× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97772d1f1d7caa9abe8508e7431a88713d1a994423ee6cd774576d34868e4c6a
File name: 97772d1f1d7caa9abe8508e7431a88713d1a994423ee6cd774576d34868e4c6a
Detection ratio: 42 / 69
Analysis date: 2018-12-21 04:45:10 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Trojan.GenericKD.40847485 20181221
AegisLab Trojan.Win32.Malicious.4!c 20181221
AhnLab-V3 Trojan/Win32.Emotet.R249373 20181220
ALYac Trojan.GenericKDZ.52195 20181221
Avast Win32:BankerX-gen [Trj] 20181221
AVG Win32:BankerX-gen [Trj] 20181221
BitDefender Trojan.GenericKD.40847485 20181221
Bkav HW32.Packed. 20181220
CAT-QuickHeal Trojan.Emotet 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.baf908 20180225
Cylance Unsafe 20181221
Cyren W32/Emotet.LE.gen!Eldorado 20181221
eGambit Unsafe.AI_Score_99% 20181221
Emsisoft Trojan.GenericKD.40847485 (B) 20181221
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNZI 20181221
F-Prot W32/Emotet.LE.gen!Eldorado 20181221
F-Secure Trojan.GenericKD.40847485 20181221
Fortinet W32/Kryptik.GNZI!tr 20181221
GData Trojan.GenericKD.40847485 20181221
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181221
K7GW Riskware ( 0040eff71 ) 20181221
Kaspersky Trojan-Banker.Win32.Emotet.bvza 20181221
MAX malware (ai score=85) 20181221
McAfee Emotet-FJX!B44B2993647C 20181221
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181220
Microsoft Trojan:Win32/Emotet.AC!bit 20181220
eScan Trojan.GenericKD.40847485 20181221
Palo Alto Networks (Known Signatures) generic.ml 20181221
Panda Trj/Genetic.gen 20181220
Qihoo-360 HEUR/QVM20.1.FAD7.Malware.Gen 20181221
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazoGNrpF2qan9RyVXKsD6bOo) 20181221
SentinelOne (Static ML) static engine - malicious 20181011
Symantec Trojan.Emotet 20181221
Tencent Win32.Trojan-banker.Emotet.Pdlz 20181221
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Refinka 20181220
Webroot W32.Trojan.Emotet 20181221
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvza 20181221
Alibaba 20180921
Antiy-AVL 20181221
Arcabit 20181221
Avast-Mobile 20181220
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
ClamAV 20181221
CMC 20181220
Comodo 20181220
DrWeb 20181221
Jiangmin 20181221
Kingsoft 20181221
Malwarebytes 20181221
NANO-Antivirus 20181221
Sophos AV 20181221
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181221
TheHacker 20181220
TotalDefense 20181220
TrendMicro 20181221
TrendMicro-HouseCall 20181221
Trustlook 20181221
ViRobot 20181220
Yandex 20181220
Zillya 20181219
Zoner 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Microsoft®
Original name kbdth3.dll
Internal name TCPSVCS.EXE
Description TCP/IP Services Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x000029E0
Number of sections 9
PE sections
PE imports
RemoveUsersFromEncryptedFile
GetSecurityDescriptorRMControl
OffsetClipRgn
GetEnvironmentStrings
GetNamedPipeServerProcessId
GetThreadLocale
GetThreadTimes
GlobalMemoryStatusEx
GetBinaryTypeA
GetCurrentThread
Ord(29)
CopyIcon
GetLastInputInfo
DlgDirListW
SendMessageA
GetMenuContextHelpId
GetKeyState
g_rgSCardT1Pci
memmove
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:07:18 03:23:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
2.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x29e0

InitializedDataSize
0

SubsystemVersion
6.0

ImageVersion
5.1

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 b44b2993647c9194a94e05ccc163f8f1
SHA1 af1e026baf908789a503bd222b71a3cb0751c85a
SHA256 97772d1f1d7caa9abe8508e7431a88713d1a994423ee6cd774576d34868e4c6a
ssdeep
3072:XmjyuImku3icvfIZX5nuomG+VNhPPm+Eu1cR:Xm+Ju3ic4Zp9XSNhPPm

authentihash 2fa9f0255c35b39ed21cc7fb555a6f66a2bff4964b1266dd5a65d2902a625aab
imphash 8bd23417beb15a0711fa927177ae6fe1
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 19:07:45 UTC ( 1 month, 4 weeks ago )
Last submission 2018-12-19 19:07:45 UTC ( 1 month, 4 weeks ago )
File names iUMQ_a.exe
x_O09xc.exe
kbdth3.dll
TCPSVCS.EXE
jhP_IaUGkae_24iPD.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!