| SHA256: | a20347df701a36f9519f73387c22fadd8bc912a630fd2976f9547055237808af |
| File name: | output.113657238.txt |
| Detection ratio: | 48 / 67 |
| Analysis date: | 2018-07-23 12:16:40 UTC ( 6 months, 3 weeks ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Trojan.GenericKD.40313948 | 20180723 |
| AegisLab | Ml.Attribute.Gen!c | 20180723 |
| AhnLab-V3 | Trojan/Win32.Emotet.R232149 | 20180723 |
| ALYac | Trojan.GenericKD.40313948 | 20180723 |
| Antiy-AVL | Trojan[Banker]/Win32.Emotet | 20180723 |
| Avast | Win32:GenX | 20180723 |
| AVG | Win32:GenX | 20180723 |
| AVware | Trojan.Win32.Generic!BT | 20180723 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9999 | 20180723 |
| BitDefender | Trojan.GenericKD.40313948 | 20180723 |
| CAT-QuickHeal | Trojan.Emotet.X4 | 20180723 |
| Comodo | .UnclassifiedMalware | 20180723 |
| CrowdStrike Falcon (ML) | malicious_confidence_100% (D) | 20180530 |
| Cybereason | malicious.ddd9a0 | 20180225 |
| Cylance | Unsafe | 20180723 |
| Cyren | W32/Trojan.RMMW-1583 | 20180723 |
| Emsisoft | Trojan.GenericKD.40313948 (B) | 20180723 |
| Endgame | malicious (high confidence) | 20180711 |
| ESET-NOD32 | a variant of Win32/Kryptik.GJCH | 20180723 |
| Fortinet | W32/GenKryptik.CFNI!tr | 20180723 |
| GData | Trojan.GenericKD.40313948 | 20180723 |
| Ikarus | Trojan.Win32.Krypt | 20180723 |
| Sophos ML | heuristic | 20180717 |
| Jiangmin | Trojan.Banker.Emotet.bpx | 20180723 |
| K7AntiVirus | Trojan ( 005384a71 ) | 20180723 |
| K7GW | Trojan ( 005384a71 ) | 20180723 |
| Kaspersky | Trojan-Banker.Win32.Emotet.ayii | 20180723 |
| Malwarebytes | Trojan.Emotet | 20180723 |
| MAX | malware (ai score=96) | 20180723 |
| McAfee | Emotet-FHK!98FBA1C56645 | 20180723 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dm | 20180723 |
| Microsoft | Trojan:Win32/Emotet.AC!bit | 20180723 |
| eScan | Trojan.GenericKD.40313948 | 20180723 |
| NANO-Antivirus | Trojan.Win32.Emotet.ffouyc | 20180723 |
| Palo Alto Networks (Known Signatures) | generic.ml | 20180723 |
| Panda | Trj/RnkBend.A | 20180722 |
| Qihoo-360 | HEUR/QVM20.1.9B6F.Malware.Gen | 20180723 |
| Rising | Trojan.Emotet!8.B95 (CLOUD) | 20180723 |
| SentinelOne (Static ML) | static engine - malicious | 20180701 |
| Sophos AV | Mal/EncPk-ANX | 20180723 |
| Symantec | Trojan.Emotet | 20180723 |
| TACHYON | Banker/W32.Emotet.286208 | 20180723 |
| TrendMicro | TSPY_EMOTET.THGBOAH | 20180723 |
| TrendMicro-HouseCall | TSPY_EMOTET.THGBOAH | 20180723 |
| VBA32 | Malware-Cryptor.Limpopo | 20180720 |
| VIPRE | Trojan.Win32.Generic!BT | 20180723 |
| Webroot | W32.Trojan.Emotet | 20180723 |
| ZoneAlarm by Check Point | Trojan-Banker.Win32.Emotet.ayii | 20180723 |
| Alibaba | 20180713 | |
| Arcabit | 20180723 | |
| Avast-Mobile | 20180723 | |
| Avira (no cloud) | 20180723 | |
| Babable | 20180406 | |
| Bkav | 20180723 | |
| ClamAV | 20180723 | |
| CMC | 20180723 | |
| DrWeb | 20180723 | |
| eGambit | 20180723 | |
| F-Prot | 20180723 | |
| Kingsoft | 20180723 | |
| SUPERAntiSpyware | 20180722 | |
| Tencent | 20180723 | |
| TheHacker | 20180723 | |
| TotalDefense | 20180722 | |
| Trustlook | 20180723 | |
| ViRobot | 20180723 | |
| Yandex | 20180720 | |
| Zillya | 20180720 | |
| Zoner | 20180723 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-30 17:12:08
Entry Point 0x00001704
Number of sections 7
PE sections
PE imports
Number of PE resources by type
RT_STRING 16
RT_BITMAP 15
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 31
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2009:09:30 19:12:08+02:00
FileType
Win32 EXE
PEType
PE32
CodeSize
10240
LinkerVersion
14.0
ImageFileCharacteristics
Executable, 32-bit
EntryPoint
0x1704
InitializedDataSize
279040
SubsystemVersion
5.1
ImageVersion
0.0
OSVersion
5.0
UninitializedDataSize
0
File identification
MD5 98fba1c5664576ccb1c56673ce29a101
SHA1 2309a3eddd9a07dec01c9baad5bab110ed6735a1
SHA256 a20347df701a36f9519f73387c22fadd8bc912a630fd2976f9547055237808af
ssdeep
6144:kKWbsAYZG8PrvrDhiiUFCFSW5Cj0YN+/p:TWbNYTPrwFUFUM/p
File size
279.5 KB ( 286208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%) |
Tags
peexe
VirusTotal metadata
First submission
2018-07-19 11:20:32 UTC ( 7 months ago )
Last submission
2018-08-09 01:47:24 UTC ( 6 months, 1 week ago )
| File names |
760.exe output.113657238.txt 7044329919.exe a20347df701a36f9519f73387c22fadd8bc912a630fd2976f9547055237808af 21373235957.exe codexgigas_2309a3eddd9a07dec01c9baad5bab110ed6735a1 |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!