× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f7661468c90f92b6b0b4aa6a2f25be1d552d8c230dd8569f02180e3806efc37
File name: 29B42D.exe
Detection ratio: 19 / 66
Analysis date: 2018-08-03 18:19:40 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180803
AVG FileRepMalware 20180803
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9853 20180802
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJND 20180803
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180803
McAfee Artemis!0A3484B60D42 20180803
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180803
Microsoft Trojan:Win32/Emotet.AC!bit 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180803
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180803
Symantec ML.Attribute.HighConfidence 20180803
TrendMicro TrojanSpy.Win32.EMOTET.SMTHG.hp 20180803
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180803
Ad-Aware 20180803
AegisLab 20180803
AhnLab-V3 20180803
Alibaba 20180713
ALYac 20180803
Antiy-AVL 20180803
Arcabit 20180803
Avast-Mobile 20180803
Avira (no cloud) 20180803
AVware 20180727
BitDefender 20180803
Bkav 20180803
CAT-QuickHeal 20180803
ClamAV 20180803
CMC 20180803
Comodo 20180803
Cybereason 20180225
Cyren 20180803
DrWeb 20180803
eGambit 20180803
Emsisoft 20180803
F-Prot 20180803
F-Secure 20180803
Fortinet 20180803
GData 20180803
Jiangmin 20180803
K7AntiVirus 20180803
K7GW 20180803
Kingsoft 20180803
Malwarebytes 20180803
MAX 20180803
eScan 20180803
NANO-Antivirus 20180803
Panda 20180803
Qihoo-360 20180803
SUPERAntiSpyware 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
Tencent 20180803
TheHacker 20180802
TotalDefense 20180803
TrendMicro-HouseCall 20180803
Trustlook 20180803
VBA32 20180803
VIPRE 20180803
ViRobot 20180803
Webroot 20180803
Yandex 20180803
Zillya 20180803
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-03 21:30:40
Entry Point 0x0000DD9F
Number of sections 6
PE sections
PE imports
PeekNamedPipe
GetFileTime
GetTimeZoneInformation
GetThreadIOPendingFlag
GetCurrentProcessId
SetFilePointer
GetNamedPipeServerProcessId
PostQueuedCompletionStatus
GetCommandLineA
GetWindowThreadProcessId
IsCharAlphaNumericA
GetSystemMetrics
GetLastActivePopup
CheckDlgButton
GetDesktopWindow
GetInputState
SCardLocateCardsW
Number of PE resources by type
RT_BITMAP 30
RT_STRING 26
RT_RCDATA 11
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 52
ENGLISH US 8
ENGLISH NEUTRAL 7
RUSSIAN 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:03 23:30:40+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
11.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xdd9f

InitializedDataSize
208896

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
45056

File identification
MD5 0a3484b60d423efb6bc055fac061049c
SHA1 072f395f2c4f98f3136458ce611d8e7c64c3fad7
SHA256 9f7661468c90f92b6b0b4aa6a2f25be1d552d8c230dd8569f02180e3806efc37
ssdeep
3072:I097cSp0QN5rR+rS0uej3Ri0+v/mi0/515HFjVuIvd+9AKKsL8Lgo:j+QN5r0u0ljBi0+vlS51Tp/YuBg

authentihash e47aaec110cee217374ef2b83512be8ce9151f0232c6545ec2fdbedd005b32ec
imphash 727ae0012d9689c81a3b203d92adaa4f
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-03 14:50:59 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-03 14:50:59 UTC ( 6 months, 2 weeks ago )
File names 29B42D.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!