× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb7f35ab9dd5f0497f7b5616a071ca584fa8069dba1ead56c27da284a5b5b756
File name: emotet_e2_bb7f35ab9dd5f0497f7b5616a071ca584fa8069dba1ead56c27da28...
Detection ratio: 22 / 71
Analysis date: 2019-01-22 01:12:58 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Avast Win32:MdeClass 20190121
CAT-QuickHeal Trojan.Emotet.X4 20190121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.8aa968 20190109
Cylance Unsafe 20190122
eGambit Unsafe.AI_Score_99% 20190122
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20190121
Kaspersky UDS:DangerousObject.Multi.Generic 20190121
McAfee Emotet-FLL!449E127B5A76 20190121
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20190121
Microsoft Trojan:Win32/Emotet.AC!bit 20190122
Palo Alto Networks (Known Signatures) generic.ml 20190122
Qihoo-360 HEUR/QVM19.1.B4AD.Malware.Gen 20190122
Rising Trojan.Kryptik!8.8/N3#95% (RDM+:cmRtazpLuUqhhdpqqMGO7HTImxZc) 20190122
SentinelOne (Static ML) static engine - malicious 20190118
Symantec ML.Attribute.HighConfidence 20190121
Trapmine malicious.high.ml.score 20190103
Webroot W32.Trojan.Emotet 20190122
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190122
Ad-Aware 20190122
AegisLab 20190122
AhnLab-V3 20190121
Alibaba 20180921
ALYac 20190122
Antiy-AVL 20190122
Arcabit 20190121
Avast-Mobile 20190121
AVG 20190121
Avira (no cloud) 20190121
Babable 20180918
Baidu 20190121
BitDefender 20190121
Bkav 20190121
ClamAV 20190121
CMC 20190121
Comodo 20190121
Cyren 20190121
DrWeb 20190121
Emsisoft 20190121
ESET-NOD32 20190122
F-Prot 20190121
F-Secure 20190122
Fortinet 20190121
GData 20190121
Ikarus 20190121
Jiangmin 20190121
K7AntiVirus 20190121
Kingsoft 20190122
Malwarebytes 20190122
MAX 20190122
eScan 20190121
NANO-Antivirus 20190121
Panda 20190121
Sophos AV 20190121
SUPERAntiSpyware 20190116
TACHYON 20190122
Tencent 20190122
TheHacker 20190118
TotalDefense 20190121
TrendMicro 20190121
TrendMicro-HouseCall 20190121
Trustlook 20190122
VBA32 20190121
VIPRE 20190121
ViRobot 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights rese

Product America Online
Internal name TSChann
File version 6.1.76
Description Task S
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-22 08:21:57
Entry Point 0x0001BE14
Number of sections 4
PE sections
PE imports
CryptDestroyKey
LookupPrivilegeNameW
InitiateSystemShutdownA
GetServiceDisplayNameW
GetSidIdentifierAuthority
LogonUserA
QueryUsersOnEncryptedFile
GetClusterFromResource
JetTerm2
GetLogColorSpaceA
StrokePath
CreateCompatibleBitmap
GetCurrentPositionEx
GetSystemWindowsDirectoryA
GetOverlappedResult
DeactivateActCtx
GetTapeStatus
GetThreadLocale
FlushFileBuffers
GetShortPathNameA
GetVolumePathNamesForVolumeNameW
GetAtomNameA
GetVolumeInformationA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetLocalTime
GetLogicalDrives
GetTapePosition
GetPrivateProfileIntW
GetSystemPowerStatus
EnumResourceTypesA
MapViewOfFile
GetModuleHandleA
GetExitCodeThread
GlobalAddAtomA
FindResourceExW
IsValidLocale
GetPrivateProfileSectionW
LocalFree
IsWow64Process
GetTimeZoneInformation
GetConsoleMode
GetFileType
LocalUnlock
FlsGetValue
LoadTypeLib
GetRecordInfoFromGuids
SystemTimeToVariantTime
RasGetEapUserIdentityA
RpcRaiseException
ExtractIconA
HashData
FindWindowW
PhysicalToLogicalPoint
FlashWindowEx
DeferWindowPos
GetDialogBaseUnits
LookupIconIdFromDirectoryEx
GetWindowRgn
LockWorkStation
GetLastActivePopup
IsWindowVisible
DrawMenuBar
DrawTextW
LoadAcceleratorsA
GetPriorityClipboardFormat
ChangeMenuA
GetMenuItemCount
GetMenuState
CreateIconFromResource
ExcludeUpdateRgn
GetWindowLongW
CharNextW
GetMenuContextHelpId
GetFileVersionInfoSizeW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
mmioSendMessage
DeletePortW
shutdown
getservbyname
fputws
fgetws
MkParseDisplayName
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:22 09:21:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
124928

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x1be14

InitializedDataSize
118784

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 449e127b5a76c91f6dd2e868953ae6ed
SHA1 26541648aa9680ea3f252d5c68a412f0444d8d97
SHA256 bb7f35ab9dd5f0497f7b5616a071ca584fa8069dba1ead56c27da284a5b5b756
ssdeep
3072:rqI4/chR9f1mW4ELx4QYPc0fcOmoecM18ekh4D7se9XK80qO:rqIPh/dL4EN4QYPc6cToe

authentihash cc794d6a71f89988af6a129c1a9ae7265677e032e402ffbfde5527c5d5972468
imphash 1ab18cbe58070a6f13bb08e6dd0e2754
File size 229.0 KB ( 234496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Microsoft Visual C++ compiled executable (generic) (46.2%)
Win32 Dynamic Link Library (generic) (18.4%)
Win32 Executable (generic) (12.6%)
Win16/32 Executable Delphi generic (5.8%)
OS/2 Executable (generic) (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-22 00:25:43 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-22 01:12:58 UTC ( 1 month, 3 weeks ago )
File names 59.exe
CjdKxeXkeYcEMs1_arBg5.exe
eT.exe
GjJt8MzODjPBD_0Lm.exe
WyvePpyk_i7FZ.exe
HYFGUFQbEMi.exe
ZXysYJbff854mg.exe
PUbIcKdI0_iSU4fo.exe
hsbR7.exe
TSChann
zjFiwee_2700SN.exe
C7ZXpDNfj3dLny.exe
N8sKijxiq.exe
OyZu23x1_HvStYA.exe
S2m5rgvCp.exe
pegXVKCKgOf.exe
emotet_e2_bb7f35ab9dd5f0497f7b5616a071ca584fa8069dba1ead56c27da284a5b5b756_2019-01-22__002502.exe_
ENNcH4Vv_DZIkg2DPJ.exe
0q3HEICQP9OA.exe
mg8BEyamb5Y_h2FMi.exe
wKjaEENZm_ekp8D0.exe
Tu4RMLCG_oxa2E7g.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!