× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb434f1204f53ebc3d7d1fc5ea11a845e4b1882954d24ff7fa6dc8114ddf98ce
File name: GCFtw6kV.exe
Detection ratio: 45 / 67
Analysis date: 2018-11-06 08:19:09 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.418350 20181106
AegisLab Trojan.Win32.Emotet.4!c 20181106
AhnLab-V3 Trojan/Win32.Emotet.R242031 20181106
ALYac Gen:Variant.Razy.418350 20181106
Antiy-AVL Trojan/Win32.Fuery 20181106
Arcabit Trojan.Razy.D6622E 20181106
Avast Win32:BankerX-gen [Trj] 20181106
AVG Win32:BankerX-gen [Trj] 20181106
BitDefender Gen:Variant.Razy.418350 20181106
Bkav HW32.Packed. 20181102
CAT-QuickHeal Trojan.IGENERIC 20181105
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.4110b3 20180225
Cylance Unsafe 20181106
Cyren W32/Trojan.YNPF-8068 20181106
Emsisoft Gen:Variant.Razy.418350 (B) 20181106
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GMEC 20181106
F-Secure Gen:Variant.Razy.418350 20181106
Fortinet W32/GenKryptik.CPMT!tr 20181106
GData Gen:Variant.Razy.418350 20181106
Ikarus Trojan.Win32.Crypt 20181105
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181106
K7GW Riskware ( 0040eff71 ) 20181106
Kaspersky Trojan-Banker.Win32.Emotet.blkh 20181106
Malwarebytes Trojan.Emotet 20181106
MAX malware (ai score=100) 20181106
McAfee RDN/Generic.grp 20181106
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181106
Microsoft Trojan:Win32/Emotet.AC!bit 20181106
eScan Gen:Variant.Razy.418350 20181106
Palo Alto Networks (Known Signatures) generic.ml 20181106
Panda Trj/Emotet.C 20181105
Qihoo-360 Win32/Trojan.772 20181106
Rising Trojan.Fuery!8.EAFB (CLOUD) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181106
Symantec Trojan.Emotet 20181106
Tencent Win32.Trojan-banker.Emotet.Wrqp 20181106
TrendMicro TROJ_GEN.R062C0CK218 20181106
TrendMicro-HouseCall TROJ_GEN.R062C0CK218 20181106
ViRobot Trojan.Win32.Z.Emotet.131072.BD 20181106
Webroot W32.Trojan.Emotet 20181106
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.blkh 20181106
Alibaba 20180921
Avast-Mobile 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
ClamAV 20181106
CMC 20181106
DrWeb 20181106
eGambit 20181106
F-Prot 20181106
Jiangmin 20181106
Kingsoft 20181106
NANO-Antivirus 20181106
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
TheHacker 20181104
TotalDefense 20181106
Trustlook 20181106
VBA32 20181106
Yandex 20181102
Zillya 20181105
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All r

Product LegDllView
Original name LegDllView.exe
Internal name MSJTER40.
File version 4.0
Description LegDllView
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-27 17:30:04
Entry Point 0x00002FA0
Number of sections 6
PE sections
PE imports
InitializeCriticalSectionAndSpinCount
SetFileCompletionNotificationModes
WideCharToMultiByte
GetProcessShutdownParameters
HeapUnlock
GetCommandLineW
GetFileType
LockFile
GetConsoleHistoryInfo
CloseHandle
SafeArrayCopy
GetMenu
TrackPopupMenu
GetQueueStatus
IsGUIThread
EnableScrollBar
GetWindowContextHelpId
Number of PE resources by type
RT_STRING 4
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
0

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LegDllView

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x2fa0

OriginalFileName
LegDllView.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All r

FileVersion
4.0

TimeStamp
2013:07:27 19:30:04+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSJTER40.

ProductVersion
6.1

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micros

CodeSize
12288

ProductName
LegDllView

ProductVersionNumber
1.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 68d38474110b3ac50400ff31d73d883f
SHA1 f39ee41a18310e3e142744892b1a8b42eb85aed3
SHA256 bb434f1204f53ebc3d7d1fc5ea11a845e4b1882954d24ff7fa6dc8114ddf98ce
ssdeep
3072:SQNu5BQpS8+QjjijF6/ufpZjAdFYdxaJQuw3Cm21:SUOBKNd/eMFCxaJg

authentihash c07809df9d4ed7eae56f58779f16f01e9c71ffda89c0cde6282596d8a61af49f
imphash 5000c9432cef81ed40ad603b63edcdf5
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-30 11:33:09 UTC ( 3 months, 2 weeks ago )
Last submission 2018-10-30 11:33:09 UTC ( 3 months, 2 weeks ago )
File names LegDllView.exe
GCFtw6kV.exe
MSJTER40.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!