× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9bf9014e9db112c79ac5c0cbafcd5d8b11db360904f981f420ff8ca367a816ff
File name: 9bf9014e9db112c79ac5c0cbafcd5d8b11db360904f981f420ff8ca367a816ff
Detection ratio: 17 / 67
Analysis date: 2018-04-24 15:09:26 UTC ( 10 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180424
AVG FileRepMalware 20180424
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180424
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180424
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFZY 20180424
Fortinet W32/Kryptik.GFRM!tr 20180424
GData Win32.Trojan-Spy.Emotet.AB 20180424
Sophos ML heuristic 20180121
K7GW Hacktool ( 700007861 ) 20180424
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20180423
Microsoft Trojan:Win32/Fuerboos.A!cl 20180424
Palo Alto Networks (Known Signatures) generic.ml 20180424
Qihoo-360 HEUR/QVM19.1.B84F.Malware.Gen 20180424
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180424
Ad-Aware 20180424
AegisLab 20180424
AhnLab-V3 20180424
Alibaba 20180424
ALYac 20180424
Antiy-AVL 20180418
Arcabit 20180424
Avast-Mobile 20180423
Avira (no cloud) 20180424
AVware 20180424
Babable 20180406
BitDefender 20180424
Bkav 20180424
CAT-QuickHeal 20180424
ClamAV 20180424
CMC 20180424
Comodo 20180424
Cybereason None
Cyren 20180424
DrWeb 20180424
eGambit 20180424
Emsisoft 20180424
F-Prot 20180424
F-Secure 20180424
Ikarus 20180424
Jiangmin 20180424
K7AntiVirus 20180424
Kaspersky 20180424
Kingsoft 20180424
Malwarebytes 20180424
MAX 20180424
McAfee 20180424
eScan 20180424
NANO-Antivirus 20180424
nProtect 20180424
Panda 20180424
Rising 20180424
Sophos AV 20180424
SUPERAntiSpyware 20180424
Symantec Mobile Insight 20180419
Tencent 20180424
TheHacker 20180423
TotalDefense 20180424
TrendMicro 20180424
TrendMicro-HouseCall 20180424
Trustlook 20180424
VBA32 20180424
VIPRE 20180424
ViRobot 20180424
Webroot 20180424
Yandex 20180424
Zillya 20180423
ZoneAlarm by Check Point 20180424
Zoner 20180424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name net.exe
Internal name net.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Net Command
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00001975
Number of sections 5
PE sections
PE imports
RegConnectRegistryA
GetKernelObjectSecurity
FrameRgn
ReadConsoleA
SwitchToThread
Heap32ListFirst
GetBinaryTypeW
GetOEMCP
GetSystemDefaultLCID
CreateMemoryResourceNotification
FlsGetValue
FlsFree
SetSystemTimeAdjustment
NetUserGetGroups
DispCallFunc
VarBoolFromI8
GetParent
ReuseDDElParam
TranslateAcceleratorA
IsProcessDPIAware
GetMenuState
DestroyMenu
mouse_event
RealChildWindowFromPoint
IsHungAppWindow
SetWindowPos
Ord(30)
MonikerRelativePathTo
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
127.6

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x1975

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.1

UninitializedDataSize
1070112495

File identification
MD5 ee9f0a538c49ce6d76bc15756c242457
SHA1 6f20ddd578484fc725851133a67013cb3cd81885
SHA256 9bf9014e9db112c79ac5c0cbafcd5d8b11db360904f981f420ff8ca367a816ff
ssdeep
3072:KmDPPJPznQjexBGT8o8MYEmuHYdhH0TSiBfpJ1mMkkj6:K8PRPjQq68MYEmuHY7H0TSiXCk

authentihash 937ad4e3974890ad16c2b2c416887a9fb04d814d1001691b33a9b77bebf8edc9
imphash 4354707960c3f1d6acdc5fd819d2d2cc
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-24 15:08:23 UTC ( 10 months ago )
Last submission 2018-07-30 06:22:18 UTC ( 6 months, 3 weeks ago )
File names 9880.exe
3.vir
2.vir
net.exe
0112.exe
bthpanfondue.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!