× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a01fdfba8e0efff6b1252470be99ae38db4689f50372f738c2e53babaf3c1963
File name: 0001.exe
Detection ratio: 46 / 71
Analysis date: 2019-01-18 02:39:10 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Gen:Variant.Razy.450402 20190118
AhnLab-V3 Trojan/Win32.FCN.R251902 20190118
ALYac Trojan.Agent.Emotet 20190118
Arcabit Trojan.Razy.D6DF62 20190118
Avast Win32:Trojan-gen 20190118
AVG Win32:Trojan-gen 20190118
Avira (no cloud) TR/AD.Emotet.skjgz 20190117
BitDefender Gen:Variant.Razy.450402 20190118
ClamAV Win.Malware.Emotet-6817631-0 20190117
Comodo Malware@#anuf95qxirb1 20190118
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190118
Cyren W32/Trojan.YCXE-3893 20190118
DrWeb Trojan.EmotetENT.347 20190118
Emsisoft Gen:Variant.Razy.450402 (B) 20190118
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GORC 20190117
F-Secure Gen:Variant.Razy.450402 20190117
Fortinet W32/GenKryptik.CWOX!tr 20190117
GData Gen:Variant.Razy.450402 20190117
Ikarus Trojan-Banker.Emotet 20190117
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545a101 ) 20190117
K7GW Trojan ( 00545a101 ) 20190117
Kaspersky Trojan-Banker.Win32.Emotet.bzul 20190117
Malwarebytes Trojan.Emotet 20190117
MAX malware (ai score=100) 20190118
McAfee RDN/Generic.dx 20190117
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190117
Microsoft Trojan:Win32/Emotet.M 20190117
eScan Gen:Variant.Razy.450402 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190118
Panda Trj/RnkBend.A 20190117
Qihoo-360 Win32/Trojan.aa8 20190118
Rising Trojan.Emotet!8.B95 (CLOUD) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/Emotet-AUO 20190117
Symantec Trojan.Gen.2 20190117
Tencent Win32.Trojan-banker.Emotet.Phgn 20190118
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAFAI 20190117
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAFAI 20190118
VBA32 BScope.Trojan.Refinka 20190117
Webroot W32.Trojan.Emotet 20190118
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bzul 20190118
AegisLab 20190118
Alibaba 20180921
Antiy-AVL 20190118
Avast-Mobile 20190117
Babable 20180918
Baidu 20190117
Bkav 20190117
CAT-QuickHeal 20190117
CMC 20190117
Cybereason 20190109
eGambit 20190118
F-Prot 20190117
Jiangmin 20190117
Kingsoft 20190118
NANO-Antivirus 20190117
SUPERAntiSpyware 20190116
TACHYON 20190118
TheHacker 20190115
TotalDefense 20190117
Trustlook 20190118
VIPRE 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190117
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald. Copyright © 1998 Sebastian Wilhelmi. Modified by the GLib Team and others 1997-2000.

Product GLib
Original name libgthread-2.0-0.dll
Internal name libgthread-2.0-0
File version 2.4.2.0
Description GThread
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-18 00:54:48
Entry Point 0x00003DE0
Number of sections 10
PE sections
PE imports
PaintRgn
SetBitmapDimensionEx
GetLastError
TlsFree
ReadFile
GlobalAlloc
GetTickCount
IsProcessInJob
GetSystemTimeAsFileTime
GetCommandLineA
CancelSynchronousIo
GetTapeStatus
VarCyFromI1
I_RpcServerSetAddressChangeFn
GetCursorPos
GetFocus
BeginDeferWindowPos
GetKeyboardType
GetMenuItemRect
InternetOpenUrlW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.56

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.4.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
GThread

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x3de0

OriginalFileName
libgthread-2.0-0.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald. Copyright 1998 Sebastian Wilhelmi. Modified by the GLib Team and others 1997-2000.

FileVersion
2.4.2.0

TimeStamp
2004:06:18 01:54:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
libgthread-2.0-0

ProductVersion
2.4.2

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The GLib developer community

CodeSize
16384

ProductName
GLib

ProductVersionNumber
2.4.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 bc6d6ab13d204867325afc7873cd9898
SHA1 1471e7c858700711c291e23205c90a9c4bbb18c7
SHA256 a01fdfba8e0efff6b1252470be99ae38db4689f50372f738c2e53babaf3c1963
ssdeep
3072:N93L3ppXo/NTeEMt0C/X9HoENkH7k61bqLqfnbNl:N93rX6leaCFIY61bqLqf

authentihash 12c8ee637a7c1cd4d2d0a57ac1ad25b63f3e7c5dc8748c5dd0652571bebe1efc
imphash 213be075f90d64c250fd09c44b6a30f1
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-15 22:11:25 UTC ( 1 month, 1 week ago )
Last submission 2019-01-27 18:39:49 UTC ( 3 weeks, 4 days ago )
File names 21_Rn_EpeV73d4.exe
Hy4yX_lOCFEgNn.exe
zuQHiSim_4SLLCEwy_ngPD9hcPz.exe
0w_vi.exe
UyoI_B.exe
8_SNG89cH.exe
zjDAdVc_u9Xn_PQIv4W.exe
dHsw_WrcOF.exe
7_nyhd6W22y.exe
K_KmCsnR3D.exe
LivSv7_P6a_5dl.exe
qQe_tSN2LvhV.exe
emotet_e2_a01fdfba8e0efff6b1252470be99ae38db4689f50372f738c2e53babaf3c1963_2019-01-15__221001.exe_
Ci_Y.exe
93F8_JJdC.exe
AM6m_zBSp_HduX.exe
jlC0C_0uyAD_pjyZndk.exe
DphpggoJ_sIG.exe
GnTqH8S_p8tr.exe
94kPc7_pqW_9isBL81u.exe
TqHpLfX_L.exe
1DSMnB5_bwcnnX21.exe
WDPPcguG_AW3YAnYd.exe
RqRdDiU0_0Rj0TO_dXY.exe
dkSO_0.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!