× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e42d331cdd1652998c456cadb5c9b31c9d10d79f96300221296ab8abfa27cba
File name: 024516b7611909efbcc588bf5066b295
Detection ratio: 48 / 67
Analysis date: 2018-10-24 05:43:29 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30706647 20181024
AhnLab-V3 Malware/Win32.Generic.C2492532 20181023
ALYac Trojan.GenericKD.30706647 20181024
Antiy-AVL Trojan/Win32.Agent 20181023
Arcabit Trojan.Generic.D1D48BD7 20181024
Avast Win32:Malware-gen 20181024
AVG Win32:Malware-gen 20181024
Avira (no cloud) HEUR/AGEN.1032275 20181023
BitDefender Trojan.GenericKD.30706647 20181024
CAT-QuickHeal Trojan.Emotet.X4 20181022
ClamAV Win.Trojan.Emotet-6536710-0 20181023
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20181024
Cyren W32/Trojan.BHI.gen!Eldorado 20181024
Emsisoft Trojan.GenericKD.30706647 (B) 20181024
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GGHE 20181024
F-Prot W32/Trojan.BHI.gen!Eldorado 20181024
F-Secure Trojan.GenericKD.30706647 20181024
Fortinet W32/Kryptik.GHTB!tr 20181024
GData Win32.Trojan-Spy.Emotet.QA 20181024
Ikarus Trojan.Win32.Crypt 20181023
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0052f9da1 ) 20181023
K7GW Trojan ( 0052f9da1 ) 20181024
Kaspersky HEUR:Trojan.Win32.Generic 20181024
Malwarebytes Trojan.Emotet 20181024
MAX malware (ai score=98) 20181024
McAfee Emotet-FDM!024516B76119 20181024
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181024
Microsoft Trojan:Win32/Occamy.C 20181024
eScan Trojan.GenericKD.30706647 20181024
NANO-Antivirus Trojan.Win32.Kryptik.fbgmjl 20181024
Palo Alto Networks (Known Signatures) generic.ml 20181024
Panda Trj/Genetic.gen 20181023
Qihoo-360 HEUR/QVM20.1.E547.Malware.Gen 20181024
Rising Trojan.Kryptik!8.8 (CLOUD) 20181024
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181024
Symantec Packed.Generic.517 20181024
Tencent Win32.Trojan.Generic.Chh 20181024
TrendMicro TSPY_EMOTET.THHBBAH 20181024
TrendMicro-HouseCall TSPY_EMOTET.THHBBAH 20181024
VBA32 BScope.Trojan.Agent 20181023
Webroot W32.Trojan.Emotet 20181024
Yandex Trojan.Agent!uQ1qXcfAgU4 20181022
Zillya Trojan.GenericKD.Win32.158884 20181023
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181024
AegisLab 20181024
Alibaba 20180921
Avast-Mobile 20181023
Babable 20180918
Baidu 20181023
Bkav 20181023
CMC 20181023
Cybereason 20180225
DrWeb 20181024
eGambit 20181024
Jiangmin 20181024
Kingsoft 20181024
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181024
TheHacker 20181023
TotalDefense 20181023
Trustlook 20181024
ViRobot 20181024
Zoner 20181023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©1983-1990, 1993-2004 Adobe Systems Inc.

Product Adobe Type Manager
Original name ATMLIB.DLL
Internal name ATMLIB
File version 5.1 Build 230
Description Windows NT OpenType/Type 1 API Library.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-02 14:10:29
Entry Point 0x000014E1
Number of sections 6
PE sections
PE imports
GetSystemDefaultLCID
lstrlenA
CreateMemoryResourceNotification
SetSystemTimeAdjustment
TlsSetValue
IsProcessDPIAware
RealChildWindowFromPoint
GetParent
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
96768

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2.230

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows NT OpenType/Type 1 API Library.

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x14e1

OriginalFileName
ATMLIB.DLL

MIMEType
application/octet-stream

LegalCopyright
1983-1990, 1993-2004 Adobe Systems Inc.

FileVersion
5.1 Build 230

TimeStamp
2018:05:02 14:10:29+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
ATMLIB

ProductVersion
5.1 Build 230

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems

LegalTrademarks
Adobe, Multiple Master, ATM, Adobe Type Manager, Postscript, and others are Trademarks of Adobe Systems.

ProductName
Adobe Type Manager

ProductVersionNumber
5.1.2.230

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 024516b7611909efbcc588bf5066b295
SHA1 4e99734609cbe0924295efd18d665b10f24442b5
SHA256 9e42d331cdd1652998c456cadb5c9b31c9d10d79f96300221296ab8abfa27cba
ssdeep
1536:4p+/li6ZdBxcrxy+dczm7uig5Wx3PyvrLK28w+AWwgDBa0dL2/6n+z:4p+9i6rBMdc6vmgPErcwfgDBaU7n+z

authentihash c8c838b70fe78ae9c16c0637141a08639d3d63626579109167320b301e308016
imphash f7d51940400ac1aa71a199ecf31e53eb
File size 127.5 KB ( 130560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-07 18:44:41 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-27 17:43:37 UTC ( 8 months, 4 weeks ago )
File names ATMLIB
ATMLIB.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!