× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419
File name: b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419
Detection ratio: 16 / 70
Analysis date: 2019-02-15 01:12:36 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
AVG FileRepMalware 20190214
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190215
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CZNO 20190215
Sophos ML heuristic 20181128
Malwarebytes Trojan.Emotet 20190215
McAfee Emotet-FLY!8CE011D3F843 20190214
Palo Alto Networks (Known Signatures) generic.ml 20190215
Qihoo-360 HEUR/QVM19.1.3BDB.Malware.Gen 20190215
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgKMHTL39ffLNw) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190214
Trapmine malicious.high.ml.score 20190123
Webroot W32.Trojan.Emotet 20190215
Ad-Aware 20190215
AegisLab 20190215
AhnLab-V3 20190214
Alibaba 20180921
ALYac 20190214
Antiy-AVL 20190214
Arcabit 20190214
Avast 20190214
Avast-Mobile 20190214
Avira (no cloud) 20190214
Babable 20180918
Baidu 20190202
BitDefender 20190215
Bkav 20190214
CAT-QuickHeal 20190214
ClamAV 20190214
CMC 20190214
Comodo 20190215
Cybereason 20190109
Cyren 20190215
DrWeb 20190214
eGambit 20190215
Emsisoft 20190214
F-Prot 20190215
F-Secure 20190215
Fortinet 20190215
GData 20190214
Ikarus 20190214
Jiangmin 20190215
K7AntiVirus 20190214
K7GW 20190214
Kaspersky 20190215
Kingsoft 20190215
MAX 20190215
McAfee-GW-Edition 20190214
Microsoft 20190214
eScan 20190215
NANO-Antivirus 20190215
Panda 20190214
Sophos AV 20190214
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190215
Tencent 20190215
TheHacker 20190212
TotalDefense 20190214
TrendMicro 20190214
TrendMicro-HouseCall 20190215
Trustlook 20190215
VBA32 20190214
ViRobot 20190215
Yandex 20190213
Zillya 20190214
ZoneAlarm by Check Point 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017 America Online, Inc.

Original name jgm1GEN.dll
Internal name pgadoEN.exe
File version 024
Description PG ADO DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-15 01:01:50
Entry Point 0x00003A30
Number of sections 11
PE sections
PE imports
IsTokenRestricted
GetUserDefaultUILanguage
GetCurrentProcess
GetThreadPriority
GetNamedPipeInfo
TerminateThread
IsValidLocaleName
SetFileApisToOEM
GetProcessPriorityBoost
GetTickCount
CloseHandle
GetVersion
GetCurrentThread
InterlockedIncrement
GetMessagePos
TranslateAcceleratorA
AnyPopup
MapVirtualKeyExW
LoadStringW
ChangeClipboardChain
GetForegroundWindow
AddMonitorA
PdhCollectQueryDataWithTime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
15.2

ImageVersion
0.0

FileVersionNumber
24.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PG ADO DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
147456

EntryPoint
0x3a30

OriginalFileName
jgm1GEN.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017 America Online, Inc.

FileVersion
024

TimeStamp
2019:02:15 02:01:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pgadoEN.exe

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
America Online

CodeSize
0

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8ce011d3f843bccb4f8136aec4e0bb7d
SHA1 fb0eea1de0d5c5e113da613cc72e4e6019d50a0a
SHA256 b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419
ssdeep
3072:EJ+3++k30npjN7MLJEKAVvblB8TTayH1FEvM:EJ+BkqjNALJcVvblBeTa41

authentihash 1789b33d84c167a7b6624a70c2d686e9d3a35d6365b002263948394781cced5f
imphash 7f4696853b1e0a604e806601fe600561
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-15 01:12:36 UTC ( 2 months ago )
Last submission 2019-02-16 03:15:37 UTC ( 2 months ago )
File names 213.exe
D0XgqXrASwSL.exe
BtgARnonC.exe
pgadoEN.exe
b5IkNz1g.exe
Y6pFbMKbWp.exe
emotet_e1_b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419_2019-02-15__011502.exe_
b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419.exe
UVtN3ITfGby.exe
sgWcxK0EjHND.exe
jgm1GEN.dll
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!