× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a20ef7e00c2d14e553cfa73ba7a04df266951230304635c509658728690069be
File name: .
Detection ratio: 46 / 70
Analysis date: 2018-12-20 16:40:51 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Trojan.GenericKD.40840392 20181220
AhnLab-V3 Trojan/Win32.Emotet.R249146 20181220
ALYac Trojan.GenericKD.40840392 20181220
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181220
Arcabit Trojan.Generic.D26F2CC8 20181220
Avast Win32:BankerX-gen [Trj] 20181220
AVG Win32:BankerX-gen [Trj] 20181220
BitDefender Trojan.GenericKD.40840392 20181220
CAT-QuickHeal Trojan.Emotet.X4 20181220
Comodo Malware@#2tz2i9pgw5zv5 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181220
Cyren W32/Trojan.QBJU-1498 20181220
DrWeb Trojan.EmotetENT.328 20181220
Emsisoft Trojan.Emotet (A) 20181220
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNWN 20181220
F-Secure Trojan.GenericKD.40840392 20181220
Fortinet W32/Kryptik.GNWN!tr 20181220
GData Trojan.GenericKD.40840392 20181220
Ikarus Trojan-Banker.Emotet 20181220
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00543d871 ) 20181220
K7GW Trojan ( 00543d871 ) 20181220
Kaspersky Trojan-Banker.Win32.Emotet.bvmg 20181220
Malwarebytes Trojan.Emotet 20181220
MAX malware (ai score=85) 20181220
McAfee Emotet-FLD!4CF1CA94EDD7 20181220
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181220
Microsoft Trojan:Win32/Emotet!rfn 20181220
eScan Trojan.GenericKD.40840392 20181220
Palo Alto Networks (Known Signatures) generic.ml 20181220
Panda Trj/GdSda.A 20181219
Qihoo-360 Win32/Trojan.88c 20181220
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:xBEn8WEcuzM) 20181220
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-AOI 20181220
Symantec Trojan.Gen.2 20181220
Tencent Win32.Trojan-banker.Emotet.Piaj 20181220
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABAHAH 20181220
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABAHAH 20181220
VBA32 BScope.TrojanBanker.Emotet 20181220
Webroot W32.Trojan.Emotet 20181220
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvmg 20181220
AegisLab 20181220
Alibaba 20180921
Avast-Mobile 20181220
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
Bkav 20181220
ClamAV 20181220
CMC 20181219
Cybereason 20180225
F-Prot 20181220
Jiangmin 20181220
Kingsoft 20181220
NANO-Antivirus 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
TheHacker 20181216
TotalDefense 20181220
Trustlook 20181220
VIPRE 20181220
ViRobot 20181220
Yandex 20181220
Zillya 20181219
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2001 Microsoft Corporation.

Product Twain Thunker
Internal name msencode
File version 2001072500
Description Twain.dll Client's 32-Bit
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x00007839
Number of sections 6
PE sections
PE imports
CertDuplicateCTLContext
GetColorAdjustment
EndPath
SetCurrentConsoleFontEx
GetModuleHandleW
NetLocalGroupGetInfo
BeginPaint
PackDDElParam
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

SubsystemVersion
5.0

InitializedDataSize
62976

ImageVersion
0.0

ProductName
Twain Thunker

FileVersionNumber
2001.7.25.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
7.1

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2001072500

TimeStamp
2004:08:04 00:56:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
msencode

ProductVersion
10.0

FileDescription
Twain.dll Client's 32-Bit

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Copyright 1996-2001 Microsoft Corporation.

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

CodeSize
32768

FileSubtype
0

ProductVersionNumber
10.0.0.0

EntryPoint
0x7839

ObjectFileType
Dynamic link library

File identification
MD5 4cf1ca94edd739a4a4382313a412d01b
SHA1 0ece0d5f87021de54e515287e33c61dac6610cf9
SHA256 a20ef7e00c2d14e553cfa73ba7a04df266951230304635c509658728690069be
ssdeep
1536:AcmIxryY0FyPN0yexOCq6dm20ciHj20sflpmPe8/v7o2/pDuACz8bCnhvB3TT4mL:AA08PNgOCq62MXmlTj/pDuHhvBu0VLN

authentihash 4a71328993650710fb1c989cff77eded570827ad25c601848e331a0478cb3164
imphash 2a493cb567ac92726a9b852a8fe19ac7
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 18:47:31 UTC ( 2 months, 1 week ago )
Last submission 2018-12-17 18:47:31 UTC ( 2 months, 1 week ago )
File names msencode
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!