× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b55679f1e6cf71216cfd0b04b20bbd9a67478508c5e5da34cd1449729fa95acc
File name: 13900945ce9b481322107b4315777209
Detection ratio: 31 / 68
Analysis date: 2018-08-22 11:26:40 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.381246 20180822
ALYac Gen:Variant.Razy.381246 20180822
Arcabit Trojan.Razy.D5D13E 20180822
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20180820
BitDefender Gen:Variant.Razy.381246 20180822
CAT-QuickHeal Trojan.Emotet.X4 20180821
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5ce9b4 20180225
Cylance Unsafe 20180822
Emsisoft Gen:Variant.Razy.381246 (B) 20180822
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKAF 20180822
Fortinet W32/Emotet.BBDG!tr 20180822
GData Gen:Variant.Razy.381246 20180822
Sophos ML heuristic 20180717
K7GW Trojan ( 700001211 ) 20180822
Kaspersky Trojan-Banker.Win32.Emotet.bbdg 20180822
Malwarebytes Trojan.Emotet 20180822
MAX malware (ai score=89) 20180822
McAfee-GW-Edition BehavesLike.Win32.Generic.fm 20180822
Microsoft Trojan:Win32/Emotet.AC!bit 20180822
Panda Trj/Emotet.A 20180820
Qihoo-360 HEUR/QVM20.1.51B1.Malware.Gen 20180822
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20180822
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180822
Symantec Trojan.Gen.2 20180822
TrendMicro TSPY_EMOTET.TTIBBKN 20180822
TrendMicro-HouseCall TSPY_EMOTET.TTIBBKN 20180822
VBA32 BScope.Trojan.Emotet 20180822
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bbdg 20180822
AegisLab 20180822
AhnLab-V3 20180822
Alibaba 20180713
Antiy-AVL 20180822
Avast 20180822
Avast-Mobile 20180822
AVG 20180822
Avira (no cloud) 20180822
AVware 20180822
Babable 20180822
Bkav 20180822
ClamAV 20180821
CMC 20180822
Comodo 20180822
Cyren 20180822
DrWeb 20180822
eGambit 20180822
F-Prot 20180822
F-Secure 20180822
Ikarus 20180822
Jiangmin 20180822
K7AntiVirus 20180822
Kingsoft 20180822
McAfee 20180822
eScan 20180822
NANO-Antivirus 20180822
Palo Alto Networks (Known Signatures) 20180822
SUPERAntiSpyware 20180822
Symantec Mobile Insight 20180822
TACHYON 20180822
Tencent 20180822
TheHacker 20180821
TotalDefense 20180822
Trustlook 20180822
VIPRE 20180822
ViRobot 20180822
Webroot 20180822
Yandex 20180822
Zillya 20180822
Zoner 20180822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-20 18:45:29
Entry Point 0x0000BE9C
Number of sections 4
PE sections
PE imports
QueryUsersOnEncryptedFile
JetCloseTable
DPtoLP
Polygon
GetPolyFillMode
GetThreadId
ReleaseActCtx
GetProcessHeap
GetModuleHandleA
GetTimeZoneInformation
NetApiBufferAllocate
I_RpcSendReceive
RpcMgmtEpEltInqBegin
PathGetCharTypeA
PathQuoteSpacesW
SetFocus
GetWindowThreadProcessId
SetParent
DdePostAdvise
GetDlgItem
CloseClipboard
GetKeyboardType
midiStreamPosition
CoInternetGetSecurityUrl
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:20 19:45:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xbe9c

InitializedDataSize
299520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 13900945ce9b481322107b4315777209
SHA1 bd851340d04a0f5bb8f93cd791aeb3c559edc37a
SHA256 b55679f1e6cf71216cfd0b04b20bbd9a67478508c5e5da34cd1449729fa95acc
ssdeep
3072:m4TqjyLTyTKEArs0JQ5NMBOlOPPnNrQOGILqOI/GJ5bnoCp2asR5h3QJJr38BJGj:mmmTKEAvtPPN71LzI/GtMtJ3QJ58BJ

authentihash f5ace749464f101b74d1e4e481c3396dc4e549d015da2b64aaaf230cb58f4564
imphash 653ab08858c6c9e2b06730307057fea3
File size 337.5 KB ( 345600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-22 11:26:40 UTC ( 6 months ago )
Last submission 2018-08-22 11:26:40 UTC ( 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!