× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0876e54e11250ac4041587350d7d5455f09123d0ba8cd199ba0b93c10aa6b4e
File name: 119d2f25ba759188bab24b0111779f8c.virus
Detection ratio: 38 / 66
Analysis date: 2019-04-05 10:36:01 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190330
Ad-Aware Gen:Variant.Fugrafa.1520 20190405
ALYac Gen:Variant.Razy.487452 20190405
Arcabit Trojan.Fugrafa.D5F0 20190405
Avast Win32:BankerX-gen [Trj] 20190405
AVG Win32:BankerX-gen [Trj] 20190405
Avira (no cloud) TR/Crypt.Agent.utdbw 20190405
BitDefender Gen:Variant.Fugrafa.1520 20190405
ClamAV Win.Malware.Emotet-6931431-0 20190405
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.f2c54d 20190403
Cyren W32/Emotet.SI.gen!Eldorado 20190405
DrWeb Trojan.Siggen8.23304 20190405
eGambit Unsafe.AI_Score_64% 20190405
Emsisoft Gen:Variant.Fugrafa.1520 (B) 20190405
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRFS 20190405
F-Secure Trojan.TR/Crypt.Agent.utdbw 20190405
FireEye Generic.mg.119d2f25ba759188 20190405
Fortinet W32/Generic.AP.290658!tr 20190405
GData Gen:Variant.Fugrafa.1520 20190405
Ikarus Trojan-Banker.Emotet 20190405
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a7b41 ) 20190405
K7GW Trojan ( 0054a7b41 ) 20190405
Malwarebytes Trojan.Emotet 20190405
MAX malware (ai score=85) 20190405
McAfee Emotet-FMI!119D2F25BA75 20190405
Microsoft Trojan:Win32/Emotet.PA!MTB 20190405
eScan Gen:Variant.Fugrafa.1520 20190405
Palo Alto Networks (Known Signatures) generic.ml 20190405
Panda Trj/GdSda.A 20190404
Qihoo-360 HEUR/QVM20.1.51C3.Malware.Gen 20190405
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazokHQHKzF74vhsNuQxMKthx) 20190405
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190405
Trapmine malicious.high.ml.score 20190325
VBA32 BScope.Malware-Cryptor.Emotet 20190405
AegisLab 20190405
AhnLab-V3 20190405
Alibaba 20190402
Antiy-AVL 20190405
Avast-Mobile 20190405
Babable 20180918
Baidu 20190318
Bkav 20190405
CAT-QuickHeal 20190405
CMC 20190321
Comodo 20190405
Jiangmin 20190405
Kaspersky 20190405
Kingsoft 20190405
McAfee-GW-Edition 20190404
NANO-Antivirus 20190405
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190325
TACHYON 20190405
Tencent 20190405
TheHacker 20190403
TotalDefense 20190405
TrendMicro-HouseCall 20190405
Trustlook 20190405
ViRobot 20190405
Yandex 20190404
Zillya 20190404
ZoneAlarm by Check Point 20190405
Zoner 20190405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGEDIT.EXE
Internal name REGEDIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Editor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:36 PM 4/5/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-04 15:21:00
Entry Point 0x000017A0
Number of sections 4
PE sections
Overlays
MD5 305b0d1d1bdef752529b13e90bf1535a
File type data
Offset 112128
Size 3336
Entropy 7.31
PE imports
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumKeyW
RegQueryValueExW
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW
ImageList_Create
PrintDlgExW
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
SetDIBits
SetGraphicsMode
GetDIBColorTable
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
SetStretchBltMode
CreatePen
GetClipBox
Rectangle
BitBlt
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
EndDoc
SetBkMode
SetLayout
StretchBlt
SetWorldTransform
StartPage
DeleteObject
IntersectClipRect
CreateDCW
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
ExtTextOutW
GetObjectW
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
GetDIBits
ExtSelectClipRgn
SetROP2
SelectClipRgn
RoundRect
StartDocW
CreateRoundRectRgn
SetBrushOrgEx
EndPage
CreateRectRgn
SelectObject
AbortDoc
SetDIBColorTable
GdiRealizationInfo
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CreateToolhelp32Snapshot
