× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e4cce5f9beb979d85e14c85a8bae84da74eee140908440403504400a9439e36
File name: l0qvICUgA6fcu.exe
Detection ratio: 43 / 70
Analysis date: 2018-12-26 18:09:16 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181226
Ad-Aware Trojan.GenericKD.40867862 20181226
AhnLab-V3 Trojan/Win32.Emotet.R250023 20181226
ALYac Trojan.GenericKD.40867862 20181226
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181226
Arcabit Trojan.Generic.D26F9816 20181226
Avast Win32:Malware-gen 20181226
AVG Win32:Malware-gen 20181226
Avira (no cloud) TR/AD.Emotet.nlpjt 20181226
BitDefender Trojan.GenericKD.40867862 20181226
Comodo Malware@#1e9kxjwkzguf7 20181226
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.5d629e 20180225
Cylance Unsafe 20181226
Emsisoft Trojan.GenericKD.40867862 (B) 20181226
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181226
F-Secure Trojan.GenericKD.40867862 20181226
Fortinet W32/Emotet.BN!tr 20181226
GData Trojan.GenericKD.40867862 20181226
Ikarus Trojan.Win32.Emotet 20181226
K7AntiVirus Trojan ( 0053c4bc1 ) 20181226
K7GW Trojan ( 0053c4bc1 ) 20181226
Kaspersky Trojan-Banker.Win32.Emotet.bwqb 20181226
Malwarebytes Trojan.Emotet 20181226
MAX malware (ai score=100) 20181226
McAfee RDN/PWS-Banker 20181226
McAfee-GW-Edition RDN/PWS-Banker 20181226
Microsoft Trojan:Win32/Emotet.AC!bit 20181226
eScan Trojan.GenericKD.40867862 20181226
Palo Alto Networks (Known Signatures) generic.ml 20181226
Panda Trj/Genetic.gen 20181226
Qihoo-360 HEUR/QVM19.1.1399.Malware.Gen 20181226
Rising Trojan.Kryptik!1.B53E (CLASSIC) 20181226
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181226
Symantec Packed.Generic.517 20181226
Tencent Win32.Trojan-banker.Emotet.Pdvz 20181226
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_FRS.VSN19L18 20181226
TrendMicro-HouseCall TROJ_FRS.VSN19L18 20181226
Webroot W32.Trojan.Emotet 20181226
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bwqb 20181226
AegisLab 20181226
Alibaba 20180921
Avast-Mobile 20181226
Babable 20180918
Baidu 20181207
Bkav 20181224
CAT-QuickHeal 20181226
ClamAV 20181226
CMC 20181225
Cyren 20181226
DrWeb 20181226
eGambit 20181226
F-Prot 20181226
Sophos ML 20181128
Jiangmin 20181226
Kingsoft 20181226
NANO-Antivirus 20181226
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181226
TheHacker 20181225
TotalDefense 20181226
Trustlook 20181226
VBA32 20181226
ViRobot 20181226
Yandex 20181226
Zillya 20181225
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©1983-1990, 199

Product Adobe Type Manager
Original name TortoisePlink.exe
Internal name ATMLIB
File version 6.1.7600.16
Description Microsoft C
Comments Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-24 08:00:10
Entry Point 0x000030EB
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorDacl
GetUserDefaultUILanguage
GetStringScripts
GetProfileStringW
GetModuleHandleA
GetPriorityClass
GetFileSize
GetFileAttributesExA
DeviceIoControl
GetVolumeInformationW
GetSystemRegistryQuota
FormatMessageA
GetProcessWorkingSetSize
QueryIdleProcessorCycleTime
LockFile
FlsFree
LZInit
GetErrorInfo
GetClipboardFormatNameA
SetParent
GetTitleBarInfo
LoadIconW
DefWindowProcW
GetClipboardFormatNameW
IsCharUpperW
DialogBoxParamW
IsWindowEnabled
GetClassLongA
GetPrinterW
MkParseDisplayName
Number of PE resources by type
RT_VERSION 2
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
GERMAN SWISS 2
ENGLISH UK 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.63.0.9999

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
Microsoft C

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
126976

EntryPoint
0x30eb

OriginalFileName
TortoisePlink.exe

MIMEType
application/octet-stream

LegalCopyright
1983-1990, 199

FileVersion
6.1.7600.16

TimeStamp
2018:12:24 00:00:10-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
ATMLIB

ProductVersion
7.02.7600.

UninitializedDataSize
4294967295

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems

CodeSize
280576

ProductName
Adobe Type Manager

ProductVersionNumber
0.63.0.9999

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b81fa8d5d629ec28cd0cab0ed936d82b
SHA1 1e9934bc8d9eb02dd20c7aa30edf8ab0a917b3e6
SHA256 9e4cce5f9beb979d85e14c85a8bae84da74eee140908440403504400a9439e36
ssdeep
3072:DfSiRWcRX87gS9YdA+KZOMNO6fHAlIuM5UUJOmW7jnN:DfSiRWcFrSidA+Kh3fHkIu1UJODv

authentihash 43297048da208fee954124ad8a5d70db1c5b38e1532b715bc862dfda06cb3e99
imphash f536683e8101e90b395627228d85062a
File size 552.0 KB ( 565248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-24 09:04:45 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-24 09:04:45 UTC ( 1 month, 3 weeks ago )
File names ATMLIB
TortoisePlink.exe
l0qvICUgA6fcu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!