× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1915b249f721e0950c52f487c839913720884a42cd9cfe742724c92e33a0b8a
File name: a1915b249f721e0950c52f487c839913720884a42cd9cfe742724c92e33a0b8a
Detection ratio: 35 / 70
Analysis date: 2018-12-27 07:58:58 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181227
Ad-Aware Trojan.GenericKD.40875214 20181227
Arcabit Trojan.Generic.D26FB4CE 20181227
Avast Win32:Malware-gen 20181227
AVG Win32:Malware-gen 20181227
BitDefender Trojan.GenericKD.40875214 20181227
Bkav HW32.Packed. 20181224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.204e18 20180225
Cylance Unsafe 20181227
Cyren W32/Emotet.LL.gen!Eldorado 20181227
eGambit Unsafe.AI_Score_99% 20181227
Emsisoft Trojan.GenericKD.40875214 (B) 20181227
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.CK 20181227
F-Prot W32/Emotet.LL.gen!Eldorado 20181227
F-Secure Trojan.GenericKD.40875214 20181227
GData Trojan.GenericKD.40875214 20181227
Ikarus Trojan-Banker.Emotet 20181226
Sophos ML heuristic 20181128
Kaspersky Trojan-Downloader.Win32.Cridex.bg 20181227
MAX malware (ai score=85) 20181227
McAfee RDN/Generic.grp 20181227
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20181227
Microsoft Trojan:Win32/Zpevdo.B 20181227
eScan Trojan.GenericKD.40875214 20181227
Palo Alto Networks (Known Signatures) generic.ml 20181227
Panda Trj/GdSda.A 20181226
Qihoo-360 Win32/Trojan.Downloader.25b 20181227
Rising Malware.Heuristic!ET#78% (RDM+:cmRtazqWY24KhE9i+SEO+Xda2CSC) 20181227
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20181226
Trapmine malicious.moderate.ml.score 20181205
Webroot W32.Trojan.Emotet 20181227
ZoneAlarm by Check Point Trojan-Downloader.Win32.Cridex.bg 20181227
AegisLab 20181227
AhnLab-V3 20181226
Alibaba 20180921
ALYac 20181227
Antiy-AVL 20181227
Avast-Mobile 20181226
Avira (no cloud) 20181226
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181226
ClamAV 20181227
CMC 20181226
Comodo 20181227
DrWeb 20181227
Fortinet 20181227
Jiangmin 20181226
K7AntiVirus 20181226
K7GW 20181226
Kingsoft 20181227
Malwarebytes 20181227
NANO-Antivirus 20181227
Sophos AV 20181227
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181227
Tencent 20181227
TheHacker 20181225
TotalDefense 20181227
TrendMicro 20181227
TrendMicro-HouseCall 20181227
Trustlook 20181227
VBA32 20181226
ViRobot 20181227
Yandex 20181226
Zillya 20181227
Zoner 20181227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-25 08:48:23
Entry Point 0x00004780
Number of sections 6
PE sections
PE imports
GetTokenInformation
InitializeSid
IsTokenRestricted
InitializeSecurityDescriptor
GetTextCharsetInfo
GetCurrentPositionEx
GetCharWidth32W
GetFontData
GetCharWidthA
GetFontLanguageInfo
EnumResourceTypesA
GetLargePageMinimum
GetTimeZoneInformation
EnumSystemLocalesW
FindVolumeClose
GetDriveTypeA
GetSystemDefaultLCID
LoadLibraryExW
GetProfileStringA
FreeConsole
VirtualProtect
GetCommandLineA
GetVersion
WritePrivateProfileStructW
lstrcatW
GetProcessHeap
VarCyFromI2
CanUserWritePwrScheme
ExtractAssociatedIconExW
DeleteSecurityContext
GetPriorityClipboardFormat
GetCaretBlinkTime
GetDoubleClickTime
GetRawInputDeviceInfoW
GetMenuStringA
LockWindowUpdate
GetKeyboardLayout
GetMenuItemCount
EqualRect
SetCapture
DrawIcon
LoadKeyboardLayoutW
GetMenuState
GetClassInfoW
GetDlgItem
GetRawInputDeviceList
GetWindowLongW
LoadKeyboardLayoutA
GetMenuContextHelpId
GetClassLongA
LockWorkStation
FindFirstUrlCacheEntryExW
SCardConnectW
GetColorProfileHeader
MkParseDisplayName
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:25 09:48:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
16.3

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x4780

InitializedDataSize
53248

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 bc70357b0a26a814f3fff1086db57b4d
SHA1 fb7e913204e18ae0188fc1ae262b219318d05913
SHA256 a1915b249f721e0950c52f487c839913720884a42cd9cfe742724c92e33a0b8a
ssdeep
3072:NuA6Xbjbbbbbbmbkbbbbwbbbyqbbbbbbb9bbbbbbnZExXiytUTK4J6BaeJtSzGo:2XbjbbbbbbmYbbbbwbbbDbbbbbbb9bbp

authentihash 14a67801f52377e9bda6fc833aaef08032509d7e0f09fd46ebc876bef02e6601
imphash e125b9dca323e662578f91059169f243
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-26 15:18:16 UTC ( 3 months, 3 weeks ago )
Last submission 2018-12-29 16:52:25 UTC ( 3 months, 3 weeks ago )
File names aa6a05efb416505a9fe87cf196ae3e17
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!