× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be008ff541f4d4b0ed182428c93274d8ca5ff84e61cd313b82360357e4f847a3
File name: output.114009804.txt
Detection ratio: 38 / 68
Analysis date: 2018-09-09 01:37:24 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31196712 20180908
AhnLab-V3 Trojan/Win32.Emotet.R236372 20180908
Arcabit Trojan.Generic.D1DC0628 20180908
Avast Win32:Malware-gen 20180908
AVG Win32:Malware-gen 20180908
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180906
BitDefender Trojan.GenericKD.31196712 20180908
Comodo UnclassifiedMalware 20180909
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20180909
Cyren W32/Trojan.DIME-3513 20180908
Emsisoft Trojan.Emotet (A) 20180908
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKPA 20180908
F-Secure Trojan.GenericKD.31196712 20180908
Fortinet W32/Emotet.BCVX!tr 20180908
GData Win32.Trojan-Spy.Emotet.TB 20180908
Ikarus Trojan.Win32.Crypt 20180908
Sophos ML heuristic 20180717
K7GW Riskware ( 0040eff71 ) 20180908
Kaspersky Trojan-Banker.Win32.Emotet.bcvx 20180908
Malwarebytes Trojan.Emotet 20180908
MAX malware (ai score=99) 20180909
McAfee Emotet-FHX!0DB4E5E07C8F 20180909
McAfee-GW-Edition Emotet-FHX!0DB4E5E07C8F 20180909
Microsoft Trojan:Win32/Emotet.AC!bit 20180908
eScan Trojan.GenericKD.31196712 20180909
Panda Trj/GdSda.A 20180908
Qihoo-360 HEUR/QVM20.1.B4DB.Malware.Gen 20180909
Rising Trojan.Emotet!8.B95 (CLOUD) 20180908
Sophos AV Mal/Generic-S 20180909
Symantec Trojan.Emotet 20180908
TACHYON Trojan/W32.Agent.311296.AKZ 20180909
TrendMicro TROJ_FRS.0NA103I818 20180908
TrendMicro-HouseCall TROJ_FRS.0NA103I818 20180908
ViRobot Trojan.Win32.Z.Highconfidence.311296.D 20180909
Webroot W32.Trojan.Emotet 20180909
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bcvx 20180908
AegisLab 20180908
Alibaba 20180713
ALYac 20180908
Antiy-AVL 20180906
Avast-Mobile 20180908
Avira (no cloud) 20180908
AVware 20180908
Babable 20180907
Bkav 20180906
CAT-QuickHeal 20180908
ClamAV 20180909
CMC 20180908
Cybereason 20180225
DrWeb 20180908
eGambit 20180909
F-Prot 20180908
Jiangmin 20180909
K7AntiVirus 20180908
Kingsoft 20180909
NANO-Antivirus 20180908
Palo Alto Networks (Known Signatures) 20180909
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
Tencent 20180909
TheHacker 20180907
TotalDefense 20180908
Trustlook 20180909
VBA32 20180907
VIPRE 20180908
Yandex 20180908
Zillya 20180908
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) America Online, Inc. 1999 - 2004

Product America Online
Internal name COOL
File version 9.00.001
Description Cool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-07 21:04:12
Entry Point 0x0001D4D4
Number of sections 5
PE sections
PE imports
CreateRestrictedToken
TreeResetNamedSecurityInfoW
RegDisablePredefinedCache
LookupPrivilegeValueW
SetSecurityDescriptorSacl
CryptImportPublicKeyInfo
JetCommitTransaction
GetTextExtentExPointA
CreateMetaFileA
GetPaletteEntries
CreateSolidBrush
GetEnhMetaFilePaletteEntries
EnumFontsA
ImmSetCompositionWindow
ImmSimulateHotKey
CallNamedPipeW
FindCloseChangeNotification
CreateSemaphoreA
GetBinaryTypeW
GetModuleHandleA
GetNamedPipeHandleStateA
OpenSemaphoreA
CopyFileA
GetSystemWow64DirectoryA
GetDefaultCommConfigA
GetBinaryTypeA
acmDriverEnum
ICCompressorFree
DsBindWithCredA
CreateTypeLib
SafeArrayLock
glMapGrid1f
RasSetCustomAuthDataW
I_RpcSessionStrictContextHandle
UuidToStringW
RpcBindingSetAuthInfoExA
SetupDiEnumDeviceInfo
SetupDiGetClassInstallParamsA
SetupDiBuildClassInfoListExW
SetupGetLineTextA
SetupQueueCopyIndirectW
StrToIntExW
SHCopyKeyW
QuerySecurityPackageInfoW
IsClipboardFormatAvailable
TranslateAcceleratorA
EndDialog
MonitorFromPoint
ModifyMenuA
TrackPopupMenuEx
FtpOpenFileA
PlaySoundW
EndDocPrinter
GetPrinterW
DocumentPropertiesW
WTHelperGetProvSignerFromChain
fprintf
CoGetObject
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Cool

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
90112

EntryPoint
0x1d4d4

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) America Online, Inc. 1999 - 2004

FileVersion
9.00.001

TimeStamp
2018:09:07 23:04:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
COOL

ProductVersion
9.00.001

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
America Online, Inc.

CodeSize
0

ProductName
America Online

ProductVersionNumber
9.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0db4e5e07c8fbdba2818f092edeb7ee1
SHA1 844cb30a5985b749aae6668eb24014b015889f25
SHA256 be008ff541f4d4b0ed182428c93274d8ca5ff84e61cd313b82360357e4f847a3
ssdeep
3072:GAigY5czpjp98SRN5a+9OIfikQMQ7ppSeTYJXrOl4YsgypH4xAg0eoRdNS7qg0Y1:sC1rXaHEiu3PJKhnyN4G3Rjc

authentihash 0c639599d2a7561916fbe98bdc4db82d66cf2e89b28772499bdd5093933e987a
imphash f2f2da5849ab99f3195cba3baa7cbdea
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-07 14:09:44 UTC ( 5 months, 1 week ago )
Last submission 2018-09-07 14:36:10 UTC ( 5 months, 1 week ago )
File names cloudrowset.exe
output.114009804.txt
552.exe
mEqaDtqBCE9ps4P.exe
3854068.exe
COOL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs