× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a37963df4b00e2bccace9a6b7e240fee92c94c760b7f553da1d892417561806d
File name: memdump_a37963df4b00e2bccace9a6b7e240fee92c94c760b7f553da1d892417...
Detection ratio: 24 / 70
Analysis date: 2018-12-18 00:02:57 UTC ( 2 months ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Buzus.kZ0o 20181217
Avast Win32:Evo-gen [Susp] 20181217
AVG Win32:Evo-gen [Susp] 20181217
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181218
Emsisoft Trojan.Emotet (A) 20181217
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNWN 20181218
Fortinet W32/Kryptik.GNWN!tr 20181217
Ikarus Trojan-Banker.Emotet 20181217
Sophos ML heuristic 20181128
Malwarebytes Trojan.Emotet 20181217
McAfee Emotet-FLD!A41B90D13B74 20181217
McAfee-GW-Edition BehavesLike.Win32.Expiro.ch 20181217
Microsoft Trojan:Win32/Fuerboos.A!cl 20181217
Palo Alto Networks (Known Signatures) generic.ml 20181218
Qihoo-360 HEUR/QVM20.1.EF9D.Malware.Gen 20181218
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:xBEn8WEcuzM) 20181218
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181217
Symantec ML.Attribute.HighConfidence 20181218
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181218
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181217
Ad-Aware 20181217
AhnLab-V3 20181217
Alibaba 20180921
ALYac 20181217
Antiy-AVL 20181217
Arcabit 20181217
Avast-Mobile 20181217
Avira (no cloud) 20181217
Babable 20180918
Baidu 20181207
BitDefender 20181217
Bkav 20181217
CAT-QuickHeal 20181217
ClamAV 20181217
CMC 20181217
Comodo 20181217
Cybereason 20180225
Cyren 20181217
DrWeb 20181217
eGambit 20181218
F-Prot 20181217
F-Secure 20181217
GData 20181217
Jiangmin 20181217
K7AntiVirus 20181217
K7GW 20181217
Kaspersky 20181217
Kingsoft 20181218
MAX 20181218
eScan 20181218
NANO-Antivirus 20181218
Panda 20181217
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181217
Tencent 20181218
TheHacker 20181216
TotalDefense 20181218
TrendMicro 20181217
TrendMicro-HouseCall 20181217
Trustlook 20181218
VBA32 20181217
VIPRE 20181217
ViRobot 20181217
Yandex 20181217
Zillya 20181217
Zoner 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2001 Microsoft Corporation.

Product Twain Thunker
Internal name msencode
File version 2001072500
Description Twain.dll Client's 32-Bit
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x000072D2
Number of sections 6
PE sections
PE imports
CertDuplicateCTLContext
GetColorAdjustment
EndPath
GetModuleHandleW
SetCurrentConsoleFontEx
NetLocalGroupGetInfo
BeginPaint
PackDDElParam
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
32768

SubsystemVersion
5.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2001.7.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twain.dll Client's 32-Bit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
62976

EntryPoint
0x72d2

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2001 Microsoft Corporation.

FileVersion
2001072500

TimeStamp
2004:08:04 08:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msencode

ProductVersion
10.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

ProductName
Twain Thunker

ProductVersionNumber
10.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a41b90d13b7478e4bcd005ab76977db7
SHA1 24254a4e6d399e46130683be4f46df524130c52b
SHA256 a37963df4b00e2bccace9a6b7e240fee92c94c760b7f553da1d892417561806d
ssdeep
1536:Q1ZdV5sf5JfKmNCagLMV78ZW7X7N/ADGNM38vtaayRpi07LnpBSIMfWl2aLgTel:0nV5+5FK3PKgclIDGNQayzRFIISaLKQ

authentihash 9e8563b538b1ceb0e735e34111c041e89b92abd3b53f682bec21e9e4f3366a72
imphash 1a5875be36e37766f01e4175bc3b1b5a
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 21:36:47 UTC ( 2 months ago )
Last submission 2018-12-17 21:36:47 UTC ( 2 months ago )
File names memdump_a37963df4b00e2bccace9a6b7e240fee92c94c760b7f553da1d892417561806d.sample
msencode
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!