× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e9421dc8e819e647336612416d75cd3294edc09e156dc92717627c5d621362a
File name: 26405320.EXE
Detection ratio: 37 / 67
Analysis date: 2018-10-17 09:45:57 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DGRZ 20181017
ALYac Trojan.Agent.DGRZ 20181017
Arcabit Trojan.Agent.DGRZ 20181017
Avast Win32:MalwareX-gen [Trj] 20181017
AVG Win32:MalwareX-gen [Trj] 20181017
BitDefender Trojan.Agent.DGRZ 20181017
Bkav HW32.Packed. 20181016
ClamAV Win.Trojan.Emotet-6707392-0 20181017
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20181017
Emsisoft Trojan.Agent.DGRZ (B) 20181017
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLRF 20181017
F-Secure Trojan.Agent.DGRZ 20181017
Fortinet W32/Generic.AC.4294BF 20181017
GData Trojan.Agent.DGRZ 20181017
Ikarus Trojan.Win32.Crypt 20181017
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053f0e91 ) 20181017
K7GW Trojan ( 0053f0e91 ) 20181017
Kaspersky Trojan-Banker.Win32.Emotet.biws 20181017
Malwarebytes Trojan.Emotet 20181017
MAX malware (ai score=100) 20181017
McAfee Emotet-FIB!31BF773E3B81 20181017
McAfee-GW-Edition Artemis!Trojan 20181017
eScan Trojan.Agent.DGRZ 20181017
Palo Alto Networks (Known Signatures) generic.ml 20181017
Panda Trj/Genetic.gen 20181016
Qihoo-360 HEUR/QVM20.1.8F75.Malware.Gen 20181017
Rising Trojan.Kryptik!8.8 (CLOUD) 20181017
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181017
Symantec Trojan.Emotet 20181017
Tencent Win32.Trojan-banker.Emotet.Ljkp 20181017
TrendMicro-HouseCall TROJ_GEN.R020H05JG18 20181017
Webroot W32.Trojan.Emotet 20181017
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.biws 20181017
AegisLab 20181017
AhnLab-V3 20181017
Alibaba 20180921
Antiy-AVL 20181017
Avast-Mobile 20181017
Avira (no cloud) 20181017
Babable 20180918
Baidu 20181017
CAT-QuickHeal 20181013
CMC 20181016
Comodo 20181017
Cybereason 20180225
Cyren 20181017
DrWeb 20181017
eGambit 20181017
F-Prot 20181017
Jiangmin 20181017
Kingsoft 20181017
Microsoft 20181017
NANO-Antivirus 20181017
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181017
TheHacker 20181015
TrendMicro 20181017
Trustlook 20181017
VBA32 20181017
VIPRE 20181017
ViRobot 20181017
Yandex 20181016
Zillya 20181017
Zoner 20181016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2004-2006 Pooll Software Studio. All rights reserved.

Product Pooll
Original name Pooll.dll
Internal name poollib
Description Ringo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-16 09:15:11
Entry Point 0x00003080
Number of sections 5
PE sections
PE imports
SetUserFileEncryptionKey
IsTokenRestricted
CM_Get_Child
CryptQueryObject
GetPixelFormat
GetTextCharset
LocalFree
GetUserDefaultLangID
WaitForDebugEvent
GetCurrentProcessorNumber
SetConsoleCP
GetCommandLineW
GetConsoleDisplayMode
GetLogicalDrives
GetSystemPowerStatus
SetCurrentDirectoryA
SetupDiEnumDeviceInfo
DdeQueryConvInfo
ToAscii
ShowCursor
IsChild
midiOutSetVolume
SCardCancel
Number of PE resources by type
RT_DIALOG 5
RT_STRING 4
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.12.1215

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ringo

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
151552

EntryPoint
0x3080

OriginalFileName
Pooll.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004-2006 Pooll Software Studio. All rights reserved.

TimeStamp
2018:10:16 02:15:11-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
poollib

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
110592

ProductName
Pooll

ProductVersionNumber
2.0.12.1215

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 31bf773e3b81a104361c4669f277755b
SHA1 b175eb8bd1c5a1128b0b5bb4001fe6b516e1f9f8
SHA256 9e9421dc8e819e647336612416d75cd3294edc09e156dc92717627c5d621362a
ssdeep
3072:aRWW8+hZMyiLd2v4mzdwcrOxIURNDmZB30ldRukaB6cahYj:xWDfMCv4mZvrzURxQEkkaB6c

authentihash 04989b2627192e2e5895738e78c2c4cd771715568eaa636dcf474716a5445bf9
imphash 27a94d1ff557045e31876c5a7ec3d29a
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-16 09:17:45 UTC ( 4 months ago )
Last submission 2018-11-16 19:09:24 UTC ( 3 months ago )
File names 26405320.EXE
poollib
Pooll.dll
2HE8ELE2RJ8AV663X.EXE
Z2XLHHQECHDHJ.EXE
hKPbxAv2PjeoO.exe
unitydynamic.exe.VIRUS
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!