× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 947a8456646709807ebf1a588e4dd0af73160943f9b9a6880a11839117c5c8d1
File name: e2daf4665c8764fd26389d2d79bfabf0
Detection ratio: 42 / 68
Analysis date: 2018-11-20 05:41:16 UTC ( 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.418426 20181120
AhnLab-V3 Malware/RL.Generic.R242003 20181120
ALYac Gen:Variant.Razy.418426 20181120
Arcabit Trojan.Razy.D6627A 20181120
Avast Win32:BankerX-gen [Trj] 20181120
AVG Win32:BankerX-gen [Trj] 20181120
BitDefender Gen:Variant.Razy.418426 20181120
CAT-QuickHeal Trojan.Emotet.X4 20181119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.65c876 20180225
Cylance Unsafe 20181120
Cyren W32/Trojan.JZPT-0766 20181120
DrWeb Trojan.Emotet.449 20181120
Emsisoft Gen:Variant.Razy.418426 (B) 20181120
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMDL 20181120
F-Secure Gen:Variant.Razy.418426 20181120
Fortinet W32/Kryptik.GMDL!tr 20181120
GData Gen:Variant.Razy.418426 20181120
Ikarus Trojan-Banker.Emotet 20181119
Sophos ML heuristic 20181108
Kaspersky Trojan-Banker.Win32.Emotet.blgz 20181120
Malwarebytes Trojan.Emotet 20181120
MAX malware (ai score=100) 20181120
McAfee RDN/Generic.hbg 20181120
McAfee-GW-Edition BehavesLike.Win32.Emotet.fm 20181120
Microsoft Trojan:Win32/Emotet.AC!bit 20181120
eScan Gen:Variant.Razy.418426 20181120
NANO-Antivirus Virus.Win32.Gen.ccmw 20181120
Palo Alto Networks (Known Signatures) generic.ml 20181120
Panda Trj/Genetic.gen 20181119
Qihoo-360 HEUR/QVM19.1.DD35.Malware.Gen 20181120
Rising Trojan.Kryptik!1.B4A3 (CLOUD) 20181120
Sophos AV Mal/EncPk-ANY 20181120
Symantec Trojan.Emotet 20181120
Tencent Win32.Trojan-banker.Emotet.Akys 20181120
TrendMicro TROJ_GEN.R020C0DK118 20181120
TrendMicro-HouseCall TROJ_GEN.R020C0DK118 20181120
VIPRE Trojan.Win32.Generic!BT 20181120
ViRobot Trojan.Win32.Z.Emotet.364544.G 20181120
Webroot W32.Trojan.Emotet 20181120
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.blgz 20181120
AegisLab 20181120
Alibaba 20180921
Antiy-AVL 20181120
Avast-Mobile 20181119
Avira (no cloud) 20181120
Babable 20180918
Baidu 20181119
Bkav 20181119
ClamAV 20181119
CMC 20181119
eGambit 20181120
F-Prot 20181120
Jiangmin 20181120
K7AntiVirus 20181119
K7GW 20181120
Kingsoft 20181120
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181120
TheHacker 20181118
TotalDefense 20181118
Trustlook 20181120
VBA32 20181119
Yandex 20181119
Zillya 20181119
Zoner 20181120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright?1995-2001 Preview Systems, Inc.

Product Vbox 4.6.1
Original name vboxr.dll
Internal name Vbox MKS
File version 4,6,1,44
Description Vbox MKS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-30 04:31:09
Entry Point 0x000034A9
Number of sections 5
PE sections
PE imports
CertCompareIntegerBlob
GetBitmapDimensionEx
GetPixelFormat
GetGraphicsMode
GetModuleHandleA
SetConsoleScreenBufferSize
HeapSize
ICSeqCompressFrame
NetShareCheck
SHQueryValueExW
SHCreateThreadRef
GetRawInputDeviceList
GetPrinterDataW
HGLOBAL_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.1.44

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Vbox MKS

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
354816

EntryPoint
0x34a9

OriginalFileName
vboxr.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright?1995-2001 Preview Systems, Inc.

FileVersion
4,6,1,44

TimeStamp
2018:10:29 21:31:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Vbox MKS

ProductVersion
4,6,1,44

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Preview Systems, Inc.

CodeSize
14848

ProductName
Vbox 4.6.1

ProductVersionNumber
4.6.1.44

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e2daf4665c8764fd26389d2d79bfabf0
SHA1 06ce067e186229069fb6abbd19c0fc687ab578ba
SHA256 947a8456646709807ebf1a588e4dd0af73160943f9b9a6880a11839117c5c8d1
ssdeep
3072:7l5vixIX0EE0mn0AhAmUUoN7mASY3f4IS74kwUJkEHiDrPlow:7l5axIX0EE0mPhAmeNbSY3VS7B/ii

authentihash 29b32d83c194180168e64f07bffecce7a136d01b6fc9ed24e70ff8292d5653b4
imphash c19c4b55b5201f0c335fb35932227756
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-11 20:09:46 UTC ( 3 months, 1 week ago )
Last submission 2018-11-11 20:09:46 UTC ( 3 months, 1 week ago )
File names Vbox MKS
vboxr.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!