencent Win32.Trojan-banker.Emotet.Lpmb 20181215
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABAAAH 20181214
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABAAAH 20181214
VBA32 BScope.Trojan.Refinka 20181214
VIPRE Win32.Malware!Drop 20181214
Webroot W32.Trojan.Emotet 20181215
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.buox 20181214
AegisLab 20181214
Alibaba 20180921
Antiy-AVL 20181214
Avast-Mobile 20181214
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181214
CMC 20181213
Cybereason 20180225
DrWeb 20181214
eGambit 20181215
F-Prot 20181214
Jiangmin 20181214
Kingsoft 20181215
Rising 20181214
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181214
TheHacker 20181213
TotalDefense 20181214
Trustlook 20181215
ViRobot 20181214
Yandex 20181214
Zillya 20181213
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name esentutl.exe
Internal name esentutl.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-10 21:59:12
Entry Point 0x00003DCD
Number of sections 5
PE sections
PE imports
[+] ADVAPI32.dll
IsValidSid
LookupPrivilegeNameW
EnumServicesStatusA
GetServiceDisplayNameW
LookupAccountNameW
[+] COMDLG32.dll
GetOpenFileNameA
[+] GDI32.dll
GetTextExtentPoint32W
GetViewportOrgEx
DeleteObject
GetRgnBox
ExtCreatePen
[+] KERNEL32.dll
EnumResourceTypesA
GetModuleHandleW
FlushProcessWriteBuffers
VirtualProtectEx
LoadLibraryA
GetNamedPipeClientProcessId
GetPrivateProfileStructA
GetStringTypeA
GetEnvironmentVariableA
GetNamedPipeServerProcessId
GetConsoleCP
GetCommandLineW
LocalFileTimeToFileTime
GenerateConsoleCtrlEvent
GetSystemDirectoryA
FlsFree
GetEnvironmentVariableW
GetPrivateProfileStructW
[+] POWRPROF.dll
IsPwrHibernateAllowed
[+] SHELL32.dll
FindExecutableW
[+] Secur32.dll
FreeCredentialsHandle
[+] USER32.dll
InsertMenuA
IsWinEventHookInstalled
GetClassNameW
GetMenu
GetInputState
DefFrameProcW
IsWindow
GetMenuState
GetMessageExtraInfo
PackDDElParam
GetMessagePos
InSendMessage
DrawTextExA
GetRawInputDeviceInfoW
[+] VERSION.dll
GetFileVersionInfoSizeW
[+] WINMM.dll
DefDriverProc
[+] WINSPOOL.DRV
GetPrinterW
[+] WINTRUST.dll
CryptCATEnumerateMember
[+] WS2_32.dll
socket
listen
[+] msvcrt.dll
fputc
fprintf
[+] ntdll.dll
towlower
[+] ole32.dll
GetRunningObjectTable
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Extensible Storage Engine Utilities for Microsoft(R) Windows(R)

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
483328

EntryPoint
0x3dcd

OriginalFileName
esentutl.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:12:10 13:59:12-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
esentutl.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
28672

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3fdd99e8d0e1ae46988ed92759ffab3c
SHA1 1cda01c9752acef32cbd5ff5bb1ebe8fc011a0dd
SHA256 93f0e83504251033cc9379021831241c4e57614e7a24a06264bc88fc1bbf333d
ssdeep
3072:HYngc5Xktv0Ms5Wo5wXf+p9CuTv3eYdFW8amQlmzDjxB:HYgc5PMi2f+p9lTWYW8zDj

authentihash ddac3ce1eb0bb90f5e3024f90a3b7dd6c21892e46c9ca24ba8b9c182a5f6ec9d
imphash d34a72883d5b5c90b4808465ca700a84
File size 500.0 KB ( 512000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-10 14:09:45 UTC ( 2 months, 1 week ago )
Last submission 2018-12-10 16:00:08 UTC ( 2 months, 1 week ago )
File names 86149237.exe
13774.exe
724.exe
63792.exe
84871.exe
17.exe
esentutl.exe
352.exe
554.exe
7672.exe
81104454.exe
806.exe
0996558.exe
97676812.exe
682.exe
impcompare.exe
5.exe
328.exe
5240740.exe
360.exe
0814425.exe
2435096.exe
77192025.exe
51786.exe
28.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy