× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae12cc7e26300fb847782171bf92c43f8031a9348de45c4e17d0663e1bb4fb13
File name: 7b0e3f3e3f5f3fef30d494efdeb89ceb
Detection ratio: 49 / 69
Analysis date: 2018-12-23 02:29:16 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181222
Ad-Aware Trojan.Autoruns.GenericKD.31428092 20181222
AhnLab-V3 Trojan/Win32.Emotet.R249242 20181222
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181222
Arcabit Trojan.Autoruns.Generic.D1DF8DFC 20181222
Avast Win32:BankerX-gen [Trj] 20181222
AVG Win32:BankerX-gen [Trj] 20181222
BitDefender Trojan.Autoruns.GenericKD.31428092 20181222
Bkav HW32.Packed. 20181221
ClamAV Win.Trojan.Agent-6789152-0 20181223
Comodo Malware@#1nd7u024v2doo 20181223
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.c184ed 20180225
Cylance Unsafe 20181223
Cyren W32/Emotet.LE.gen!Eldorado 20181223
DrWeb Trojan.EmotetENT.329 20181223
Emsisoft Trojan.Emotet (A) 20181223
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNYD 20181223
F-Prot W32/Emotet.LE.gen!Eldorado 20181223
F-Secure Trojan.Autoruns.GenericKD.31428092 20181223
Fortinet W32/GenKryptik.CUML!tr 20181223
GData Trojan.Autoruns.GenericKD.31428092 20181223
Ikarus Trojan-Banker.Emotet 20181223
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.esm 20181223
K7AntiVirus Riskware ( 0040eff71 ) 20181222
K7GW Riskware ( 0040eff71 ) 20181222
Kaspersky Trojan-Banker.Win32.Emotet.bvtg 20181223
Malwarebytes Trojan.Emotet 20181223
McAfee Emotet-FJX!7B0E3F3E3F5F 20181223
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181222
Microsoft Trojan:Win32/Emotet.CJ 20181223
eScan Trojan.Autoruns.GenericKD.31428092 20181223
Palo Alto Networks (Known Signatures) generic.ml 20181223
Panda Generic Malware 20181222
Qihoo-360 HEUR/QVM20.1.F559.Malware.Gen 20181223
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181223
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-AOI 20181223
Symantec Trojan.Emotet 20181222
TACHYON Banker/W32.Emotet.126976.AW 20181222
Tencent Win32.Trojan-banker.Emotet.Agve 20181223
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABAIAH 20181222
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABAIAH 20181222
VBA32 BScope.TrojanBanker.Emotet 20181222
Webroot W32.Trojan.Emotet 20181223
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvtg 20181222
AegisLab 20181222
Alibaba 20180921
Avast-Mobile 20181222
Avira (no cloud) 20181222
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181222
CMC 20181223
eGambit 20181223
Kingsoft 20181223
MAX 20181223
NANO-Antivirus 20181223
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TheHacker 20181220
TotalDefense 20181222
Trustlook 20181223
ViRobot 20181222
Yandex 20181221
Zillya 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Cor

Product Microsoft®
Original name kbdth3.dll
Internal name kbdth3 (3.13)
Description Stoh Levadihote (non-ShiftLock) Keyboa
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002B40
Number of sections 9
PE sections
PE imports
GetSecurityDescriptorRMControl
GetTickCount64
GetNamedPipeClientProcessId
WaitForMultipleObjectsEx
GetProcessHandleCount
GetDiskFreeSpaceExW
GetCurrentProcess
QueryActCtxW
GetProcessId
GetDynamicTimeZoneInformation
GetMenuItemCount
GetMessageExtraInfo
TrackPopupMenu
AddClipboardFormatListener
g_rgSCardRawPci
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
9.0.0.2719

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Stoh Levadihote (non-ShiftLock) Keyboa

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x2b40

OriginalFileName
kbdth3.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Cor

TimeStamp
2002:07:17 19:23:20-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdth3 (3.13)

ProductVersion
6.1.76

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporat

CodeSize
135168

ProductName
Microsoft

ProductVersionNumber
9.0.0.2719

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 7b0e3f3e3f5f3fef30d494efdeb89ceb
SHA1 dc2d016c184ed7bcfee7984e94de9703aa86bea1
SHA256 ae12cc7e26300fb847782171bf92c43f8031a9348de45c4e17d0663e1bb4fb13
ssdeep
3072:xjb2+bsNgsWlpNt5rXsQKlW6/IBkRVjb:Nb1+gsmllcWsdRV

authentihash ad9a11c55317108ff3f6bf712cf151c14923543b84c7381c4ea4ad4c1a7ab018
imphash a6029bcd8946c7fc233249f31cbff985
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 00:16:36 UTC ( 2 months ago )
Last submission 2018-12-21 09:34:51 UTC ( 1 month, 3 weeks ago )
File names 7b0e3f3e3f5f3fef30d494efdeb89ceb
w_vQWizG8J.exe
stglanes.exe
Xm_edbGOTU.exe
Rm50m_F.exe
PJgqCKA4CjN69k.exe
kbdth3 (3.13)
kbdth3.dll
561.exe
Z7e4Xxu_l8.exe
8v0YX_gsRoX.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!