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
HeapDestroy
GetHandleInformation
QueueUserAPC
GetCommandLineW
GetPrivateProfileStructW
VirtualAllocEx
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
InitializeSListHead
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
lstrcmpiA
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
Thread32First
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
ReadFile
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleScreenBufferSize
GetFileAttributesW
RaiseException
FreeLibrary
FatalAppExitW
SetConsoleCtrlHandler
AllocConsole
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
FindNextFileA
CreateEventW
_lclose
GetFullPathNameW
GlobalAddAtomW
CreateSemaphoreA
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
SetThreadContext
WaitForMultipleObjectsEx
GlobalMemoryStatus
FindAtomW
GetModuleHandleExW
GlobalAlloc
ReadConsoleW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
FindFirstFileW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
WriteConsoleInputW
Process32Next
CreateRemoteThread
GetWindowsDirectoryW
LCMapStringW
GetWindowsDirectoryA
GetDateFormatW
GetEnvironmentVariableA
GetStartupInfoW
LoadModule
_hread
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
lstrcpyW
GetFileSizeEx
FreeEnvironmentStringsW
FindFirstFileExA
FindNextFileW
GetModuleHandleA
ResetEvent
Thread32Next
IsValidLocale
GlobalLock
SetVolumeLabelW
GetConsoleScreenBufferInfo
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
SetFileApisToOEM
GetFileType
TlsSetValue
ExitProcess
PrepareTape
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
CreateNamedPipeA
GetACP
WaitForSingleObjectEx
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
CompareFileTime
GetCompressedFileSizeW
GetCPInfo
HeapSize
GetCommandLineA
UpdateResourceA
CancelIo
WritePrivateProfileStringW
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
VerSetConditionMask
Module32NextW
GetAtomNameA
CloseHandle
VerifyVersionInfoW
GetModuleHandleW
SetThreadExecutionState
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
GetConsoleAliasExesLengthW
Sleep
TerminateProcess
GetProcAddress
CreateHardLinkW
SHGetFolderPathW
SHPathPrepareForWriteA
SHAddToRecentDocs
DragFinish
SHBindToParent
SHChangeNotify
SHIsFileAvailableOffline
SHGetPathFromIDListW
DragAcceptFiles
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileW
CommandLineToArgvW
PathIsNetworkPathW
SHSetValueW
StrRStrIW
SHDeleteKeyW
StrRChrW
StrCmpNW
StrStrIW
PathAppendW
StrCmpNA
StrStrW
SHDeleteValueW
PathIsRelativeW
SHGetValueW
MapWindowPoints
SendMessageCallbackA
GetMessagePos
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetWindowContextHelpId
WINNLSGetIMEHotkey
SetWindowPos
DdeDisconnect
IsWindow
CountClipboardFormats
GrayStringW
SetDeskWallpaper
DispatchMessageA
EndPaint
CharUpperBuffA
GrayStringA
WindowFromPoint
PeekMessageA
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
ChangeClipboardChain
GetCursorPos
ReleaseDC
BeginPaint
GetMenu
CreateWindowExA
SendMessageA
UnregisterClassW
GetClassInfoW
DdeInitializeW
DefWindowProcW
AllowSetForegroundWindow
SetMenuDefaultItem
DdeFreeStringHandle
EnumClipboardFormats
SetScrollPos
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
MsgWaitForMultipleObjectsEx
LoadImageW
TrackPopupMenu
ClientToScreen
GetTopWindow
GetWindowTextW
SetDlgItemTextW
DialogBoxIndirectParamW
LoadImageA
GetWindowTextLengthW
LoadAcceleratorsW
LoadMenuIndirectW
GetWindowTextA
InvalidateRgn
DrawTextW
CopyImage
TrackMouseEvent
GetMessageA
GetParent
UpdateWindow
SetPropA
AttachThreadInput
GetPropW
EqualRect
SetClassLongW
EnumWindows
UnhookWindowsHookEx
DefMDIChildProcA
GetClassInfoExA
GetMessageW
ShowWindow
GetPropA
SetPropW
ValidateRect
DefMDIChildProcW
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
SetWindowPlacement
GetDC
ShowWindowAsync
DdeKeepStringHandle
GetSystemMenu
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
SetClipboardData
CreateCursor
DrawTextExW
GetIconInfo
MsgWaitForMultipleObjects
DdeUninitialize
SetParent
RegisterClassW
ScrollWindow
FindWindowExW
IsZoomed
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
DrawMenuBar
OemToCharBuffA
IsIconic
RegisterClassA
GetDCEx
GetWindowLongA
DrawFrameControl
OpenClipboard
DdeClientTransaction
GetActiveWindow
GetKeyboardLayout
FlashWindow
EnumThreadWindows
MonitorFromPoint
WaitForInputIdle
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetWindowInfo
GetMenuStringW
IsChild
IsDialogMessageA
IMPQueryIMEW
RegisterWindowMessageW
GetMonitorInfoW
OpenInputDesktop
DrawEdge
SetCapture
SystemParametersInfoW
AppendMenuW
OffsetRect
SetFocus
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
DefWindowProcA
CheckMenuRadioItem
DrawFocusRect
TranslateAcceleratorW
GetClipboardData
GetClassNameA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
IntersectRect
CharLowerW
SetWindowLongA
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
EndDialog
DdeCreateStringHandleW
WINNLSEnableIME
RemovePropA
SetWindowTextA
ShowCaret
ChildWindowFromPointEx
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
GetForegroundWindow
BeginDeferWindowPos
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CharLowerBuffW
BringWindowToTop
FindWindowW
ScreenToClient
GetCapture
FindWindowExA
GetKeyboardState
CheckRadioButton
PostThreadMessageW
GetMenuItemCount
IsDlgButtonChecked
TileChildWindows
CheckDlgButton
GetMenuState
IsDialogMessageW
LoadCursorW
LoadIconW
ReuseDDElParam
DispatchMessageW
InsertMenuW
FillRect
SetForegroundWindow
GetClientRect
PostThreadMessageA
GetMenuItemInfoW
EmptyClipboard
DrawTextA
GetScrollRange
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
CreateIcon
CreateDialogIndirectParamA
WaitMessage
FindWindowA
CreatePopupMenu
MessageBeep
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
MonitorFromRect
DestroyIcon
RegisterClassExW
SetMenu
GetPriorityClipboardFormat
MoveWindow
DialogBoxParamW
LoadKeyboardLayoutW
MessageBoxA
GetCursor
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SetUserObjectInformationW
GetFocus
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
wvsprintfW
MenuItemFromPoint
DefFrameProcA
EnableMenuItem
EnumDisplayMonitors
DefFrameProcW
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 5
RT_GROUP_CURSOR 1
RT_RCDATA 1
REGINST 1
RT_CURSOR 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
35840

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
REGEDIT.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:04:04 17:21:00+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGEDIT

ProductVersion
6.1.7600.16385

FileDescription
Registry Editor

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
75264

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x17a0

ObjectFileType
Executable application

File identification
MD5 119d2f25ba759188bab24b0111779f8c
SHA1 cc2429df2c54de6862d3e24cd333dd9f618e3406
SHA256 a0876e54e11250ac4041587350d7d5455f09123d0ba8cd199ba0b93c10aa6b4e
ssdeep
1536:q7Jmp0b1vTe3GdGKUXZBCfQ5twTcERcdTyS+JKJKgPv0fc7v06QKJT8oaM+6sagi:EegftfQoTcHGS+JKs8ke+sTl+Tb+b

authentihash df5c82409ba9f4b692839e327ca278c530cd8a81bbc009205b081276731871eb
imphash bd40a89cde7467f735f46b8f66d66978
File size 112.8 KB ( 115464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-05 10:36:01 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-05 10:36:01 UTC ( 1 month, 2 weeks ago )
File names 119d2f25ba759188bab24b0111779f8c.virus
REGEDIT.EXE
REGEDIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs