× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: aff9e7c30d4d467d02f89bb2afbdda94920ccd824b1cf0bf092ce65de9f96dca
File name: aff9e7c30d4d467d02f89bb2afbdda94920ccd824b1cf0bf092ce65de9f96dca
Detection ratio: 19 / 71
Analysis date: 2019-01-17 21:28:16 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Avast FileRepMalware 20190117
AVG FileRepMalware 20190117
Bkav HW32.Packed. 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.c42daf 20190109
Cylance Unsafe 20190117
eGambit Unsafe.AI_Score_97% 20190117
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20190117
Microsoft Trojan:Win32/Emotet 20190117
NANO-Antivirus Virus.Win32.Gen.ccmw 20190117
Qihoo-360 HEUR/QVM19.1.9D75.Malware.Gen 20190117
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgGAfkeubQottA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.high.ml.score 20190103
VBA32 Malware-Cryptor.TDSS 20190117
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190117
Arcabit 20190117
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Comodo 20190117
Cyren 20190117
DrWeb 20190117
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190117
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190117
Malwarebytes 20190117
MAX 20190117
McAfee 20190117
eScan 20190117
Palo Alto Networks (Known Signatures) 20190117
Panda 20190117
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
TotalDefense 20190117
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VIPRE 20190117
ViRobot 20190117
Webroot 20190117
Yandex 20190117
Zillya 20190117
ZoneAlarm by Check Point 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© wehjrg Corporation. Al

Product Micros
Internal name kbdusx (
File version 6.1.760
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-17 21:22:30
Entry Point 0x000030D0
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
GetTokenInformation
LookupAccountNameA
InitiateSystemShutdownA
GetFileSecurityW
LookupPrivilegeDisplayNameW
CryptHashSessionKey
GetSidSubAuthorityCount
EnumServicesStatusExW
GetSidIdentifierAuthority
GetSecurityDescriptorControl
GetCurrentHwProfileA
GetPrivateObjectSecurity
GetUserNameA
GetServiceDisplayNameA
GetFileSecurityA
GetCurrentHwProfileW
IsTextUnicode
DecryptFileW
LookupPrivilegeNameW
[+] CLUSAPI.dll
GetClusterFromResource
[+] GDI32.dll
GetTextCharsetInfo
GetCurrentPositionEx
GetTextCharset
GetClipBox
GetViewportOrgEx
GetLayout
GetTextExtentPointA
GetTextExtentExPointI
GetCharWidthW
GetTextExtentExPointW
GetRegionData
GdiSetBatchLimit
GetLogColorSpaceA
GetOutlineTextMetricsA
DescribePixelFormat
GetTextFaceW
DeleteColorSpace
GetPolyFillMode
ExtSelectClipRgn
GetRasterizerCaps
GetCharWidthFloatA
ExtEscape
GetFontData
GetBkColor
[+] KERNEL32.dll
GetVolumePathNameW
GetTempFileNameA
FileTimeToDosDateTime
GetConsoleOutputCP
GetFileAttributesA
DeactivateActCtx
GetPrivateProfileSectionNamesW
FlsGetValue
GetFileAttributesW
GetPrivateProfileStructW
GetCurrentProcess
GetConsoleMode
LocalAlloc
GetConsoleCursorInfo
SetErrorMode
GetFileInformationByHandle
lstrcatW
FindResourceExA
InterlockedExchange
FindActCtxSectionStringW
LocalFree
FormatMessageW
IsWow64Process
FreeLibraryAndExitThread
GlobalHandle
EnumSystemGeoID
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
GetUserDefaultLangID
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FindNLSString
GetStringTypeExW
FindNextVolumeW
GetPrivateProfileStringA
WriteProfileStringA
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
GetProfileSectionA
GetSystemPowerStatus
WriteProfileStringW
GlobalAddAtomW
EraseTape
CreateThread
EnumResourceNamesW
GlobalAddAtomA
GetConsoleDisplayMode
GetSystemDirectoryA
GetThreadSelectorEntry
GetDiskFreeSpaceExA
VirtualQuery
HeapFree
LoadLibraryW
GetSystemWindowsDirectoryA
FindVolumeClose
GetDateFormatW
GetWindowsDirectoryA
GetCommProperties
GlobalLock
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetProfileStringW
GetTimeFormatW
GetFileSizeEx
FreeConsole
FindNextFileA
FindAtomW
lstrcmpW
FindFirstFileExW
ExpandEnvironmentStringsA
EscapeCommFunction
GetPrivateProfileSectionW
WriteProfileSectionA
GetFileType
GetPrivateProfileSectionA
GetCurrencyFormatW
DefineDosDeviceW
GetSystemInfo
GlobalFree
GetTapeStatus
GlobalGetAtomNameA
GlobalUnlock
GlobalAlloc
GetShortPathNameA
GetAtomNameA
Wow64DisableWow64FsRedirection
GetCurrentDirectoryA
GetAtomNameW
GetCompressedFileSizeA
lstrcpynW
MapViewOfFile
GetModuleHandleA
GetCommTimeouts
Wow64RevertWow64FsRedirection
EnumSystemCodePagesA
lstrcpynA
GetFileAttributesExW
QueryIdleProcessorCycleTime
UnmapViewOfFile
VirtualFree
GetComputerNameExW
FindResourceA
VirtualAlloc
[+] OLEAUT32.dll
LoadRegTypeLib
VarCyMulI4
LoadTypeLibEx
[+] SHELL32.dll
ExtractAssociatedIconA
ExtractIconExA
ExtractIconA
[+] SHLWAPI.dll
GetMenuPosFromID
[+] Secur32.dll
FreeCredentialsHandle
[+] USER32.dll
EnumWindowStationsA
GetForegroundWindow
DestroyMenu
PostQuitMessage
DrawStateW
LockSetForegroundWindow
SetWindowPos
GetClipboardViewer
SetActiveWindow
GetMenuStringW
LockWorkStation
SendMessageW
DrawTextW
SetScrollPos
LoadMenuIndirectA
IsClipboardFormatAvailable
LoadImageW
GetSubMenu
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
DestroyWindow
GetMessageA
LoadImageA
GetCursorInfo
EnumWindows
GetClassInfoExA
GetMessageW
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
GetSystemMenu
DestroyCaret
InsertMenuItemA
GetWindowPlacement
SetWindowLongW
IsIconic
GetWindowLongA
GetKeyboardLayout
FillRect
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
CharNextW
RegisterWindowMessageW
DefWindowProcW
GetScrollPos
GetComboBoxInfo
DefMDIChildProcA
DrawFocusRect
GetSystemMetrics
EnableMenuItem
GetWindowRect
UpdateWindow
DrawIcon
GetMessageExtraInfo
CreateDialogParamW
CheckMenuItem
GetPriorityClipboardFormat
GetDlgItem
GetMenuCheckMarkDimensions
GetMenuStringA
GetMenuState
CreateIconFromResource
LoadCursorW
LoadIconW
FindWindowExW
FlashWindow
SetForegroundWindow
OpenClipboard
GetScrollInfo
FindWindowW
GetCapture
GetShellWindow
MessageBeep
GetRawInputDeviceInfoW
FreeDDElParam
RemoveClipboardFormatListener
RegisterClassExW
MoveWindow
DialogBoxParamW
LoadKeyboardLayoutW
DestroyCursor
LookupIconIdFromDirectoryEx
GetWindowRgn
GetProcessDefaultLayout
DeleteMenu
InvalidateRect
IsRectEmpty
CloseClipboard
SetCursor
[+] WININET.dll
FindCloseUrlCache
GetUrlCacheEntryInfoA
FindNextUrlCacheGroup
InternetGoOnline
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
[+] WINSPOOL.DRV
FindClosePrinterChangeNotification
DeletePrinterDriverW
DeletePrinter
[+] mscms.dll
GetColorProfileElement
GetColorProfileHeader
GetColorDirectoryW
[+] msvcrt.dll
strncmp
mbtowc
strcspn
fwrite
system
towupper
ungetwc
fgetws
[+] ole32.dll
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
CodeSize
46080

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
133120

EntryPoint
0x30d0

MIMEType
application/octet-stream

LegalCopyright
wehjrg Corporation. Al

FileVersion
6.1.760

TimeStamp
2019:01:17 22:22:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdusx (

ProductVersion
6.1.760

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
rhrth Corpor

LegalTrademarks
Mozilla, Netscape

ProductName
Micros

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 768f2a13bbabddf046c60670aff5c71e
SHA1 22ffdc9c42dafbcf50a084ea120adebb64076a46
SHA256 aff9e7c30d4d467d02f89bb2afbdda94920ccd824b1cf0bf092ce65de9f96dca
ssdeep
3072:BPuBKi5oRx+9OeHNdRQul9kZ0sxqocKKxU4EahAd6G9pQd3tY2PmC1iZAL6B/Ju+:BmBJC+gIJQYoJcKKhAd6G9stY2

authentihash 33a2fdb465a97416c8ac1ab43d531c99ac2d02a2e58ccce0c4a8786dff443ce5
imphash cd4284f0a567a92f6a378fdbe95f8e44
File size 167.0 KB ( 171008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-17 21:28:16 UTC ( 1 month ago )
Last submission 2019-01-19 00:05:38 UTC ( 1 month ago )
File names emotet_e2_aff9e7c30d4d467d02f89bb2afbdda94920ccd824b1cf0bf092ce65de9f96dca_2019-01-17__214001.exe_
kbdusx (
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy