× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4b9ac2e9d5cf9d604a46763fa89c5d5cb67498657f5fce928be2ecd00df3b65
File name: hKpSZ72BVF.exe
Detection ratio: 48 / 70
Analysis date: 2019-01-17 02:08:45 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190116
Ad-Aware Trojan.GenericKD.40943080 20190117
AhnLab-V3 Trojan/Win32.Generic.C2922349 20190116
ALYac Trojan.GenericKD.40943080 20190117
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190116
Arcabit Trojan.Generic.D270BDE8 20190117
Avast Win32:TrojanX-gen [Trj] 20190116
AVG Win32:TrojanX-gen [Trj] 20190117
Avira (no cloud) TR/AD.Emotet.etkye 20190117
BitDefender Trojan.GenericKD.40943080 20190117
Comodo Malware@#3g2capni4znpa 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.733bab 20190109
Cylance Unsafe 20190117
Cyren W32/Trojan.OEOO-7701 20190117
eGambit Unsafe.AI_Score_99% 20190117
Emsisoft Trojan.GenericKD.40943080 (B) 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190116
F-Secure Trojan.GenericKD.40943080 20190117
Fortinet W32/GenKryptik.CWHO!tr 20190117
GData Trojan.GenericKD.40943080 20190117
Ikarus Trojan-Banker.Emotet 20190116
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190116
K7GW Riskware ( 0040eff71 ) 20190116
Kaspersky Trojan-Banker.Win32.Emotet.bzcg 20190117
Malwarebytes Trojan.Emotet 20190117
MAX malware (ai score=100) 20190117
McAfee RDN/Generic.dx 20190116
McAfee-GW-Edition RDN/Generic.dx 20190116
Microsoft Trojan:Win32/Emotet.DE 20190116
eScan Trojan.GenericKD.40943080 20190116
Palo Alto Networks (Known Signatures) generic.ml 20190117
Panda Trj/GdSda.A 20190116
Qihoo-360 Win32/Trojan.833 20190117
Rising Trojan.Azden!8.F0E3 (CLOUD) 20190116
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20190117
Symantec Trojan.Emotet 20190116
TACHYON Banker/W32.Emotet.229376.K 20190117
Tencent Win32.Trojan-banker.Emotet.Htlz 20190117
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.SMTHGC.hp 20190116
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHGC.hp 20190116
VBA32 BScope.Trojan.Emotet 20190116
Webroot W32.Trojan.Emotet 20190117
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bzcg 20190117
AegisLab 20190117
Alibaba 20180921
Avast-Mobile 20190116
Babable 20180918
Baidu 20190116
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190116
CMC 20190116
DrWeb 20190117
F-Prot 20190117
Jiangmin 20190117
Kingsoft 20190117
NANO-Antivirus 20190116
SUPERAntiSpyware 20190116
TheHacker 20190115
TotalDefense 20190116
Trustlook 20190117
ViRobot 20190116
Yandex 20190116
Zillya 20190116
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft Data Access Components
Original name msdaer.dll
Internal name msdaer.dll
File version 2.81.1117.0 (xpsp_sp2_rtm.040803-2158)
Description Microsoft Data Access - OLE DB Error Collection Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-12 18:19:28
Entry Point 0x00002FDB
Number of sections 4
PE sections
PE imports
DecryptFileW
GetSecurityDescriptorControl
DeleteService
FindTextW
LineTo
GetWindowExtEx
GetOutlineTextMetricsA
GetCharacterPlacementW
GetCharWidth32W
GetPath
GetPolyFillMode
GetRegionData
GetClipBox
ExtSelectClipRgn
GdiSetBatchLimit
GetObjectType
GetMailslotInfo
GetConsoleOutputCP
lstrlenA
lstrcmpiA
FindVolumeClose
FindFirstFileW
LocalAlloc
DefineDosDeviceA
GetConsoleDisplayMode
GetCommMask
lstrcpyW
lstrcmpiW
GetConsoleWindow
lstrlenW
GetPrivateProfileStructW
GlobalFindAtomW
GetProcessId
lstrcatW
GetStartupInfoA
GetPriorityClass
GetConsoleMode
VirtualFreeEx
GetCurrentProcessId
GetConsoleCursorInfo
GetCompressedFileSizeW
GetCurrentDirectoryA
GetSystemDefaultLCID
EnumSystemGeoID
GetLogicalDrives
FindActCtxSectionGuid
GetProcAddress
VerifyScripts
FindResourceExA
IsValidLanguageGroup
GetFileSizeEx
QueryIdleProcessorCycleTime
FindFirstFileA
FindFirstFileExA
GetCommTimeouts
GetSystemTimeAsFileTime
FindNextFileA
GetDateFormatA
GetSystemDirectoryA
GetStringTypeW
GetModuleHandleW
EscapeCommFunction
GetDiskFreeSpaceExA
GlobalHandle
FindNextVolumeMountPointW
LocalHandle
GetSystemWindowsDirectoryW
GetCurrencyFormatW
GetErrorInfo
FindExecutableW
ExtractAssociatedIconW
GetScrollPos
DestroyMenu
ExcludeUpdateRgn
IsWindowUnicode
GetClipboardViewer
MessageBoxW
MessageBoxIndirectA
LoadImageA
GetCursor
LookupIconIdFromDirectoryEx
DialogBoxParamA
LoadKeyboardLayoutA
GetSysColor
GetMenuBarInfo
InsertMenuItemA
GetCursorPos
GetRawInputDeviceInfoW
DrawIconEx
GetWindowPlacement
InsertMenuA
LoadIconA
GetMenuStringA
GetUpdateRgn
CreateIconFromResource
GetDialogBaseUnits
GetClassNameA
GetFileVersionInfoA
FindNextUrlCacheEntryW
FindNextPrinterChangeNotification
DeletePrinterDriverExW
GetPrinterDataExW
shutdown
strncmp
localeconv
fseek
system
vfwprintf
fputwc
toupper
towupper
strcmp
GetRunningObjectTable
GetConvertStg
FaultInIEFeature
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.81.1117.0

LanguageCode
Neutral

FileFlagsMask
0x0003

FileDescription
Microsoft Data Access - OLE DB Error Collection Stub

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x2fdb

OriginalFileName
msdaer.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
2.81.1117.0 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2019:01:12 19:19:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msdaer.dll

ProductVersion
2.81.1117.0

SubsystemVersion
4.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
28672

ProductName
Microsoft Data Access Components

ProductVersionNumber
2.81.1117.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9a3bbf234aa86ce307cf4845c25f4325
SHA1 ba9551b733bab1488224762cb9d542c4e38c0e4f
SHA256 b4b9ac2e9d5cf9d604a46763fa89c5d5cb67498657f5fce928be2ecd00df3b65
ssdeep
3072:el56AkmMX7iKcDI+vy2eZ7hfEd3pPluVCfhayrfPSmMCI:K0X3RYOBo8aDrf

authentihash 647a41783bab3475d92f3c6124493eaa29b9a16685e570c95eb9f218c0492ba9
imphash a656f042e5b613db5592f008c967cd3d
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-12 11:02:44 UTC ( 1 month, 1 week ago )
Last submission 2019-01-12 11:50:30 UTC ( 1 month, 1 week ago )
File names hKpSZ72BVF.exe
E4A20955.exe
msdaer.dll
5ADB6A45.exe
CF8GN.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!