× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9ecc7b8ca6863a1c5e52aeec7d6c30315633515dc7ec137599fb103b1f92913
File name: a052f4dfe95d7d8e30f6106acd560244
Detection ratio: 23 / 68
Analysis date: 2018-08-10 18:10:44 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Azden.R234061 20180810
Avast Win32:Trojan-gen 20180810
AVG Win32:Trojan-gen 20180810
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180810
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJSB 20180810
Fortinet W32/GenKryptik.CHRS!tr 20180810
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.baod 20180810
Malwarebytes Trojan.Emotet 20180810
McAfee Artemis!A052F4DFE95D 20180810
McAfee-GW-Edition Artemis 20180810
Microsoft Trojan:Win32/Emotet.AC!bit 20180810
Palo Alto Networks (Known Signatures) generic.ml 20180810
Qihoo-360 HEUR/QVM20.1.13D1.Malware.Gen 20180810
Rising Trojan.Cloxer!8.F54F (CLOUD) 20180810
Sophos AV Mal/Generic-S 20180810
Symantec ML.Attribute.HighConfidence 20180810
TrendMicro TSPY_EMOTET.THHAOAH 20180810
TrendMicro-HouseCall TSPY_EMOTET.THHAOAH 20180810
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.baod 20180810
Ad-Aware 20180810
AegisLab 20180810
Alibaba 20180713
ALYac 20180810
Antiy-AVL 20180810
Arcabit 20180810
Avast-Mobile 20180810
Avira (no cloud) 20180810
AVware 20180810
Babable 20180725
BitDefender 20180810
Bkav 20180810
CAT-QuickHeal 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
Cybereason 20180225
Cyren 20180810
DrWeb 20180810
eGambit 20180810
Emsisoft 20180810
F-Prot 20180810
F-Secure 20180810
GData 20180810
Ikarus 20180810
Jiangmin 20180810
K7AntiVirus 20180810
K7GW 20180810
Kingsoft 20180810
MAX 20180810
eScan 20180810
NANO-Antivirus 20180810
Panda 20180810
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
Tencent 20180810
TheHacker 20180807
TotalDefense 20180810
Trustlook 20180810
VBA32 20180810
VIPRE 20180810
ViRobot 20180810
Webroot 20180810
Yandex 20180810
Zillya 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name TimeDateMUICallba
Internal name TimeDateMUICal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-10 09:02:40
Entry Point 0x0000ADB7
Number of sections 5
PE sections
PE imports
SetEntriesInAclA
SetServiceObjectSecurity
RegDisablePredefinedCache
EncryptFileW
QueryUsersOnEncryptedFile
CM_Get_Parent
ClusterOpenEnum
CertGetCertificateChain
CryptEnumOIDFunction
GetDeviceCaps
CreatePalette
EndPage
DeleteIpForwardEntry
Process32NextW
CreateFileMappingW
SizeofResource
WaitNamedPipeW
GetThreadLocale
lstrcmpiA
GetCurrentProcessId
lstrcatA
GetWindowsDirectoryA
MulDiv
EnumSystemCodePagesA
GetCommandLineA
ReleaseActCtx
GetNativeSystemInfo
GetProcessHeap
MprAdminInterfaceGetInfo
NetFileEnum
SafeArrayDestroyDescriptor
SafeArrayGetUBound
glNormal3f
SetupPromptForDiskW
SetupGetFileQueueFlags
SetupGetSourceFileLocationW
StrCatChainW
ChrCmpIW
SetContextAttributesW
UnregisterClassW
EndDialog
InternetTimeFromSystemTimeW
InternetTimeFromSystemTimeA
mmioAscend
XcvDataW
CryptCATAdminEnumCatalogFromHash
bind
socket
Ord(30)
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
203264

EntryPoint
0xadb7

OriginalFileName
TimeDateMUICallba

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2018:08:10 10:02:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TimeDateMUICal

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
169984

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a052f4dfe95d7d8e30f6106acd560244
SHA1 f23d4d4070a90131e8cde15b934f3804d1caf391
SHA256 b9ecc7b8ca6863a1c5e52aeec7d6c30315633515dc7ec137599fb103b1f92913
ssdeep
6144:kOWUFWmUbpZ3I1ejXZsqTcgV745+LHyVsB56Ft:kODW5b48jXWqTcOi+Lv5Ot

authentihash 1913770330a4cd3b1c86815dcc54f4e8fa6b75636320af121b855135d39c79e7
imphash 5b43f1e0f4afbb21f4b04d00b5af380e
File size 360.5 KB ( 369152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-10 15:06:32 UTC ( 6 months, 2 weeks ago )
Last submission 2018-08-10 15:06:32 UTC ( 6 months, 2 weeks ago )
File names TimeDateMUICallba
TimeDateMUICal
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs