× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a105755416011aa38ad846b47fd62a313bec0f65afb2d1341d68334556c02baf
File name: ed33fcde6695edccbd0d844f1a9ea373.virus
Detection ratio: 36 / 68
Analysis date: 2018-10-10 12:35:45 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Emotet.KC 20181010
AhnLab-V3 Trojan/Win32.Emotet.R238622 20181010
ALYac Trojan.Emotet.KC 20181010
Arcabit Trojan.Emotet.KC 20181010
Avast Win32:TrojanX-gen [Trj] 20181010
AVG Win32:TrojanX-gen [Trj] 20181010
BitDefender Trojan.Emotet.KC 20181010
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.e6695e 20180225
Cylance Unsafe 20181010
Cyren W32/Trojan.XTEF-6485 20181010
DrWeb Trojan.Gozi.344 20181010
Emsisoft Trojan.Agent (A) 20181010
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.BP 20181010
F-Prot W32/Trojan2.PYXG 20181010
Fortinet W32/GenKryptik.CMYY!tr 20181010
GData Trojan.Emotet.KC 20181010
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053e1681 ) 20181010
K7GW Trojan ( 0053e1681 ) 20181010
Kaspersky Trojan-Spy.Win32.Ursnif.aahu 20181010
Malwarebytes Trojan.Emotet 20181010
MAX malware (ai score=85) 20181010
McAfee Emotet-FJG!ED33FCDE6695 20181010
McAfee-GW-Edition Emotet-FJG!ED33FCDE6695 20181010
Microsoft Trojan:Win32/Emotet!rfn 20181010
eScan Trojan.Emotet.KC 20181010
Panda Trj/GdSda.A 20181009
Qihoo-360 HEUR/QVM20.1.6E88.Malware.Gen 20181010
Sophos AV Mal/EncPk-ANY 20181010
Symantec ML.Attribute.HighConfidence 20181010
VBA32 Trojan.Gozi 20181010
Webroot W32.Trojan.Gen 20181010
Zillya Trojan.Ursnif.Win32.2594 20181010
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aahu 20181010
AegisLab 20181010
Alibaba 20180921
Antiy-AVL 20181010
Avast-Mobile 20181010
Avira (no cloud) 20181010
Babable 20180918
Baidu 20181010
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181010
CMC 20181010
Comodo 20181010
eGambit 20181010
F-Secure 20181010
Ikarus 20181010
Jiangmin 20181009
Kingsoft 20181010
NANO-Antivirus 20181010
Palo Alto Networks (Known Signatures) 20181010
Rising 20181010
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181010
Tencent 20181010
TheHacker 20181008
TotalDefense 20181010
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181010
VIPRE 20181010
ViRobot 20181010
Yandex 20181010
Zoner 20181010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name aspnet_counters.dll
Internal name aspnet_counters.dll
File version 4.0.30319.34209 built by: FX452RTMGDR
Description Microsoft ASP.NET Performance Counter Shim DLL
Comments Flavor=Retail
Signature verification The digital signature of the object did not verify.
Signing date 4:21 AM 2/23/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-28 05:06:53
Entry Point 0x000026D0
Number of sections 10
PE sections
Overlays
MD5 760266e33055fe13f053f9e76058e3d0
File type data
Offset 196608
Size 5568
Entropy 7.42
PE imports
CryptDeriveKey
RegSetKeySecurity
RegQueryInfoKeyA
AdjustTokenGroups
LocaleNameToLCID
EnumSystemCodePagesW
GetPrivateProfileSectionNamesA
SetCurrentConsoleFontEx
CompareStringA
FindFirstFileExW
TzSpecificLocalTimeToSystemTime
DsListSitesW
SafeArrayDestroyDescriptor
CreateTypeLib2
I_RpcFreeBuffer
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
StrChrNW
PathIsUNCA
SetUserObjectInformationW
OffsetRect
midiOutCacheDrumPatches
Ord(30)
isdigit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Flavor=Retail

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
4.0.30319.34209

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft ASP.NET Performance Counter Shim DLL

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
18176

PrivateBuild
DDBLD354

EntryPoint
0x26d0

OriginalFileName
aspnet_counters.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
4.0.30319.34209 built by: FX452RTMGDR

TimeStamp
2005:02:27 21:06:53-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
aspnet_counters.dll

ProductVersion
4.0.30319.34209

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
359936

ProductName
Microsoft .NET Framework

ProductVersionNumber
4.0.30319.34209

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ed33fcde6695edccbd0d844f1a9ea373
SHA1 8c1b5136528cd029fc3d8d3b765d1331366dbc12
SHA256 a105755416011aa38ad846b47fd62a313bec0f65afb2d1341d68334556c02baf
ssdeep
1536:w8IEfS0kN1aexFEgY8jHhbQRfwBfO/Zl4thddkaW/7qCFrgfLvr+ESOkiT:C+IjHhbQRfws/ydjufpgfLT+tO7

authentihash a0a9c66157cc6bbe5c432cf1c5724216a8853b7c374a393a9b726159637382fd
imphash d57fd27bb594bd0cdf4d94ea07822435
File size 197.4 KB ( 202176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-10 12:35:45 UTC ( 6 months, 1 week ago )
Last submission 2018-10-10 12:35:45 UTC ( 6 months, 1 week ago )
File names aspnet_counters.dll
ed33fcde6695edccbd0d844f1a9ea373.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!