× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3447c68e0005200596664fe9834e6c64887c519a9d03a62078fde9124442d87
File name: emotet_e1_a3447c68e0005200596664fe9834e6c64887c519a9d03a62078fde9...
Detection ratio: 43 / 69
Analysis date: 2019-02-17 01:10:04 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.31696523 20190216
AhnLab-V3 Trojan/Win32.Emotet.R255610 20190216
ALYac Trojan.GenericKD.31696523 20190216
Arcabit Trojan.Generic.D1E3A68B 20190216
Avast Win32:BankerX-gen [Trj] 20190216
AVG Win32:BankerX-gen [Trj] 20190216
BitDefender Trojan.GenericKD.31696523 20190216
Bkav HW32.Packed. 20190215
ClamAV Win.Malware.Emotet-6858867-0 20190216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190216
Cyren W32/Emotet.OY.gen!Eldorado 20190216
DrWeb Trojan.EmotetENT.388 20190216
eGambit Unsafe.AI_Score_64% 20190216
Emsisoft Trojan.GenericKD.31696523 (B) 20190216
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPTF 20190216
F-Prot W32/Emotet.OY.gen!Eldorado 20190216
Fortinet Malicious_Behavior.SB 20190216
GData Trojan.GenericKD.31696523 20190216
Ikarus Trojan-Banker.Emotet 20190216
K7AntiVirus Riskware ( 0040eff71 ) 20190216
K7GW Riskware ( 0040eff71 ) 20190216
Kaspersky Trojan-Banker.Win32.Emotet.cgmt 20190216
Malwarebytes Trojan.Emotet 20190216
McAfee Emotet-FLY!12D5B4C69A8D 20190216
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190216
Microsoft Trojan:Win32/Emotet.AC!bit 20190216
eScan Trojan.GenericKD.31696523 20190216
Palo Alto Networks (Known Signatures) generic.ml 20190216
Panda Trj/Genetic.gen 20190215
Qihoo-360 HEUR/QVM20.1.3D80.Malware.Gen 20190216
Rising Trojan.Emotet!8.B95 (CLOUD) 20190216
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Emotet-AYG 20190216
Symantec Trojan.Emotet 20190216
Trapmine malicious.moderate.ml.score 20190123
TrendMicro TROJ_FRS.0NZ900BF19 20190216
TrendMicro-HouseCall TROJ_FRS.0NZ900BF19 20190216
VBA32 BScope.Trojan.Emotet 20190215
Webroot W32.Trojan.Emotet 20190216
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cgmt 20190216
AegisLab 20190216
Alibaba 20180921
Antiy-AVL 20190216
Avast-Mobile 20190216
Avira (no cloud) 20190216
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190216
CMC 20190215
Comodo 20190216
Cybereason 20190109
F-Secure 20190216
Sophos ML 20181128
Jiangmin 20190216
Kingsoft 20190216
MAX 20190216
NANO-Antivirus 20190216
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TACHYON 20190216
Tencent 20190216
TheHacker 20190215
TotalDefense 20190216
Trustlook 20190216
ViRobot 20190216
Yandex 20190215
Zillya 20190215
Zoner 20190216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corporation. 1981-2000

Product Microsoft Message Queue
Original name MQDSCLI.DLL
File version 5.01.1108
Description Windows NT MQ Client Directory Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-13 20:26:08
Entry Point 0x00002A2B
Number of sections 5
PE sections
PE imports
ClearEventLogA
IsTokenRestricted
CreatePrivateObjectSecurity
GetStockObject
SaveDC
ExtTextOutA
Polyline
SetTextCharacterExtra
CreateDIBSection
GetBkColor
Ellipse
ImmReleaseContext
GetSystemWow64DirectoryW
LockFileEx
GetLargePageMinimum
GetQueuedCompletionStatus
ContinueDebugEvent
GetCommandLineW
SetEvent
GetProcessPriorityBoost
CloseHandle
OpenMutexW
GetCurrentThreadId
GetStringTypeExW
GetVersion
MprAdminBufferFree
VarCyFromR8
NdrConformantArrayMarshall
CM_Get_Device_Interface_List_SizeW
ChrCmpIW
DeleteSecurityContext
WindowFromPoint
GetInputState
PostMessageA
MessageBeep
SetMenu
OleCreateDefaultHandler
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
TSWANA DEFAULT 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
6.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
1995:11:13 21:26:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2a2b

OSVersion
6.0

ImageVersion
6.0

UninitializedDataSize
106496

File identification
MD5 12d5b4c69a8d037216da1ea76d905c8d
SHA1 31ea91756ca5ad9968592977a9538dd5079872ba
SHA256 a3447c68e0005200596664fe9834e6c64887c519a9d03a62078fde9124442d87
ssdeep
3072:LQiD6MU9V5oKNB7Y02mf5LCJYSKPV4TX+1L7bDx47Idzjn5T:5gVoKNa0V5LQYpaX+13/x8Idzj

authentihash 1632c47ce157be78704f8cb30afb27c35dabd1b828fc9354b46d78ca2c278bea
imphash 7652bed3f58e5d00a7e76edb70e31957
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-15 07:27:14 UTC ( 2 months ago )
Last submission 2019-02-16 03:15:20 UTC ( 2 months ago )
File names 213.exe
V5kDVpwB.exe
VPTYRWqF3.exe
3hE3E5Gv.exe
2xYaHEJqt4DU.exe
w1AITtl1TO.exe
nK02vVczRp.exe
ThmsCXT7y7D.exe
fnAM.exe
42.exe
MQDSCLI.DLL
xtsbZGD7q08.exe
emotet_e1_a3447c68e0005200596664fe9834e6c64887c519a9d03a62078fde9124442d87_2019-02-15__073001.exe_
4lLtQKR5.exe
498.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!