× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b35857276b802ea70b18f9f4cd474be0b0453dce45f4f3f7e701661bb06dd973
File name: P1Q65Bj75FtPLFD3.exe
Detection ratio: 16 / 70
Analysis date: 2019-02-05 07:23:36 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Bkav HW32.Packed. 20190201
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.aded11 20190109
Cylance Unsafe 20190205
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GPJZ 20190205
Fortinet W32/Kryptik.GPID!tr 20190205
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20190205
Microsoft Trojan:Win32/Emotet 20190205
Qihoo-360 HEUR/QVM20.1.0511.Malware.Gen 20190205
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgKfGcS3pkbuFg) 20190205
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190205
Trapmine suspicious.low.ml.score 20190123
Ad-Aware 20190205
AegisLab 20190205
AhnLab-V3 20190204
Alibaba 20180921
ALYac 20190205
Antiy-AVL 20190205
Arcabit 20190205
Avast 20190205
Avast-Mobile 20190204
AVG 20190205
Avira (no cloud) 20190205
Babable 20180918
Baidu 20190202
BitDefender 20190205
CAT-QuickHeal 20190204
ClamAV 20190204
CMC 20190204
Comodo 20190205
Cyren 20190205
DrWeb 20190205
eGambit 20190205
Emsisoft 20190205
F-Prot 20190205
F-Secure 20190205
GData 20190205
Ikarus 20190204
Jiangmin 20190205
K7AntiVirus 20190205
K7GW 20190205
Kaspersky 20190205
Kingsoft 20190205
Malwarebytes 20190205
MAX 20190205
McAfee 20190205
eScan 20190205
NANO-Antivirus 20190205
Palo Alto Networks (Known Signatures) 20190205
Panda 20190204
Sophos AV 20190205
SUPERAntiSpyware 20190130
TACHYON 20190205
Tencent 20190205
TheHacker 20190203
TotalDefense 20190205
TrendMicro 20190205
TrendMicro-HouseCall 20190205
Trustlook 20190205
VBA32 20190204
ViRobot 20190205
Webroot 20190205
Yandex 20190204
Zillya 20190204
ZoneAlarm by Check Point 20190205
Zoner 20190204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdic.dll
Internal name kbdic (3.11)
File version 5.1.2600.0 (xpclient.010817-1148)
Description Icelandic Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-05 15:20:19
Entry Point 0x00002870
Number of sections 5
PE sections
PE imports
GetLengthSid
RevertToSelf
IsTokenRestricted
EndPath
DeleteMetaFile
LocalFree
GetCommConfig
GetModuleHandleA
UnhandledExceptionFilter
WaitForSingleObject
GetCommandLineW
FindResourceExW
IsDebuggerPresent
EnumResourceNamesA
GetThreadLocale
GetConsoleScreenBufferInfoEx
GetCurrentThreadId
SetFileApisToOEM
CloseHandle
I_RpcSessionStrictContextHandle
I_RpcServerRegisterForwardFunction
NdrAllocate
CM_Query_Resource_Conflict_List
CM_Get_First_Log_Conf
SHGetFolderLocation
PathIsUNCW
StrDupA
PathIsRootW
VerifySignature
CreatePopupMenu
GetMenuInfo
InsertMenuItemW
VkKeyScanA
GetMenuState
ToUnicode
GetUpdateRect
GetForegroundWindow
NotifyWinEvent
SetClipboardViewer
IIDFromString
OleGetAutoConvert
HGLOBAL_UserSize
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
0

ImageVersion
6.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.0

UninitializedDataSize
102400

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
13.0

FileTypeExtension
exe

OriginalFileName
kbdic.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2019:02:05 16:20:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdic (3.11)

ProductVersion
5.1.2600.0

FileDescription
Icelandic Keyboard Layout

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
2

ProductVersionNumber
5.1.2600.0

EntryPoint
0x2870

ObjectFileType
Dynamic link library

File identification
MD5 78d867ec64174e85ba5c3b6e6a90bcde
SHA1 8a82b87aded11958137bfe2fd1bfe7b28cab1315
SHA256 b35857276b802ea70b18f9f4cd474be0b0453dce45f4f3f7e701661bb06dd973
ssdeep
3072:9ORQNqKRO6obvgc0Zd1F1Y5XK0ZobYS/aTGq3hpx7O:9oQNqyavQH1Fy5XK2oXSTT3hL

authentihash 8d36ce83256e299c67a8569b9b1fed48156982de01d80c87629dd47996abce5c
imphash 13ea7565fa2bde8a1d945d39ca721c51
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-05 07:23:36 UTC ( 2 months, 2 weeks ago )
Last submission 2019-02-05 16:28:54 UTC ( 2 months, 2 weeks ago )
File names kbdic.dll
kbdic (3.11)
P1Q65Bj75FtPLFD3.exe
emotet_e2_b35857276b802ea70b18f9f4cd474be0b0453dce45f4f3f7e701661bb06dd973_2019-02-05__073001.exe_
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!