× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a594c5d1009781a99b8505890939c1d72fa5c35f937ae1d13f9a8f5daa49321
File name: ONdCIBHuV2.exe
Detection ratio: 41 / 71
Analysis date: 2018-12-30 12:14:53 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40881355 20181230
AhnLab-V3 Trojan/Win32.Emotet.R250241 20181230
ALYac Trojan.GenericKD.40881355 20181230
Arcabit Trojan.Generic.D26FCCCB 20181230
Avast Win32:MalwareX-gen [Trj] 20181230
AVG Win32:MalwareX-gen [Trj] 20181230
BitDefender Trojan.GenericKD.40881355 20181230
Bkav HW32.Packed. 20181227
Comodo Malware@#1gm22b9x3cn6b 20181230
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181230
Cyren W32/Emotet.LR.gen!Eldorado 20181230
eGambit Unsafe.AI_Score_73% 20181230
Emsisoft Trojan.GenericKD.40881355 (B) 20181230
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOEI 20181230
F-Prot W32/Emotet.LR.gen!Eldorado 20181230
F-Secure Trojan.GenericKD.40881355 20181230
Fortinet W32/GenKryptik.CVGZ!tr 20181230
GData Trojan.GenericKD.40881355 20181230
Ikarus Trojan-Banker.Emotet 20181229
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181230
K7GW Riskware ( 0040eff71 ) 20181230
Kaspersky Trojan-Banker.Win32.Emotet.bxgq 20181230
Malwarebytes Trojan.Emotet 20181230
MAX malware (ai score=97) 20181230
McAfee Emotet-FID!310552184E13 20181230
McAfee-GW-Edition BehavesLike.Win32.Suspect.cc 20181230
Microsoft Trojan:Win32/Emotet.AC!bit 20181230
eScan Trojan.GenericKD.40881355 20181230
Palo Alto Networks (Known Signatures) generic.ml 20181230
Panda Trj/Genetic.gen 20181230
Qihoo-360 HEUR/QVM20.1.29A1.Malware.Gen 20181230
Rising Trojan.Kryptik!8.8 (CLOUD) 20181230
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20181230
Symantec Trojan.Emotet 20181229
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181230
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxgq 20181230
Acronis 20181227
AegisLab 20181230
Alibaba 20180921
Antiy-AVL 20181230
Avast-Mobile 20181229
Avira (no cloud) 20181229
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181229
ClamAV 20181230
CMC 20181229
Cybereason 20180225
DrWeb 20181230
Jiangmin 20181230
Kingsoft 20181230
NANO-Antivirus 20181230
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181230
Tencent 20181230
TheHacker 20181230
TotalDefense 20181230
TrendMicro 20181230
TrendMicro-HouseCall 20181230
Trustlook 20181230
VBA32 20181229
VIPRE 20181230
ViRobot 20181230
Yandex 20181229
Zillya 20181228
Zoner 20181230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp.

Internal name CTL3D32
File version 5.1.2600.2180
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002980
Number of sections 9
PE sections
PE imports
Ellipse
SetThreadLocale
CancelIoEx
TerminateThread
GetTimeZoneInformation
ReadFile
GetCommandLineW
SetEvent
GetCursorPos
GetKeyboardLayout
GetActiveWindow
VkKeyScanExA
GetWindow
GetWindowContextHelpId
SCardIntroduceCardTypeW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
MALTESE DEFAULT 1
PE resources
Debug information
ExifTool file metadata
CodeSize
8192

UninitializedDataSize
114688

LinkerVersion
14.0

ImageVersion
5.1

FileVersionNumber
5.1.2600.2180

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2980

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:18 04:23:20+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 310552184e13bf069cc2bffcfe47581d
SHA1 b7748fcba45c9709ca01de566a5bb846cd43364f
SHA256 9a594c5d1009781a99b8505890939c1d72fa5c35f937ae1d13f9a8f5daa49321
ssdeep
3072:Cu22Gvwv2eutSTpa9cO4KRT1I9uq95DC:JOY2er9ERg9G

authentihash c08b34f2969a56f2e2478ec26d56885dd77067961297e7e5a0a1740d9004eead
imphash 8a9df209c7235a9f562bf124e0656f80
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-28 07:02:05 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-28 07:02:05 UTC ( 1 month, 3 weeks ago )
File names CTL3D32
ONdCIBHuV2.exe
26208728.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!