× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7a4bec0a3c9b6539ea826c03eea01d4dc41300ec798b43e5ae08da7f2c12d7f
File name: jCj8XMmJfU0.exe
Detection ratio: 40 / 67
Analysis date: 2018-11-10 22:09:34 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741168 20181110
AhnLab-V3 Trojan/Win32.Emotet.R243338 20181110
ALYac Trojan.GenericKD.40741168 20181110
Arcabit Trojan.Generic.D26DA930 20181110
Avast Win32:BankerX-gen [Trj] 20181110
AVG Win32:BankerX-gen [Trj] 20181110
BitDefender Trojan.GenericKD.40741168 20181110
Bkav HW32.Packed. 20181110
CAT-QuickHeal Trojan.Drixed.100454 20181108
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.79d3e0 20180225
Cylance Unsafe 20181110
Cyren W32/Trojan.WVCK-1183 20181110
DrWeb Trojan.Emotet.438 20181110
Emsisoft Trojan.GenericKD.40741168 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMNP 20181110
F-Secure Trojan.GenericKD.40741168 20181110
Fortinet W32/Kryptik.GMNP!tr 20181110
GData Trojan.GenericKD.40741168 20181110
Ikarus Trojan-Banker.Emotet 20181110
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00540c7e1 ) 20181110
Kaspersky Trojan-Banker.Win32.Emotet.bpje 20181110
Malwarebytes Trojan.Emotet 20181110
MAX malware (ai score=100) 20181110
McAfee RDN/Generic.dx 20181110
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181110
Microsoft Trojan:Win32/Emotet.AC!bit 20181110
eScan Trojan.GenericKD.40741168 20181110
NANO-Antivirus Virus.Win32.Gen.ccmw 20181110
Palo Alto Networks (Known Signatures) generic.ml 20181110
Qihoo-360 HEUR/QVM20.1.16B8.Malware.Gen 20181110
Rising Trojan.Kryptik!8.8 (CLOUD) 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181110
Symantec Trojan.Gen.2 20181110
ViRobot Trojan.Win32.Z.Emotet.135168.DR 20181110
Webroot W32.Trojan.Emotet 20181110
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bpje 20181110
AegisLab 20181110
Alibaba 20180921
Antiy-AVL 20181110
Avast-Mobile 20181110
Avira (no cloud) 20181110
Babable 20180918
Baidu 20181109
ClamAV 20181110
CMC 20181110
F-Prot 20181110
Jiangmin 20181110
K7GW 20181109
Kingsoft 20181110
Panda 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181110
TrendMicro 20181110
TrendMicro-HouseCall 20181110
Trustlook 20181110
VBA32 20181109
VIPRE 20181110
Yandex 20181109
Zillya 20181109
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name extr
Description Wimfltr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 21:58:56
Entry Point 0x00003700
Number of sections 6
PE sections
PE imports
OpenBackupEventLogA
ChangeServiceConfig2W
QueryUsersOnEncryptedFile
CryptMsgClose
SetBitmapDimensionEx
GetFontLanguageInfo
ScaleViewportExtEx
CreateBrushIndirect
OpenFile
LocalLock
FileTimeToDosDateTime
GetTimeZoneInformation
WritePrivateProfileStringA
GetCommModemStatus
CreateDirectoryA
GetProcessIdOfThread
SetEvent
FlsGetValue
DeleteTimerQueueTimer
GetSystemTimes
GetCurrentThreadId
GetCommandLineW
SetHandleInformation
SleepEx
MprAdminConnectionEnum
VarI4FromStr
VarI4FromCy
RasGetEapUserIdentityA
SetupCopyOEMInfA
DuplicateIcon
SHSetLocalizedName
Ord(437)
GetCursorPos
SendDlgItemMessageA
GetMessagePos
GetScrollRange
LookupIconIdFromDirectory
DestroyAcceleratorTable
CloseWindow
BroadcastSystemMessageW
SCardStatusA
SCardBeginTransaction
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Wimfltr

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x3700

MIMEType
application/octet-stream

TimeStamp
1996:06:16 23:58:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
extr

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c13143daec8b7beb372be850b96e2ff
SHA1 0b3294479d3e0f2e60ca729fee2b21ba655d00a7
SHA256 a7a4bec0a3c9b6539ea826c03eea01d4dc41300ec798b43e5ae08da7f2c12d7f
ssdeep
3072:clXbT+iVNGueLlI5pnvBFQacIxvzIvuUBBn9qWwzG4Evoss+JW:cl/FHfTBxpzUTn9qdHss

authentihash f84dcb6f7a5e933b31f2ba2c1b38ba1d51829c1451d0bc2f21987f4b468da0dc
imphash c0dedfe927ab56892ab71dc87e94c356
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 11:05:35 UTC ( 3 months, 1 week ago )
Last submission 2018-11-09 11:34:58 UTC ( 3 months, 1 week ago )
File names 78.exe
extr
jCj8XMmJfU0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!