× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94e1accbf3fb016372b6c63bb270ebb9512b5e60989b1ff43292b22341817c6b
File name: 94e1accbf3fb016372b6c63bb270ebb9512b5e60989b1ff43292b22341817c6b
Detection ratio: 37 / 61
Analysis date: 2017-05-06 16:29:37 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4992332 20170506
AegisLab Ml.Attribute.Gen!c 20170506
Arcabit Trojan.Generic.D4C2D4C 20170506
Avast Win32:Trojan-gen 20170506
AVG Atros5.BBYV 20170506
Avira (no cloud) TR/Crypt.Xpack.fhbyh 20170506
AVware Trojan.Win32.Generic!BT 20170506
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9595 20170503
BitDefender Trojan.GenericKD.4992332 20170506
CMC Trojan-Downloader.Win32.Gamarue.2!O 20170505
Comodo UnclassifiedMalware 20170506
CrowdStrike Falcon (ML) malicious_confidence_96% (W) 20170130
DrWeb Trojan.DownLoader24.55094 20170506
Emsisoft Trojan.GenericKD.4992332 (B) 20170506
Endgame malicious (high confidence) 20170503
ESET-NOD32 Win32/Emotet.AO 20170506
F-Secure Trojan.GenericKD.4992332 20170506
Fortinet W32/Kryptik.FSAH!tr 20170506
GData Win32.Trojan-Spy.Dridex.BR 20170506
Ikarus Trojan-Spy.Win32.Zbot 20170506
Sophos ML trojan.win32.skeeyah.a!rfn 20170413
Kaspersky Trojan-Dropper.Win32.Agent.sbmh 20170506
Malwarebytes Trojan.MalPack 20170506
McAfee RDN/Generic.hbg 20170506
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20170506
Microsoft PWS:Win32/Zbot 20170506
eScan Trojan.GenericKD.4992332 20170506
Palo Alto Networks (Known Signatures) generic.ml 20170506
Qihoo-360 HEUR/QVM10.1.F075.Malware.Gen 20170506
Sophos AV Troj/Wonton-YV 20170506
Symantec Ransom.Kovter 20170505
TrendMicro TROJ_EMOTET.XXTM 20170506
TrendMicro-HouseCall TROJ_EMOTET.XXTM 20170506
VIPRE Trojan.Win32.Generic!BT 20170506
ViRobot Trojan.Win32.U.Agent.166912.A[h] 20170506
Webroot W32.Trojan.Gen 20170506
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.sbmh 20170506
AhnLab-V3 20170506
Alibaba 20170505
ALYac 20170506
Bkav 20170506
CAT-QuickHeal 20170506
ClamAV 20170506
Cyren 20170506
F-Prot 20170506
Jiangmin 20170506
K7AntiVirus 20170506
K7GW 20170506
Kingsoft 20170506
NANO-Antivirus 20170506
nProtect 20170506
Panda 20170506
Rising 20170506
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170506
Symantec Mobile Insight 20170504
Tencent 20170506
TheHacker 20170505
TotalDefense 20170506
Trustlook 20170506
VBA32 20170506
WhiteArmor 20170502
Yandex 20170504
Zillya 20170505
Zoner 20170506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Gogegalari medayimarabe wihifo vajitonubocosa xavifopoxuje firiforeba ki fakayesikomo gido

Product Miwiwanuzate hoyaloki
Original name pepa.rc
Internal name Bala bawukibatebena
File version 42, 4, 5, 3
Comments Korarawohiru zimebe ranuwayosixefu yoba madewupope vawisabaxenimi sude borozeciguhofe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-05 08:50:06
Entry Point 0x000011A5
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
AddAtomW
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CreateHardLinkW
GetSystemTimeAsFileTime
GetThreadTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetPrivateProfileSectionW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CloseHandle
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
24064

SubsystemVersion
5.1

Comments
Korarawohiru zimebe ranuwayosixefu yoba madewupope vawisabaxenimi sude borozeciguhofe

InitializedDataSize
162304

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
42.4.5.3

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

EntryPoint
0x11a5

OriginalFileName
pepa.rc

MIMEType
application/octet-stream

LegalCopyright
Gogegalari medayimarabe wihifo vajitonubocosa xavifopoxuje firiforeba ki fakayesikomo gido

FileVersion
42, 4, 5, 3

TimeStamp
2017:05:05 09:50:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bala bawukibatebena

ProductVersion
42, 4, 5, 3

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Motuxi bapeguli nawudopebapuke solube sufimikizihidi ro jexoka paxocisadata ni padidayevo

ProductName
Miwiwanuzate hoyaloki

ProductVersionNumber
42.4.5.3

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 2ca879a84b9fb02c9b7ce74a4babf793
SHA1 85a3dcd91e3fde628ea21f76742a0412dbdacab7
SHA256 94e1accbf3fb016372b6c63bb270ebb9512b5e60989b1ff43292b22341817c6b
ssdeep
3072:Nj6Vgz//MEopa3O3MCVc/wo3cQUp+IlhpMIRRkZuIVCTgL9TwYfEaSwrzLK:sVgola3pCVfo3cQUp+IvpMbrz

authentihash c84f28f0a51a644d0d22233cb8f5202c9bd707239c156eb44675d8a7a546f458
imphash 48ebc61470f4b9265bf3d4fcb5cc76ec
File size 161.5 KB ( 165376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-05 12:41:09 UTC ( 1 year, 7 months ago )
Last submission 2017-09-08 10:46:48 UTC ( 1 year, 3 months ago )
File names vw.exe
p.exe
qpp.exe
SourceEnclosure.exe
l8qx-so136-kwm.exe
ubr.exe
l8qx-so136-kwm.exe
z.exe
fnn.exe
ek.exe
109429038.exe
Mal.exe
ExecutorAppid.exe
pepa.rc
ju.exe
Bala bawukibatebena
m.exe
zla.exe
LangQuota.exe
lgt.exe
ivh.exe
ab.exe
EMOTET PAYLOAD
pze.exe
XianPdl.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications