× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bec9b97be9a0c07e665fa1f35ab87a03bc7faec63e123f9f29705c0c4a932e5f
File name: UYuUKn.exe
Detection ratio: 36 / 67
Analysis date: 2018-10-05 11:17:09 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40560942 20181005
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181005
Arcabit Trojan.Generic.D26AE92E 20181005
Avast Win32:Malware-gen 20181005
AVG Win32:Malware-gen 20181005
BitDefender Trojan.GenericKD.40560942 20181005
Bkav HW32.Packed. 20181005
CAT-QuickHeal Trojan.Emotet.X4 20181005
ClamAV Win.Trojan.Emotet-6699550-0 20181005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.07f2ae 20180225
Cylance Unsafe 20181005
Emsisoft Trojan.GenericKD.40560942 (B) 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNAO 20181005
F-Secure Trojan.GenericKD.40560942 20181005
Fortinet W32/GenKryptik.CNAO!tr 20181005
GData Win32.Trojan-Spy.Emotet.ZBYN97 20181005
Ikarus Trojan.Win32.Krypt 20181005
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181005
Kaspersky Trojan-Banker.Win32.Emotet.bgij 20181005
Malwarebytes Trojan.Emotet 20181005
McAfee Emotet-FHK!06A22C707F2A 20181005
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181005
Microsoft Trojan:Win32/Emotet!rfn 20181005
eScan Trojan.GenericKD.40560942 20181005
Palo Alto Networks (Known Signatures) generic.ml 20181005
Panda Trj/GdSda.A 20181004
Qihoo-360 Win32/Trojan.88c 20181005
Rising Trojan.Emotet!8.B95 (CLOUD) 20181005
Sophos AV Mal/EncPk-ANX 20181005
Symantec Trojan.Emotet 20181005
TACHYON Trojan/W32.Agent.135168.CTB 20181005
Webroot W32.Trojan.Emotet 20181005
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bgij 20181005
AegisLab 20181005
Alibaba 20180921
Antiy-AVL 20181005
Avast-Mobile 20181005
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
CMC 20181005
Comodo 20181005
Cyren 20181005
DrWeb 20181005
eGambit 20181005
F-Prot 20181005
Jiangmin 20181005
K7GW 20181003
Kingsoft 20181005
MAX 20181005
NANO-Antivirus 20181005
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181005
Symantec Mobile Insight 20181001
Tencent 20181005
TheHacker 20181001
TotalDefense 20181005
TrendMicro 20181005
TrendMicro-HouseCall 20181005
Trustlook 20181005
VBA32 20181005
ViRobot 20181005
Yandex 20181005
Zillya 20181003
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-03 18:47:33
Entry Point 0x000015E1
Number of sections 7
PE sections
PE imports
RegCloseKey
QueryServiceObjectSecurity
GetNodeClusterState
CertDuplicateCTLContext
CertAddEncodedCertificateToStore
SetGraphicsMode
GetCurrentObject
CreateICA
Polygon
SetLayout
GetEnhMetaFileHeader
GetViewportExtEx
GdiSetBatchLimit
GetPixel
Ellipse
GetTextFaceA
GetTickCount64
GetCommandLineA
WriteProfileSectionA
InitializeCriticalSectionAndSpinCount
LockFileEx
GetTimeZoneInformation
SetSystemFileCacheSize
LocalAlloc
lstrlenA
GetConsoleCursorInfo
DefineDosDeviceA
GlobalMemoryStatusEx
SetProcessAffinityMask
SetThreadExecutionState
MprAdminInterfaceDelete
VariantCopyInd
VarBstrFromDate
GetCurrentPowerPolicies
RasGetErrorStringA
RasGetSubEntryPropertiesA
RasSetSubEntryPropertiesW
IUnknown_Release_Proxy
SetupDiGetClassInstallParamsA
SetupDecompressOrCopyFileW
PathCanonicalizeW
PathIsPrefixA
StrCpyNW
InitializeSecurityContextW
GetWindowThreadProcessId
IsWindow
OemToCharA
GetLastActivePopup
ChangeMenuA
SetMenu
GetSysColorBrush
CascadeWindows
PhysicalToLogicalPoint
GetDlgItem
IsCharLowerW
InvalidateRect
GetInputState
MessageBoxIndirectW
waveInGetDevCapsW
GetPrinterDriverDirectoryA
CryptCATGetCatAttrInfo
ntohs
socket
OpenColorProfileW
isspace
CoDosDateTimeToFileTime
OleCreateMenuDescriptor
StgIsStorageFile
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:03 20:47:33+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15e1

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 06a22c707f2ae84b942719be8886deec
SHA1 4b6b7f32b8dc1febd81f159c10e59fe422eac4cc
SHA256 bec9b97be9a0c07e665fa1f35ab87a03bc7faec63e123f9f29705c0c4a932e5f
ssdeep
3072:wuTD4awr5x2JjTe6idaWg/QcxIIq+a7iAp1tR7rLR42:T4awFxQibcQXV+aT1

authentihash 0003ad4f0fa4a32f4f075b1bafe7db9e7bd16d557f30c2ce26eb32a623b79d26
imphash b31633f0e33ead5e4b708691b07daa61
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-03 18:49:16 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-03 18:49:16 UTC ( 4 months, 2 weeks ago )
File names UYuUKn.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!