× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5575c456dcdf0ad5aa911f72efafa176063612b4ede00a47f58ea16b0eb79a5
File name: b5575c456dcdf0ad5aa911f72efafa176063612b4ede00a47f58ea16b0eb79a5
Detection ratio: 44 / 69
Analysis date: 2018-12-17 07:20:09 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31416207 20181217
AegisLab Trojan.Win32.Emotet.4!c 20181214
ALYac Trojan.GenericKD.31416207 20181217
Arcabit Trojan.Generic.D1DF5F8F 20181217
Avast Win32:BankerX-gen [Trj] 20181216
AVG Win32:BankerX-gen [Trj] 20181217
Avira (no cloud) TR/AD.Emotet.xxjue 20181216
BitDefender Trojan.GenericKD.31416207 20181217
CAT-QuickHeal Trojan.Emotet.X4 20181216
Comodo Malware@#3653omp4vi5tj 20181217
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181217
Cyren W32/Trojan.PBZD-0882 20181217
Emsisoft Trojan.GenericKD.31416207 (B) 20181217
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNVA 20181217
F-Prot W32/Emotet.KU.gen!Eldorado 20181217
F-Secure Trojan.GenericKD.31416207 20181217
Fortinet W32/GenKryptik.CUAE!tr 20181217
GData Trojan.GenericKD.31416207 20181217
Ikarus Trojan.Win32.Krypt 20181216
Sophos ML heuristic 20181128
K7GW Trojan ( 00543b931 ) 20181217
Kaspersky Trojan-Banker.Win32.Emotet.bvcn 20181217
Malwarebytes Trojan.Emotet 20181216
MAX malware (ai score=100) 20181217
McAfee RDN/Generic.grp 20181217
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181217
Microsoft Trojan:Win32/Emotet 20181216
eScan Trojan.GenericKD.31416207 20181217
Palo Alto Networks (Known Signatures) generic.ml 20181217
Panda Trj/RnkBend.A 20181216
Qihoo-360 HEUR/QVM20.1.D8CD.Malware.Gen 20181217
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181216
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/Emotet-ARB 20181216
Symantec Trojan.Emotet 20181216
Tencent Win32.Trojan-banker.Emotet.Agkk 20181217
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABADAH 20181216
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABADAH 20181217
VBA32 BScope.Trojan.Refinka 20181214
Webroot W32.Trojan.Gen 20181217
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvcn 20181217
AhnLab-V3 20181216
Alibaba 20180921
Antiy-AVL 20181217
Avast-Mobile 20181216
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181217
CMC 20181216
Cybereason 20180225
DrWeb 20181217
eGambit 20181217
Jiangmin 20181217
K7AntiVirus 20181217
Kingsoft 20181217
NANO-Antivirus 20181217
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181214
TheHacker 20181216
TotalDefense 20181216
Trustlook 20181217
ViRobot 20181217
Yandex 20181214
Zillya 20181215
Zoner 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corpor

Product Micro
Internal name DDODiag
File version 6.1.7600.16
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-14 06:10:31
Entry Point 0x000074AA
Number of sections 5
PE sections
PE imports
SetSecurityAccessMask
RegUnLoadKeyW
CertDuplicateCTLContext
GetCharacterPlacementA
GetTempFileNameW
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetPriorityClass
FileTimeToLocalFileTime
GetEnvironmentStrings
SetThreadPriority
LockResource
DisableThreadLibraryCalls
SetConsoleCursorPosition
GetSystemDirectoryA
GetModuleHandleW
MprInfoBlockAdd
MprConfigGetGuidName
PathMakePrettyW
EndDialog
ShutdownBlockReasonDestroy
RegisterDeviceNotificationA
DestroyWindow
GetPrinterDriverDirectoryW
WSACleanup
WSACancelAsyncRequest
Ord(29)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
36864

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x74aa

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corpor

FileVersion
6.1.7600.16

TimeStamp
2018:12:14 07:10:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DDODiag

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpo

LegalTrademarks
Mozilla, Netscape

ProductName
Micro

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e1261da45912c0b739082b3b37be079b
SHA1 30a3a75ae25e24e9df170e76488f1ab58e85a3f0
SHA256 b5575c456dcdf0ad5aa911f72efafa176063612b4ede00a47f58ea16b0eb79a5
ssdeep
1536:u4bJbAveZaq4R0asHObDh3RGLZRXU4W3B3IjP5baFyXzXHxeDpACSazMteUmd/iq:5ttZaqDas+LTB3IjPiuTqA4IG/WouG

authentihash b7f080f66174abe3423eb8346159f5698b0d0dcb80eb5e84e26588a24990e009
imphash 2e6461229ae6eaedaea5d1358bcd5aad
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-13 22:15:25 UTC ( 2 months, 1 week ago )
Last submission 2018-12-20 09:00:35 UTC ( 2 months ago )
File names 46786944.EXE
437.exe
workshims.exe
HqGUDnbz.exe
archivearchive.exe
g8PMcXwupnU.exe
983.exe
DDODiag
392.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!