Antivirus scan for 9f7661468c90f92b6b0b4aa6a2f25be1d552d8c230dd8569f02180e3806efc37 at 2018-08-03 18:19:40 UTC

Antivirus	Result	Update
Avast	FileRepMalware	20180803
AVG	FileRepMalware	20180803
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9853	20180802
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20180723
Cylance	Unsafe	20180803
Endgame	malicious (high confidence)	20180730
ESET-NOD32	a variant of Win32/Kryptik.GJND	20180803
Sophos ML	heuristic	20180717
Kaspersky	UDS:DangerousObject.Multi.Generic	20180803
McAfee	Artemis!0A3484B60D42	20180803
McAfee-GW-Edition	BehavesLike.Win32.Generic.dm	20180803
Microsoft	Trojan:Win32/Emotet.AC!bit	20180803
Palo Alto Networks (Known Signatures)	generic.ml	20180803
Rising	Trojan.Fuerboos!8.EFC8 (CLOUD)	20180803
SentinelOne (Static ML)	static engine - malicious	20180701
Sophos AV	Mal/Generic-S	20180803
Symantec	ML.Attribute.HighConfidence	20180803
TrendMicro	TrojanSpy.Win32.EMOTET.SMTHG.hp	20180803
ZoneAlarm by Check Point	UDS:DangerousObject.Multi.Generic	20180803
Ad-Aware		20180803
AegisLab		20180803
AhnLab-V3		20180803
Alibaba		20180713
ALYac		20180803
Antiy-AVL		20180803
Arcabit		20180803
Avast-Mobile		20180803
Avira (no cloud)		20180803
AVware		20180727
BitDefender		20180803
Bkav		20180803
CAT-QuickHeal		20180803
ClamAV		20180803
CMC		20180803
Comodo		20180803
Cybereason		20180225
Cyren		20180803
DrWeb		20180803
eGambit		20180803
Emsisoft		20180803
F-Prot		20180803
F-Secure		20180803
Fortinet		20180803
GData		20180803
Jiangmin		20180803
K7AntiVirus		20180803
K7GW		20180803
Kingsoft		20180803
Malwarebytes		20180803
MAX		20180803
eScan		20180803
NANO-Antivirus		20180803
Panda		20180803
Qihoo-360		20180803
SUPERAntiSpyware		20180803
Symantec Mobile Insight		20180801
TACHYON		20180803
Tencent		20180803
TheHacker		20180802
TotalDefense		20180803
TrendMicro-HouseCall		20180803
Trustlook		20180803
VBA32		20180803
VIPRE		20180803
ViRobot		20180803
Webroot		20180803
Yandex		20180803
Zillya		20180803
Zoner		20180803

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-08-03 21:30:40

Entry Point 0x0000DD9F

Number of sections 6

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 64976 61440 1.90 53f753737fef2df7b81d2ab6c5e9f3ea

.rdata 69632 1346 4096 2.02 bedccc0917c2d99ec1864b85bda5026f

.crt 73728 21 4096 0.00 620f0b67a91f7f74151bc5be745b7110

.code 77824 19356 20480 7.18 a70be8e8ee8466ed25476624241c5096

.qdata 98304 89060 90112 7.41 f4bbae057bc10e3fa6bdf3090864f216

.rsrc 188416 87096 90112 5.70 3b7010c9b8a9bb764c9d52bbede09b9c

PE imports

[+] KERNEL32.dll

[+] USER32.dll

[+] WinSCard.dll

Number of PE resources by type

RT_BITMAP 30

RT_STRING 26

RT_RCDATA 11

RT_DIALOG 1

RT_MANIFEST 1

Number of PE resources by language

NEUTRAL 52

ENGLISH US 8

ENGLISH NEUTRAL 7

RUSSIAN 2

PE resources

002297dd78bcc736749cd8a73c66667a23be83ab555667f7372edd0fb58450ea ASCII text

043682eb90c932a3cc5509e78b522fe3f84bf8096075270a4eebc2b2bdd973a4 ASCII text

06dbfdc99d88b330f738d8228ba99235f089e3a7f0a48b5eb4fc97e229213e12 ASCII text

07f91bf80013d5f7dd9c253df1e4dfa1dba6201fc7fef3d8f5f1d9ded328e9c6 ASCII text

0da580a81768fc7dcd1b4f0cb0d8616024268920c0605f6f2e52da9d2bfbc416 data

0f5248f16fe2b1e73aa9be760a6f0bef933dc09e3cc6d8a8958eae1ce0bd0f97 data

114c0212a79d7d5628f288bbffbee1ff2301fbab92902251ccb3477a04a3086a image/x-png

139d2aad11f0234cc20811dd81744ab189aa17cb661a3ffbca86bf05401d41e6 ASCII text

19ed3fc2a9d71dc4c9d27a03de9a01c3a428d011c6fe0291bd45b333847ce463 ASCII text

1d67053ca2168bfce200fb54328be11fdd08350e422a83dc49474a247bd38988 data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_UNKNOWN (0) Thu Jan 1 00:00:00 1970 0 0 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:08:03 23:30:40+02:00

FileType

Win32 EXE

PEType

PE32

CodeSize

LinkerVersion

11.0

ImageFileCharacteristics

No relocs, Executable, 32-bit

EntryPoint

0xdd9f

InitializedDataSize

208896

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

6.0

UninitializedDataSize

45056

File identification

MD5 0a3484b60d423efb6bc055fac061049c

SHA1 072f395f2c4f98f3136458ce611d8e7c64c3fad7

SHA256 9f7661468c90f92b6b0b4aa6a2f25be1d552d8c230dd8569f02180e3806efc37

ssdeep

3072:I097cSp0QN5rR+rS0uej3Ri0+v/mi0/515HFjVuIvd+9AKKsL8Lgo:j+QN5r0u0ljBi0+vlS51Tp/YuBg

authentihash e47aaec110cee217374ef2b83512be8ce9151f0232c6545ec2fdbedd005b32ec

imphash 727ae0012d9689c81a3b203d92adaa4f

File size 268.0 KB ( 274432 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-08-03 14:50:59 UTC ( 6 months, 2 weeks ago )

Last submission 2018-08-03 14:50:59 UTC ( 6 months, 2 weeks ago )

File names

29B42D.exe

SHA256:	9f7661468c90f92b6b0b4aa6a2f25be1d552d8c230dd8569f02180e3806efc37
File name:	29B42D.exe
Detection ratio:	19 / 66
Analysis date:	2018-08-03 18:19:40 UTC ( 6 months, 2 weeks ago ) View latest

Ciphered bundle