× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a6e93d05af310ddd8e93b06b3caac8f73773f0f14b464656f3dc016d451f5e2
File name: 9a6e93d05af310ddd8e93b06b3caac8f73773f0f14b464656f3dc016d451f5e2
Detection ratio: 46 / 68
Analysis date: 2017-11-10 04:19:35 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6166105 20171110
AegisLab Troj.W32.Dovs!c 20171110
AhnLab-V3 Trojan/Win32.Emotet.R212293 20171110
ALYac Trojan.GenericKD.6166105 20171110
Antiy-AVL Trojan/Win32.TSGeneric 20171110
Arcabit Trojan.Generic.D5E1659 20171110
Avast Win32:Dropper-gen [Drp] 20171110
AVG Win32:Dropper-gen [Drp] 20171110
Avira (no cloud) TR/Crypt.ZPACK.fgqog 20171110
AVware Trojan.Win32.Generic!BT 20171110
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
BitDefender Trojan.GenericKD.6166105 20171110
CAT-QuickHeal Trojan.Dovs 20171110
ClamAV Win.Trojan.Emotet-6367626-0 20171110
Comodo UnclassifiedMalware 20171110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171110
eGambit Unsafe.AI_Score_86% 20171110
Emsisoft Trojan.Crypt (A) 20171110
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYQZ 20171110
F-Secure Trojan.GenericKD.6166105 20171110
Fortinet W32/GenKryptik.BBHY!tr 20171110
GData Win32.Trojan-Spy.Emotet.EZ 20171110
Ikarus Trojan.Win32.Crypt 20171110
K7AntiVirus Trojan ( 0051b2731 ) 20171110
K7GW Trojan ( 0051b2731 ) 20171110
Kaspersky Trojan.Win32.Dovs.bib 20171110
Malwarebytes Trojan.Emotet 20171110
MAX malware (ai score=100) 20171110
McAfee Emotet-FDI! 20171110
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20171110
Microsoft Trojan:Win32/Emotet.P 20171110
eScan Trojan.GenericKD.6166105 20171110
Palo Alto Networks (Known Signatures) generic.ml 20171110
Panda Trj/RnkBend.A 20171110
Qihoo-360 HEUR/QVM20.1.0351.Malware.Gen 20171110
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171110
Symantec Ransom.Kovter 20171110
TrendMicro TROJ_GEN.R002C0OK717 20171110
TrendMicro-HouseCall TSPY_EMOTET.SMOK 20171110
VIPRE Trojan.Win32.Generic!BT 20171110
ViRobot Trojan.Win32.Z.Razy.103424.BE 20171110
Webroot W32.Trojan.Emotet 20171110
ZoneAlarm by Check Point Trojan.Win32.Dovs.bib 20171110
Alibaba 20170911
Avast-Mobile 20171110
Bkav 20171110
CMC 20171109
Cybereason 20171030
Cyren 20171110
DrWeb 20171110
F-Prot 20171110
Sophos ML 20170914
Jiangmin 20171110
Kingsoft 20171110
NANO-Antivirus 20171110
nProtect 20171110
Rising 20171110
SUPERAntiSpyware 20171110
Symantec Mobile Insight 20171110
Tencent 20171110
TheHacker 20171102
TotalDefense 20171110
Trustlook 20171110
VBA32 20171110
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
Zoner 20171110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) A-Ray Software. All rights reserved.

Product A-Ray Scanner v2
Original name A-Ray Scanner v2.exe
Internal name A-Ray Scanner v2.exe
File version 2.0.2.3
Description A-Ray Scanner v2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-06 21:10:34
Entry Point 0x00001790
Number of sections 7
PE sections
PE imports
ImageList_Create
PropertySheetA
CryptSIPRetrieveSubjectGuid
JetSetIndexRange
ReadConsoleA
SetThreadLocale
lstrlenW
MoveFileExW
lstrlenA
lstrcatA
SetComputerNameW
GetEnvironmentVariableW
lstrcpyA
GetVersion
InitializeSListHead
AddAtomW
GetLocalTime
MprInfoCreate
RasGetConnectStatusA
RpcServerRegisterAuthInfoW
RpcBindingInqAuthClientExW
SHChangeNotify
SHGetDiskFreeSpaceExW
FindExecutableA
PathRemoveExtensionW
UrlGetPartA
PathFindFileNameW
TileWindows
TabbedTextOutA
OemToCharBuffW
ShowCursor
EnumPrintersA
AddPrinterW
SCardListInterfacesA
memcpy
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.2.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
88064

EntryPoint
0x1790

OriginalFileName
A-Ray Scanner v2.exe

MIMEType
application/octet-stream

LegalCopyright
(c) A-Ray Software. All rights reserved.

FileVersion
2.0.2.3

TimeStamp
2017:11:06 22:10:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
A-Ray Scanner v2.exe

ProductVersion
2.0.2.3

FileDescription
A-Ray Scanner v2

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MutantSoftware

CodeSize
16384

ProductName
A-Ray Scanner v2

ProductVersionNumber
2.0.2.3

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 80c4d43717139c94962dfb515c4a35b0
SHA1 7248fc18f5727e6a1b31cee9238ab604342ae5a7
SHA256 9a6e93d05af310ddd8e93b06b3caac8f73773f0f14b464656f3dc016d451f5e2
ssdeep
3072:LH4Lbha/AmNA3I5vZsJH605v/q4vtkvZfOyop5A7:LmqzOyE5

authentihash e8bb83f5451ca0601211d2a5fbb0fd7e410c8140f8b6be712a3183112105c370
imphash bcdf526f14f66c7763c86a71fb14270f
File size 101.0 KB ( 103424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-07 12:30:52 UTC ( 10 months, 3 weeks ago )
Last submission 2017-12-12 18:12:09 UTC ( 9 months, 2 weeks ago )
File names 80c4d43717139c94962dfb515c4a35b0.virobj
29943544.exe
1002-7248fc18f5727e6a1b31cee9238ab604342ae5a7
A-Ray Scanner v2.exe
9a6e93d05af310ddd8e93b06b3caac8f73773f0f14b464656f3dc016d451f5e2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications