× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f3a7efeb46f72dbdacb07e409a23cc78055eb7d5c0dacee9d303d1c49bc2540
File name: xVZ0R6BgJ.exe
Detection ratio: 24 / 69
Analysis date: 2018-10-02 09:50:56 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R238337 20181002
AVG FileRepMalware 20181002
CMC Trojan.Win32.Obfuscated.en!O 20181002
Comodo Heur.Packed.Unknown 20181002
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.60a563 20180225
Cylance Unsafe 20181002
Emsisoft Trojan.Emotet (A) 20181002
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLGM 20181002
Sophos ML heuristic 20180717
McAfee RDN/Generic.grp 20181002
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181002
Microsoft Trojan:Win32/Fuery.B!cl 20181002
Palo Alto Networks (Known Signatures) generic.ml 20181002
Panda Trj/Genetic.gen 20181001
Qihoo-360 Win32/Trojan.88c 20181002
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181002
SentinelOne (Static ML) static engine - malicious 20180926
Symantec Packed.Generic.517 20181002
TrendMicro TROJ_GEN.USJ218 20181002
TrendMicro-HouseCall TROJ_GEN.USJ218 20181002
VBA32 BScope.TrojanBanker.Emotet 20181002
Webroot W32.Trojan.Emotet 20181002
Ad-Aware 20181002
AegisLab 20181002
Alibaba 20180921
ALYac 20181002
Antiy-AVL 20181002
Arcabit 20181002
Avast 20181002
Avast-Mobile 20181002
Avira (no cloud) 20181002
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181002
Bkav 20181001
CAT-QuickHeal 20181001
ClamAV 20181002
Cyren 20181002
DrWeb 20181002
eGambit 20181002
F-Prot 20181002
F-Secure 20181002
Fortinet 20181002
GData 20181002
Ikarus 20181002
Jiangmin 20181002
K7AntiVirus 20181002
K7GW 20181001
Kaspersky 20181002
Kingsoft 20181002
Malwarebytes 20181002
MAX 20181002
eScan 20181002
NANO-Antivirus 20181002
Sophos AV 20181002
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181002
Tencent 20181002
TheHacker 20181001
TotalDefense 20181002
Trustlook 20181002
VIPRE 20181002
ViRobot 20181002
Yandex 20180927
Zillya 20181001
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product GTCoach
Internal name DDODiag
File version 6.1.7600.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-02 03:47:09
Entry Point 0x000055F6
Number of sections 4
PE sections
PE imports
AccessCheckAndAuditAlarmW
CryptImportKey
CertCreateCTLContext
SetMiterLimit
GetDCOrgEx
EnumFontFamiliesExA
MaskBlt
GetNetworkParams
GetInterfaceInfo
GetStdHandle
SystemTimeToFileTime
GetBinaryTypeW
lstrcatA
GetFileSize
GetModuleHandleA
lstrcmpiA
FindFirstFileExA
GetDefaultCommConfigW
GetDateFormatW
CloseHandle
IsBadHugeReadPtr
WaitForMultipleObjects
IsThreadAFiber
SetMailslotInfo
MprConfigInterfaceCreate
NetLocalGroupDelMembers
SafeArrayRedim
glMultMatrixf
RpcMgmtInqComTimeout
RpcBindingSetAuthInfoExA
SetupQueryInfOriginalFileInformationW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceAlias
SetupDiDeleteDeviceInfo
SHRegSetUSValueW
StrCatBuffW
GetCursorPos
GetLastInputInfo
DefFrameProcW
FlashWindow
SetMenu
GetUpdateRgn
LoadCursorW
IsCharLowerW
CreateDesktopW
RealGetWindowClassA
InternetSetStatusCallbackW
InternetSetOptionA
ReadPrinter
AddFormW
WTHelperCertIsSelfSigned
CryptCATStoreFromHandle
FindCertsByIssuer
Ord(30)
Ord(29)
fgetc
wcstod
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:02 05:47:09+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x55f6

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4294967295

File identification
MD5 5b82c3d60a56364fb46eaf9f8c5fde74
SHA1 dd5472f5e822d64a75d1785db0e410e225860059
SHA256 9f3a7efeb46f72dbdacb07e409a23cc78055eb7d5c0dacee9d303d1c49bc2540
ssdeep
3072:D1M+uKOgmkhz0GRSwnCu9yY4leAonHykKQi4YV4+k9M:++xQy/nCYwaSKi4y4D

authentihash e87c2bef939f0995c818ee8552911db3902257b9907a2c6cf4cafdd3390a70fa
imphash b7fb2299cc19fdafe1b5b352d8b1ed0e
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-02 03:49:24 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-03 02:24:14 UTC ( 4 months, 3 weeks ago )
File names 61JOgfpBz.exe
SA8JLuSLCK.exe
iMa5z2OO.exe
L70mf9iRs.exe
fW0nTYUjg.exe
xVZ0R6BgJ.exe
FZdZDprjwV8Y.exe
zHoy7tu3.exe
593.exe
QKbEbADUS.exe
UrY58mmEQh.exe
8bmTIYGyED0h.exe
zGdw2zudn.exe
BLyWKPX9Pi0.exe
failwfp.exe
rcVNgH96a.exe
Lzccsk0gp5f.exe
bqOXYAmVSck.exe
638.exe
cAWbP4hsN1.exe
D6ru562G.exe
DDODiag
vWEFIqwZ183r.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!