× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6e52e4b0b8c2bc2d91852d3d85031483229432fce63d979d7c121c8236350c5
File name: a6e52e4b0b8c2bc2d91852d3d85031483229432fce63d979d7c121c8236350c5
Detection ratio: 19 / 70
Analysis date: 2018-11-30 08:52:37 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20181130
ClamAV Win.Trojan.Emotet-6748801-0 20181130
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.9e7381 20180225
Cylance Unsafe 20181130
Emsisoft Trojan.Emotet (A) 20181130
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNFC!tr 20181130
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c2ba1 ) 20181130
K7GW Trojan ( 0053c2ba1 ) 20181130
McAfee Emotet-FKN!AC0F4469E738 20181130
Microsoft Trojan:Win32/Fuerboos.A!cl 20181130
Qihoo-360 HEUR/QVM20.1.8C78.Malware.Gen 20181130
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazpW41l5AycR3lSPwhNKuSEI) 20181130
SentinelOne (Static ML) static engine - malicious 20181011
Symantec Packed.Generic.517 20181129
Trapmine malicious.high.ml.score 20181128
Webroot W32.Trojan.Emotet 20181130
Ad-Aware 20181130
AegisLab 20181130
AhnLab-V3 20181129
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181130
Avast 20181130
Avast-Mobile 20181130
AVG 20181130
Avira (no cloud) 20181129
Babable 20180918
Baidu 20181130
BitDefender 20181130
Bkav 20181129
CMC 20181129
Comodo 20181130
Cyren 20181130
DrWeb 20181130
eGambit 20181130
ESET-NOD32 20181130
F-Prot 20181130
F-Secure 20181130
GData 20181130
Ikarus 20181129
Jiangmin 20181130
Kaspersky 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
McAfee-GW-Edition 20181130
eScan 20181130
NANO-Antivirus 20181130
Palo Alto Networks (Known Signatures) 20181130
Panda 20181129
Sophos AV 20181130
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181130
Tencent 20181130
TheHacker 20181129
TotalDefense 20181130
TrendMicro 20181130
TrendMicro-HouseCall 20181130
Trustlook 20181130
VBA32 20181129
VIPRE 20181129
ViRobot 20181130
Yandex 20181129
Zillya 20181129
ZoneAlarm by Check Point 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Low Corporation

Product Microsoft®
Internal name securit
File version 3.00.
Description V
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-30 08:46:17
Entry Point 0x000636A7
Number of sections 5
PE sections
PE imports
GetNamedSecurityInfoW
ImpersonateLoggedOnUser
PrivilegeCheck
AVIStreamReadFormat
SetWorldTransform
CreatePen
CreateBrushIndirect
ImmSetOpenStatus
GetNativeSystemInfo
GetNamedPipeClientProcessId
GetComputerNameA
GetLogicalDrives
GetEnvironmentStrings
GetStringScripts
GetTimeZoneInformation
SetTapeParameters
FreeConsole
GetProcessWorkingSetSize
GetEnvironmentStringsW
GetCompressedFileSizeA
GetModuleHandleW
I_RpcBindingInqLocalClientPID
SetupDiDestroyDriverInfoList
SetupOpenInfFileA
SHIsLowMemoryMachine
StrChrNW
DrawTextExW
DdeConnect
LoadBitmapA
mixerClose
gethostbyname
fsetpos
HPALETTE_UserMarshal
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
V

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
25600

EntryPoint
0x636a7

MIMEType
application/octet-stream

LegalCopyright
Low Corporation

FileVersion
3.00.

TimeStamp
2018:11:30 09:46:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
securit

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
409600

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ac0f4469e7381eb2b754001a79ebb081
SHA1 a47dacdacba632644c10ac149a5f0cb36ce1f4e4
SHA256 a6e52e4b0b8c2bc2d91852d3d85031483229432fce63d979d7c121c8236350c5
ssdeep
1536:GFMXoIIwPZDg773igq7EbfT/m0p+WbE/Gd4KsimxY26S5ie63+LKL/AW3x:71x8771DT/m0ozDKk35iZ+e8W3x

authentihash cb6ef58e620e22dd3c95adfcff588edc5ca362a859dd6872d6b006b15d8f6b25
imphash 89ad97e3c928b83b74279997722298a8
File size 419.5 KB ( 429568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-30 08:52:37 UTC ( 2 months, 3 weeks ago )
Last submission 2018-11-30 10:00:05 UTC ( 2 months, 3 weeks ago )
File names shooterdsm(136).gxe
AQvf797KRUpvS.exe
69754.exe
securit
129.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!