× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb83af66c37127503aeee91820e88344c20e43c527d475fc6bdae1033073d9e9
File name: 704a14135ba0175734c33eeab0b95748.virus
Detection ratio: 39 / 66
Analysis date: 2018-05-31 08:35:04 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30870665 20180531
AhnLab-V3 Trojan/Win32.Emotet.R228996 20180530
ALYac Trojan.GenericKD.30870665 20180531
Arcabit Trojan.Generic.D1D70C89 20180531
Avast Win32:Malware-gen 20180531
AVG Win32:Malware-gen 20180531
AVware Trojan.Win32.Generic!BT 20180531
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180531
BitDefender Trojan.GenericKD.30870665 20180531
Cylance Unsafe 20180531
Cyren W32/S-d0689060!Eldorado 20180531
DrWeb Trojan.EmotetENT.222 20180531
Emsisoft Trojan.GenericKD.30870665 (B) 20180531
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180531
F-Prot W32/S-d0689060!Eldorado 20180531
F-Secure Trojan.GenericKD.30870665 20180531
Fortinet W32/GenKryptik.BTIX!tr 20180531
GData Win32.Trojan-Spy.Emotet.QR 20180531
Ikarus Trojan.Win32.Crypt 20180531
Sophos ML heuristic 20180503
Kaspersky Trojan.Win32.Agent.qwgswx 20180531
Malwarebytes Spyware.PasswordStealer 20180531
MAX malware (ai score=84) 20180531
McAfee Emotet-FDM!704A14135BA0 20180530
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dm 20180531
Microsoft Trojan:Win32/Cloxer.D!cl 20180531
eScan Trojan.GenericKD.30870665 20180531
Palo Alto Networks (Known Signatures) generic.ml 20180531
Panda Trj/GdSda.A 20180530
Qihoo-360 HEUR/QVM20.1.8706.Malware.Gen 20180531
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180531
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180531
Symantec ML.Attribute.HighConfidence 20180531
TrendMicro TROJ_GEN.R004C0PEU18 20180531
TrendMicro-HouseCall TROJ_GEN.R004C0PEU18 20180531
VBA32 BScope.Trojan.Cloxer 20180530
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgswx 20180531
AegisLab 20180531
Alibaba 20180530
Antiy-AVL 20180531
Avast-Mobile 20180531
Avira (no cloud) 20180531
Babable 20180406
Bkav 20180530
CAT-QuickHeal 20180531
ClamAV 20180531
CMC 20180529
Comodo 20180531
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180531
Jiangmin 20180531
K7AntiVirus 20180530
K7GW 20180531
Kingsoft 20180531
NANO-Antivirus 20180531
nProtect 20180531
Rising 20180531
Symantec Mobile Insight 20180525
Tencent 20180531
TheHacker 20180531
TotalDefense 20180531
Trustlook 20180531
VIPRE 20180531
ViRobot 20180531
Webroot 20180531
Yandex 20180529
Zillya 20180530
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001FCC
Number of sections 4
PE sections
PE imports
GetUserNameA
CertGetCertificateChain
CertOpenSystemStoreA
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
SHCopyKeyW
SHSetValueW
StrCpyNW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.164

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x1fcc

MIMEType
application/octet-stream

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 704a14135ba0175734c33eeab0b95748
SHA1 a53f14b1bb0c6bb6e933d554348f05f2fa786d5d
SHA256 bb83af66c37127503aeee91820e88344c20e43c527d475fc6bdae1033073d9e9
ssdeep
1536:zma8pRnam1WU28ThlnnIplv8Xb7D4sss9kiQPqKDGImb8SnsjLx:zmqm8U28TzIpp830s50LKLb8SuN

authentihash f2e42e557f92144e8b136ccd40c2faee9371ed823146e2fcdf2713a01aea7273
imphash 2eb03f294ac953141acb8a136b027482
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-31 08:35:04 UTC ( 8 months, 3 weeks ago )
Last submission 2018-07-03 08:00:49 UTC ( 7 months, 2 weeks ago )
File names 704a14135ba0175734c33eeab0b95748.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!