× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5239fb4510d2519e0c8cc838ca2079b5d7b31bfec91a26f3a1de0f4095df26a
File name: a5239fb4510d2519e0c8cc838ca2079b5d7b31bfec91a26f3a1de0f4095df26a
Detection ratio: 42 / 68
Analysis date: 2018-11-04 07:37:36 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40665244 20181104
AegisLab Trojan.Win32.Generic.4!c 20181104
AhnLab-V3 Trojan/Win32.Emotet.R242031 20181103
ALYac Trojan.GenericKD.40665244 20181104
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181104
Arcabit Trojan.Generic.D26C809C 20181104
Avast Win32:BankerX-gen [Trj] 20181104
AVG Win32:BankerX-gen [Trj] 20181104
BitDefender Trojan.GenericKD.40665244 20181104
Bkav HW32.Packed. 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.25f0a1 20180225
Cylance Unsafe 20181104
Cyren W32/Trojan.GGLS-8473 20181104
Emsisoft Trojan.GenericKD.40665244 (B) 20181104
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMEV 20181103
F-Secure Trojan.GenericKD.40665244 20181104
Fortinet W32/Kryptik.GMEC!tr 20181104
GData Trojan.GenericKD.40665244 20181104
Ikarus Trojan.Win32.Crypt 20181103
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 005402f11 ) 20181104
K7GW Trojan ( 005402f11 ) 20181104
Kaspersky Trojan-Banker.Win32.Emotet.bllo 20181104
Malwarebytes Trojan.Emotet 20181104
MAX malware (ai score=100) 20181104
McAfee RDN/Generic.grp 20181104
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181104
Microsoft Trojan:Win32/Emotet.AC!bit 20181104
eScan Trojan.GenericKD.40665244 20181104
Palo Alto Networks (Known Signatures) generic.ml 20181104
Panda Trj/RnkBend.A 20181103
Qihoo-360 HEUR/QVM20.1.E189.Malware.Gen 20181104
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181104
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181104
Symantec Trojan.Emotet 20181103
TrendMicro TROJ_GEN.R004C0CK218 20181104
TrendMicro-HouseCall TROJ_GEN.R004C0CK218 20181104
Webroot W32.Trojan.Emotet 20181104
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bllo 20181104
Alibaba 20180921
Avast-Mobile 20181104
Avira (no cloud) 20181103
Babable 20180918
Baidu 20181102
CAT-QuickHeal 20181103
ClamAV 20181104
CMC 20181103
DrWeb 20181104
eGambit 20181104
F-Prot 20181104
Jiangmin 20181104
Kingsoft 20181104
NANO-Antivirus 20181104
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181104
Tencent 20181104
TheHacker 20181104
TotalDefense 20181104
Trustlook 20181104
VBA32 20181102
VIPRE 20181104
ViRobot 20181103
Yandex 20181102
Zillya 20181102
Zoner 20181104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product LegDllView
Original name LegDllView.exe
Internal name MSINER50.
File version 5.0
Description LegDllView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-27 17:30:04
Entry Point 0x00003100
Number of sections 6
PE sections
PE imports
ImpersonateAnonymousToken
GetSecurityDescriptorControl
GetTextColor
RealizePalette
GetClipBox
GetTimeZoneInformation
VirtualFreeEx
GetCommandLineW
GetCurrentConsoleFontEx
GetProcessPriorityBoost
CloseHandle
GlobalLock
PulseEvent
StrCmpNA
GetQueueStatus
SetMenuItemBitmaps
ShowWindowAsync
IsGUIThread
GetDlgItem
GetWindowContextHelpId
GetSysColor
Number of PE resources by type
RT_STRING 4
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LegDllView

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
147456

EntryPoint
0x3100

OriginalFileName
LegDllView.exe

MIMEType
application/octet-stream

FileVersion
5.0

TimeStamp
2013:07:27 19:30:04+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSINER50.

ProductVersion
5.1

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micro

CodeSize
12288

ProductName
LegDllView

ProductVersionNumber
1.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c0c656a25f0a1cd02718a3cc6755521b
SHA1 b3255dcf3594d9e8212adbffc20664802f078ba4
SHA256 a5239fb4510d2519e0c8cc838ca2079b5d7b31bfec91a26f3a1de0f4095df26a
ssdeep
3072:LDGAqwK2OTS43nAAya+Wg6ngOQdIAMePbvd5gx86tic:/N343nAXa+CgfxvdJ6

authentihash 372a52d7e2142cbf3bb27a7514ad1c4d8e85d372580c081a40349a9d57abd4ce
imphash 2c36dc1cd4fc794238602d8d90ca4496
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-30 23:21:53 UTC ( 3 months, 2 weeks ago )
Last submission 2018-10-31 05:45:09 UTC ( 3 months, 2 weeks ago )
File names zwG6FgKMkvtbc8eix.exe
MSINER50.
LegDllView.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!