× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab1fd687c3f2166455da61f4e13a8bb62b6bfe9f1d719dcc53e290a1e1af21c7
File name: ab1fd687c3f2166455da61f4e13a8bb62b6bfe9f1d719dcc53e290a1e1af21c7
Detection ratio: 30 / 68
Analysis date: 2018-06-17 06:46:41 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30982120 20180617
AegisLab Ml.Attribute.Gen!c 20180617
Avast Win32:Malware-gen 20180617
AVG Win32:Malware-gen 20180617
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
BitDefender Trojan.GenericKD.30982120 20180617
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180617
Cyren W32/Trojan.HXNK-8493 20180617
Emsisoft Trojan.GenericKD.30982120 (B) 20180617
Endgame malicious (high confidence) 20180612
F-Secure Trojan.GenericKD.30982120 20180617
Fortinet W32/Kryptik.FVEZ!tr 20180617
GData Win32.Trojan-Spy.Emotet.8XLCXG 20180617
Ikarus Trojan-Banker.Emotet 20180616
Sophos ML heuristic 20180601
Kaspersky Trojan-Banker.Win32.Emotet.aslv 20180617
MAX malware (ai score=94) 20180617
McAfee Artemis!48D08E815E54 20180617
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fm 20180617
eScan Trojan.GenericKD.30982120 20180617
Palo Alto Networks (Known Signatures) generic.ml 20180617
Qihoo-360 HEUR/QVM20.1.E471.Malware.Gen 20180617
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180616
TrendMicro TSPY_EMOTET.TTIBBIS 20180617
TrendMicro-HouseCall TSPY_EMOTET.TTIBBIS 20180617
VBA32 BScope.Malware-Cryptor.Win32.Cb 20180615
Webroot W32.Trojan.Emotet 20180617
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aslv 20180617
AhnLab-V3 20180616
Alibaba 20180615
ALYac 20180617
Antiy-AVL 20180617
Arcabit 20180617
Avast-Mobile 20180616
Avira (no cloud) 20180616
AVware 20180617
Babable 20180406
Bkav 20180616
CAT-QuickHeal 20180616
ClamAV 20180617
CMC 20180616
Comodo 20180617
Cybereason 20180225
DrWeb 20180617
eGambit 20180617
ESET-NOD32 20180617
F-Prot 20180617
Jiangmin 20180617
K7AntiVirus 20180617
K7GW 20180617
Kingsoft 20180617
Malwarebytes 20180617
Microsoft 20180617
NANO-Antivirus 20180617
Panda 20180616
Rising 20180617
Sophos AV 20180617
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180617
Tencent 20180617
TheHacker 20180613
TotalDefense 20180617
Trustlook 20180617
VIPRE 20180617
ViRobot 20180616
Yandex 20180615
Zillya 20180615
Zoner 20180617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-17 03:10:21
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
LogonUserA
RegCloseKey
CertGetCTLContextProperty
CertNameToStrA
CryptMemRealloc
CryptSIPLoad
CertGetSubjectCertificateFromStore
SetDCPenColor
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
EnumSystemLocalesW
GetTempPathW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
LZSeek
LZInit
VarBstrFromBool
glMultMatrixd
RasGetProjectionInfoA
AssocQueryKeyW
PathSetDlgItemPathW
CharLowerBuffW
GetMessagePos
TrackPopupMenu
wsprintfA
GetInputState
GetMessageExtraInfo
GetDialogBaseUnits
MessageBeep
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
fgetwc
puts
OleCreateStaticFromData
CLSIDFromString
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
232448

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:16 20:10:21-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
101376

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 48d08e815e54cf3ae748c6a2faf9692d
SHA1 fc6f27967718077f6c3c0fccfb161a3af420518c
SHA256 ab1fd687c3f2166455da61f4e13a8bb62b6bfe9f1d719dcc53e290a1e1af21c7
ssdeep
1536:/Z241jPKK64OC95G5l8PP9qqxyUfsteugivuTGgbjkG5JH6JZ:/Z24Z/R+a7RsEug25

authentihash 106c0922499eaa758a35ce5e29359a98c55a69ee1cfafa00af706c6b35f70f52
imphash 4fcbfe1641a3f4ef7c3bd357fb9177d5
File size 322.0 KB ( 329728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-16 20:24:32 UTC ( 10 months, 1 week ago )
Last submission 2018-11-20 11:57:30 UTC ( 5 months ago )
File names output.113467775.txt
mLVVHMCx0mBsM5Ur.exe
output.113451614.txt
15041164915.exe
08694776.exe
hxxp:++melondisc.co.th+4D2MlO+-2018-07-17.14-52.txt
25136345720.exe
48d08e815e54cf3ae748c6a2faf9692d
7629707437.exe
62816835020.exe
37291176.exe
1505219839.exe
25136345720.exe
54792858.exe
0442d0e8e71488ff040659f84973d7cc5d196246
33003745578.exe
778687775.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!