× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af67f4c8535d26cd73ef89e6b37eb9904995d68869ffea430a56e953754a1a2a
File name: 3430e131ad95cdf1da8fd429857aad9b.virus
Detection ratio: 28 / 68
Analysis date: 2018-09-10 21:02:18 UTC ( 5 months, 1 week ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R236372 20180910
Avast FileRepMalware 20180910
AVG FileRepMalware 20180910
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180910
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180910
DrWeb Trojan.Crypt.61 20180910
Emsisoft Trojan.Emotet (A) 20180910
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKMT 20180910
Fortinet W32/Kryptik.GKLI!tr 20180910
GData Win32.Trojan-Spy.Emotet.D6Y7EF 20180910
Ikarus Trojan-Banker.Emotet 20180910
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bcmz 20180910
Malwarebytes Backdoor.Bot 20180910
McAfee Emotet-FHR!3430E131AD95 20180910
McAfee-GW-Edition Emotet-FHR!3430E131AD95 20180910
Microsoft Trojan:Win32/Emotet.AC!bit 20180910
Panda Trj/RnkBend.A 20180910
Rising Trojan.Emotet!8.B95 (CLOUD) 20180910
Sophos AV Mal/EncPk-ANY 20180910
Symantec Trojan.Gen.2 20180910
Tencent Win32.Trojan-banker.Emotet.Lhmu 20180910
TrendMicro TROJ_GEN.R004C0CIA18 20180910
TrendMicro-HouseCall TROJ_GEN.R004C0CIA18 20180910
Webroot W32.Malware.Gen 20180910
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bcmz 20180910
Ad-Aware 20180910
AegisLab 20180910
Alibaba 20180713
ALYac 20180910
Antiy-AVL 20180910
Arcabit 20180910
Avast-Mobile 20180910
Avira (no cloud) 20180910
AVware 20180910
Babable 20180907
BitDefender 20180910
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180910
CMC 20180910
Comodo 20180910
Cybereason 20180225
Cyren 20180910
eGambit 20180910
F-Prot 20180910
F-Secure 20180910
Jiangmin 20180910
K7AntiVirus 20180910
K7GW 20180910
Kingsoft 20180910
MAX 20180910
eScan 20180910
NANO-Antivirus 20180910
Palo Alto Networks (Known Signatures) 20180910
Qihoo-360 20180910
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180910
TheHacker 20180907
TotalDefense 20180910
Trustlook 20180910
VBA32 20180910
VIPRE 20180910
ViRobot 20180910
Yandex 20180910
Zillya 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Windows Installer - Unicode
Original name mcbuilder.exe
Internal name msisip
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Resource cache builder tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-05 01:17:18
Entry Point 0x00023CD6
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
LookupPrivilegeDisplayNameW
GetSecurityDescriptorDacl
EqualDomainSid
LookupPrivilegeDisplayNameA
LookupAccountSidA
GetCurrentHwProfileW
DeleteAce
GetClusterFromResource
GetDeviceCaps
ExtTextOutW
GetCharWidthFloatA
GetTextExtentPointA
GetSystemPaletteUse
GetPath
GetPaletteEntries
GetTextCharset
GetStdHandle
GetAtomNameW
GetOverlappedResult
LockResource
GetProcessTimes
FlushFileBuffers
GetModuleFileNameA
GetTapeParameters
FindFirstFileExW
EnumSystemLocalesA
LoadLibraryExA
SetSystemFileCacheSize
GetFileSize
GetConsoleCursorInfo
GetWindowsDirectoryA
GetVolumeInformationW
GetStartupInfoW
FoldStringW
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
WriteProfileStringW
GetCurrentThread
FindResourceExA
LoadLibraryW
GetModuleHandleA
FindFirstFileExA
GlobalAddAtomA
GetTimeFormatA
GetThreadTimes
GetDiskFreeSpaceA
GlobalLock
GetBinaryTypeA
GetThreadContext
GetLogicalDriveStringsA
EnumTimeFormatsA
GetCurrencyFormatA
LoadResource
GetConsoleWindow
GetTapePosition
DeleteTimerQueue
GetCurrentThreadId
GetProcessHeap
LoadRegTypeLib
GetRecordInfoFromTypeInfo
FindExecutableA
FreeContextBuffer
FreeCredentialsHandle
GetClassInfoExW
GetKeyboardLayoutNameA
GetInputState
DefMDIChildProcW
GetScrollPos
DestroyMenu
GetRawInputDeviceList
FlashWindowEx
FreeDDElParam
GetClassNameA
DialogBoxParamA
GetMenuDefaultItem
GetTabbedTextExtentW
InsertMenuItemA
DestroyIcon
GetRawInputData
PackDDElParam
GetClassLongA
GetSubMenu
EnumThreadWindows
GetDesktopWindow
IsWindowUnicode
IsMenu
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExA
FindFirstUrlCacheEntryExA
GetPrintProcessorDirectoryW
GetStandardColorSpaceProfileW
malloc
setvbuf
strtol
GetRunningObjectTable
FaultInIEFeature
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
381952

ImageVersion
0.0

ProductName
Windows Installer - Unicode

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
1006425862

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.1

FileTypeExtension
exe

OriginalFileName
mcbuilder.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:09:05 02:17:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msisip

ProductVersion
6.1.7601.17514

FileDescription
Resource cache builder tool

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserv

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
156672

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x23cd6

ObjectFileType
Executable application

File identification
MD5 3430e131ad95cdf1da8fd429857aad9b
SHA1 12f329f73737353036f8acf2b38ad4484c98a7e7
SHA256 af67f4c8535d26cd73ef89e6b37eb9904995d68869ffea430a56e953754a1a2a
ssdeep
6144:1O7YhOZHCnEbfrn6bYxFQai3PeU6qtyuzRmoLS/GgkpRhYihVMpTy:1O7b96EjOExuKHoL3rpRCsShy

authentihash 9c58cbf796ecaaae3ecfd5c240d67a0edfb9fdd46125e22d12ca71c31b9fa510
imphash 5a07fc3e9b93b43c717936ad81c2e86e
File size 521.5 KB ( 534016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-10 21:02:18 UTC ( 5 months, 1 week ago )
Last submission 2018-09-10 21:02:18 UTC ( 5 months, 1 week ago )
File names msisip
mcbuilder.exe
3430e131ad95cdf1da8fd429857aad9b.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!