× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fd35da1831339d9fe747d63d29d71891346df00ee96148096226ef00c2f8f8b
File name: 29549952.exe
Detection ratio: 34 / 68
Analysis date: 2018-11-04 14:16:57 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31328696 20181104
AhnLab-V3 Trojan/Win32.Emotet.R242486 20181104
ALYac Trojan.Autoruns.GenericKDS.31328696 20181104
Arcabit Trojan.Autoruns.GenericS.D1DE09B8 20181104
Avast Win32:BankerX-gen [Trj] 20181104
AVG Win32:BankerX-gen [Trj] 20181104
BitDefender Trojan.Autoruns.GenericKDS.31328696 20181104
Bkav HW32.Packed. 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.1605ad 20180225
Cylance Unsafe 20181104
Emsisoft Trojan.Autoruns.GenericKDS.31328696 (B) 20181104
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMHD 20181104
Fortinet W32/Kryptik.GMHD!tr 20181104
GData Trojan.Autoruns.GenericKDS.31328696 20181104
Ikarus Trojan.Win32.Crypt 20181104
Sophos ML heuristic 20180717
K7GW Trojan ( 005403631 ) 20181104
Kaspersky Trojan-Banker.Win32.Emotet.bnrz 20181104
Malwarebytes Trojan.Emotet 20181104
McAfee RDN/Generic.grp 20181104
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181104
Microsoft Trojan:Win32/Emotet.AC!bit 20181104
eScan Trojan.Autoruns.GenericKDS.31328696 20181104
Palo Alto Networks (Known Signatures) generic.ml 20181104
Panda Trj/Genetic.gen 20181104
Qihoo-360 Win32/Trojan.c84 20181104
Rising Trojan.Kryptik!8.8 (CLOUD) 20181104
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181104
Symantec Trojan.Emotet 20181103
Webroot W32.Trojan.Emotet 20181104
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bnrz 20181104
AegisLab 20181104
Alibaba 20180921
Antiy-AVL 20181104
Avast-Mobile 20181104
Avira (no cloud) 20181104
Babable 20180918
Baidu 20181102
CAT-QuickHeal 20181104
ClamAV 20181104
CMC 20181104
Cyren 20181104
DrWeb 20181104
eGambit 20181104
F-Prot 20181104
F-Secure 20181104
Jiangmin 20181104
K7AntiVirus 20181104
Kingsoft 20181104
MAX 20181104
NANO-Antivirus 20181104
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181104
Tencent 20181104
TheHacker 20181104
TotalDefense 20181104
TrendMicro 20181104
TrendMicro-HouseCall 20181104
Trustlook 20181104
VBA32 20181102
VIPRE 20181104
ViRobot 20181104
Yandex 20181102
Zillya 20181102
Zoner 20181104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name ttggv (3
File version 1.0
Description ToggleView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-27 17:30:04
Entry Point 0x000035A0
Number of sections 6
PE sections
PE imports
ControlService
GetSecurityDescriptorLength
SetBkMode
OffsetRgn
CreateSolidBrush
WidenPath
GetClipBox
SelectClipRgn
AbortDoc
StretchBlt
GetNamedPipeClientProcessId
SetThreadUILanguage
SetUserGeoID
FreeUserPhysicalPages
ActivateActCtx
GetCommandLineW
IsDebuggerPresent
GetExitCodeThread
GetTapePosition
GetDateFormatEx
SetConsoleTextAttribute
ChrCmpIW
GetPriorityClipboardFormat
GetClipboardViewer
GetMessagePos
GetClipboardSequenceNumber
GetRawInputDeviceList
OpenInputDesktop
GetThreadDesktop
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ToggleView

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x35a0

OriginalFileName
ttggv.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:07:27 19:30:04+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
ttggv (3

ProductVersion
1.0

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micro

CodeSize
12288

ProductName
Microsoft

ProductVersionNumber
1.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fb475f021c19f3018002dadbcb8e3d1e
SHA1 358d9491605adf5537cc39d0496a1626a40c6d2a
SHA256 9fd35da1831339d9fe747d63d29d71891346df00ee96148096226ef00c2f8f8b
ssdeep
3072:xqokWgo7APEsGJMXe1bermaxGBBgfyKa:sWgo7APEDJmm676

authentihash d229a0874a0c4a79483537b857d8cfab9f273a21946028eb0789439fb443b55a
imphash 5ca89ea80f1d1776d1dacc866ef00a7a
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (59.0%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-02 12:42:46 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-02 12:42:46 UTC ( 5 months, 3 weeks ago )
File names dimshlp.exe
ttggv (3
29549952.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!