× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97d46138628dd93c18c868196a982788190532abd2696be40d4e74a3948dca63
File name: 97d46138628dd93c18c868196a982788190532abd2696be40d4e74a3948dca63
Detection ratio: 44 / 69
Analysis date: 2019-03-15 17:40:00 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Emotet.UU 20190315
AhnLab-V3 Trojan/Win32.Emotet.R258980 20190315
Alibaba Packed:Win32/Kryptik.a51b8ccd 20190306
ALYac Trojan.Emotet.UU 20190315
Arcabit Trojan.Emotet.UU 20190315
Avast Win32:BankerX-gen [Trj] 20190315
AVG Win32:BankerX-gen [Trj] 20190315
Avira (no cloud) TR/Crypt.Agent.vzcqg 20190315
BitDefender Trojan.Emotet.UU 20190315
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cylance Unsafe 20190315
Cyren W32/Trojan.RZIG-6349 20190315
DrWeb Trojan.Siggen8.16606 20190315
Emsisoft Trojan.Emotet (A) 20190315
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQYG 20190315
F-Secure Trojan.TR/Crypt.Agent.vzcqg 20190315
Fortinet W32/Kryptik.CPES!tr 20190315
GData Trojan.Emotet.UU 20190315
Ikarus Trojan-Banker.Emotet 20190315
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 00549ddc1 ) 20190315
K7GW Trojan ( 00549ddc1 ) 20190315
Kaspersky Trojan-Banker.Win32.Emotet.cnzv 20190315
Malwarebytes Trojan.Bunitu 20190315
MAX malware (ai score=100) 20190315
McAfee Emotet-FMI!1E8250372F9B 20190315
McAfee-GW-Edition Artemis 20190315
Microsoft Trojan:Win32/Emotet!rfn 20190315
eScan Trojan.Emotet.UU 20190315
Palo Alto Networks (Known Signatures) generic.ml 20190315
Panda Trj/GdSda.A 20190315
Qihoo-360 HEUR/QVM20.1.D953.Malware.Gen 20190315
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Symantec Packed.Generic.459 20190315
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.SMAL08 20190315
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.Malware-Cryptor.Emotet 20190315
Webroot W32.Trojan.Emotet 20190315
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cnzv 20190315
AegisLab 20190315
Antiy-AVL 20190315
Avast-Mobile 20190315
Babable 20180918
Baidu 20190306
CAT-QuickHeal 20190315
ClamAV 20190315
CMC 20190315
Comodo 20190315
Cybereason 20190314
eGambit 20190315
F-Prot 20190315
Jiangmin 20190315
Kingsoft 20190315
NANO-Antivirus 20190315
SUPERAntiSpyware 20190313
Symantec Mobile Insight 20190220
TACHYON 20190315
Tencent 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
ViRobot 20190315
Yandex 20190315
Zillya 20190315
Zoner 20190314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name StikyNot.exe
Internal name Sticky
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Sticky Notes
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:40 PM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-14 23:15:04
Entry Point 0x00001B00
Number of sections 4
PE sections
Overlays
MD5 ab983a7b373c136023206820e8ce85a6
File type data
Offset 343552
Size 3336
Entropy 7.33
PE imports
RegQueryValueExA
RegOpenKeyA
GdiFixUpHandle
SetGraphicsMode
PolyPolyline
SetBitmapBits
SetColorSpace
STROBJ_dwGetCodePage
GetObjectType
XLATEOBJ_piVector
GdiRealizationInfo
GdiSetPixelFormat
SetLayout
SetPixel
GetRegionData
CreateDCW
GdiConvertBitmapV5
CreatePatternBrush
SetAbortProc
GetTextFaceW
EnumObjects
RectVisible
bInitSystemAndFontsDirectoriesW
GetTextCharacterExtra
GetTextAlign
StretchDIBits
GdiSwapBuffers
GetClipRgn
PolyTextOutA
GdiEntry4
GdiStartDocEMF
ResetDCA
GetGlyphIndicesW
EnumICMProfilesW
GdiEntry6
UpdateICMRegKeyW
BeginPath
EngDeletePalette
GetLastError
InterlockedDecrement
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetCommandLineW
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
lstrcatW
EncodePointer
GetStartupInfoW
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetProcessHeap
FormatMessageW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
IMPQueryIMEW
GetForegroundWindow
IsCharAlphaNumericW
SetClassLongW
FindWindowW
KillTimer
DestroyMenu
GetDoubleClickTime
EnumDisplayMonitors
GetSystemMetrics
MessageBoxW
OpenIcon
ReleaseCapture
ChildWindowFromPoint
CascadeChildWindows
CopyImage
ChildWindowFromPointEx
SetShellWindow
GetListBoxInfo
RegisterClassW
CloseWindow
DdeGetLastError
CreateWindowStationW
CloseWindowStation
WindowFromDC
CreateMenu
GetMenuStringA
CloseDesktop
IsMenu
GetFocus
CreateWindowExW
GetUpdateRect
GetGUIThreadInfo
DestroyWindow
IsDialogMessageA
GetMenuItemInfoW
OleUninitialize
OleInitialize
Number of PE resources by type
RT_BITMAP 27
RT_ICON 16
IMAGE 12
RT_CURSOR 2
RT_GROUP_CURSOR 2
RT_RCDATA 1
WEVT_TEMPLATE 1
UIFILE 1
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 65
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sticky Notes

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
317952

EntryPoint
0x1b00

OriginalFileName
StikyNot.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:14 23:15:04+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sticky

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
25088

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1e8250372f9b2bb8871501b8c2e161f5
SHA1 3431e0565da17d58e29ae17defbb3177bd0a5b88
SHA256 97d46138628dd93c18c868196a982788190532abd2696be40d4e74a3948dca63
ssdeep
3072:QhFYy7XCQW4rKMXxgT1urCdmr4nSeN5WEghgVI8AFMK/n:1AKCxgAO4GSerEhgVIXFMW

authentihash 1e1358df42bd78fb217edb68bb9fa5a9300e698bd40ac4c4fdaffdd77a4f6eaa
imphash 45aff25b5b855ac704076e88be810879
File size 338.8 KB ( 346888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-14 23:23:52 UTC ( 1 month, 1 week ago )
Last submission 2019-03-14 23:23:52 UTC ( 1 month, 1 week ago )
File names StikyNot.exe
ZoxWAXK7.exe
Sticky
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections