× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b14febdf84686132686816b15e28cb84d93ab4d4d322003e98d5e00a9419d2f6
File name: avz00008.dta
Detection ratio: 28 / 69
Analysis date: 2018-10-01 04:36:26 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181001
AVG FileRepMalware 20181001
Bkav HW32.Packed. 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180930
Comodo CloudScanner.Trojan.Gen 20181001
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.a7b67d 20180225
Cylance Unsafe 20181001
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CMRG 20181001
Fortinet W32/Generic.AP.1FF3C4!tr 20181001
GData Win32.Trojan-Spy.Emotet.AJQR1U 20181001
Ikarus Win32.Outbreak 20180930
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bfqz 20181001
MAX malware (ai score=53) 20181001
McAfee Emotet-FHZ!B2A370064403 20181001
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20181001
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181001
NANO-Antivirus Virus.Win32.Gen.ccmw 20181001
Palo Alto Networks (Known Signatures) generic.ml 20181001
Panda Trj/GdSda.A 20180930
Qihoo-360 HEUR/QVM20.1.3761.Malware.Gen 20181001
Rising Trojan.Emotet!8.B95 (CLOUD) 20181001
Sophos AV Mal/Generic-S 20181001
Symantec Packed.Generic.517 20180930
TrendMicro-HouseCall TROJ_GEN.R020H05IU18 20181001
Webroot W32.Trojan.Emotet 20181001
Ad-Aware 20181001
AegisLab 20181001
Alibaba 20180921
ALYac 20181001
Antiy-AVL 20181001
Arcabit 20181001
Avast 20181001
Avast-Mobile 20180928
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181001
ClamAV 20181001
CMC 20181001
Cyren 20181001
DrWeb 20181001
eGambit 20181001
Emsisoft 20181001
F-Prot 20181001
F-Secure 20181001
Jiangmin 20181001
K7AntiVirus 20181001
K7GW 20180930
Kingsoft 20181001
Malwarebytes 20181001
eScan 20181001
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20181001
Tencent 20181001
TheHacker 20181001
TotalDefense 20180930
TrendMicro 20181001
Trustlook 20181001
VBA32 20180928
VIPRE 20181001
ViRobot 20180930
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x00001500
Number of sections 6
PE sections
PE imports
ImpersonateAnonymousToken
InitiateSystemShutdownW
EnumServicesStatusA
OpenCluster
GetNodeClusterState
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptQueryObject
SetTextAlign
SelectObject
GetTextColor
CreateEllipticRgn
EnumSystemCodePagesW
TransmitCommChar
UnregisterWait
FindFirstChangeNotificationA
IsSystemResumeAutomatic
LocalFlags
GetNamedPipeServerProcessId
CreateFileW
RemoveVectoredExceptionHandler
GetProcessPriorityBoost
Sleep
FlsGetValue
ReadFileEx
GetCommandLineA
lstrlenW
PulseEvent
InterlockedIncrement
VarR4FromDate
GetCurrentPowerPolicies
SHCreateShellItem
StrSpnA
ToUnicodeEx
SetDlgItemInt
IsClipboardFormatAvailable
GetForegroundWindow
GetWindowLongA
GetKeyboardLayout
GetWindow
CreateIcon
BroadcastSystemMessageA
SetProcessDPIAware
IsCharAlphaA
GetMessageW
IsWindowEnabled
LoadCursorA
GetProcessWindowStation
CreateAcceleratorTableA
ActivateKeyboardLayout
ToUnicode
waveOutGetPitch
waveInGetDevCapsW
CryptCATGetCatAttrInfo
FindCertsByIssuer
ungetc
realloc
perror
OleIsCurrentClipboard
PdhBrowseCountersW
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:11:01 06:05:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1500

InitializedDataSize
122880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b2a3700644031fb2cc199c9aceac2dab
SHA1 61a90e7a7b67dba2f2f37d6962540f661937d0f6
SHA256 b14febdf84686132686816b15e28cb84d93ab4d4d322003e98d5e00a9419d2f6
ssdeep
1536:eDbqYNTNcbasOOJtn/Hrk1AZXpxkixtOydZwhPkvZiM60/wZB5466i/42:1YNTe2sbLn/dZZXPOy/whPXM6d5D42

authentihash 0eb7cc89f0c6e3c74ca52f5128ee827f804225f8cf3302fc92ef6b9282bae610
imphash bd8cd7ff49d311f3110b592217ed4c13
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-30 16:50:26 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-01 04:01:40 UTC ( 4 months, 3 weeks ago )
File names avz00008.dta
60564.exe
iYIXuC4luQRLMTvUDif.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!