× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba847e6135348dcbeac61c0f4337a797a441b586461b929d6afbe3ab0775fd07
File name: 48d97c4e9d32fad41796fd7ae17cebc4.virus
Detection ratio: 45 / 68
Analysis date: 2018-08-14 12:47:42 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.366714 20180814
AhnLab-V3 Trojan/Win32.Emotet.R232382 20180814
ALYac Gen:Variant.Razy.366714 20180814
Arcabit Trojan.Razy.D5987A 20180814
Avast Win32:GenX 20180814
AVG Win32:GenX 20180814
AVware Trojan.Win32.Generic!BT 20180814
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180814
BitDefender Gen:Variant.Razy.366714 20180814
CAT-QuickHeal Trojan.Emotet.X4 20180814
Comodo UnclassifiedMalware 20180814
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.dc6caa 20180225
Cylance Unsafe 20180814
Cyren W32/S-356d7fdc!Eldorado 20180814
DrWeb Trojan.EmotetENT.262 20180814
Emsisoft Gen:Variant.Razy.366714 (B) 20180814
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJDJ 20180814
F-Prot W32/S-356d7fdc!Eldorado 20180814
F-Secure Gen:Variant.Razy.366714 20180814
Fortinet W32/Kryptik.GJEW!tr 20180814
GData Win32.Trojan-Spy.Emotet.SK 20180814
Ikarus Trojan-Banker.Emotet 20180814
Sophos ML heuristic 20180717
K7GW Riskware ( 0040eff71 ) 20180814
Kaspersky HEUR:Trojan.Win32.Generic 20180814
Malwarebytes Spyware.Emotet 20180814
MAX malware (ai score=82) 20180814
McAfee GenericRXGG-CE!48D97C4E9D32 20180814
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180814
Microsoft Trojan:Win32/Emotet.AC!bit 20180814
Panda Trj/Genetic.gen 20180814
Qihoo-360 HEUR/QVM20.1.2DDF.Malware.Gen 20180814
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgRBJmmvWaEV3w) 20180814
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180814
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180814
Symantec ML.Attribute.HighConfidence 20180814
Tencent Win32.Trojan.Generic.Pftp 20180814
TrendMicro TSPY_EMOTET.SMZD35 20180814
TrendMicro-HouseCall TSPY_EMOTET.SMZD35 20180814
VBA32 BScope.Trojan.Emotet 20180814
VIPRE Trojan.Win32.Generic!BT 20180814
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180814
AegisLab 20180814
Alibaba 20180713
Antiy-AVL 20180814
Avast-Mobile 20180814
Avira (no cloud) 20180814
Babable 20180725
Bkav 20180814
ClamAV 20180814
CMC 20180812
eGambit 20180814
Jiangmin 20180814
K7AntiVirus 20180814
Kingsoft 20180814
eScan 20180814
NANO-Antivirus 20180814
Palo Alto Networks (Known Signatures) 20180814
Symantec Mobile Insight 20180814
TACHYON 20180814
TheHacker 20180813
TotalDefense 20180814
Trustlook 20180814
ViRobot 20180814
Webroot 20180814
Yandex 20180814
Zillya 20180812
Zoner 20180813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-23 21:21:11
Entry Point 0x000015F7
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorControl
DeleteAce
SetThreadLocale
SetConsoleCP
AttachConsole
GetPriorityClass
GetStdHandle
GlobalDeleteAtom
ReOpenFile
GetFileTime
GetProcessIdOfThread
GetNumberOfConsoleMouseButtons
GetCommandLineA
SetConsoleScreenBufferSize
GetNamedPipeClientSessionId
PathGetCharTypeA
SetFocus
DdeFreeDataHandle
IsWindowUnicode
GetSystemMenu
DrawCaption
CoFileTimeNow
Number of PE resources by type
RT_STRING 16
RT_BITMAP 14
Number of PE resources by language
NEUTRAL 28
CHINESE TRADITIONAL 1
SPANISH 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:23 22:21:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9728

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15f7

InitializedDataSize
285696

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 48d97c4e9d32fad41796fd7ae17cebc4
SHA1 a79d0a8dc6caa36388263a988ad2fa6ac07118a6
SHA256 ba847e6135348dcbeac61c0f4337a797a441b586461b929d6afbe3ab0775fd07
ssdeep
6144:lNPJqzEgf9mRFfQkDrKzAzRrk6BaWVyF:jJIwXh1QF

authentihash eb6e7f04311e7bd8e05f3e836375b6fe96df45e6d9baaf6cb3fc8d78e686b2c8
imphash a277ad23bd8ca9fd2db202154a62c653
File size 285.5 KB ( 292352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-14 12:47:42 UTC ( 6 months, 1 week ago )
Last submission 2018-08-14 12:47:42 UTC ( 6 months, 1 week ago )
File names 48d97c4e9d32fad41796fd7ae17cebc4.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!