× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bed8df4a2f0daf63ac8a19f7993a96185b779b52362f75cf840929354d038f75
File name: bed8df4a2f0daf63ac8a19f7993a96185b779b52362f75cf840929354d038f75
Detection ratio: 15 / 68
Analysis date: 2018-09-28 13:28:35 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180927
Avira (no cloud) TR/Crypt.EPACK.Gen2 20180928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180928
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180928
McAfee Emotet-FJG!62F1859ACECB 20180928
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180928
Microsoft Trojan:Win32/Emotet.AC!bit 20180928
Qihoo-360 HEUR/QVM20.1.2B4F.Malware.Gen 20180928
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgOjYHGht61ixA) 20180928
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/EncPk-ANX 20180928
Symantec ML.Attribute.HighConfidence 20180928
Ad-Aware 20180928
AegisLab 20180928
AhnLab-V3 20180928
Alibaba 20180921
Antiy-AVL 20180928
Arcabit 20180928
Avast 20180927
Avast-Mobile 20180927
AVware 20180925
Babable 20180918
Baidu 20180928
BitDefender 20180928
Bkav 20180928
CAT-QuickHeal 20180928
ClamAV 20180928
CMC 20180928
Comodo 20180928
Cybereason 20180225
Cyren 20180928
DrWeb 20180928
eGambit 20180928
Emsisoft 20180928
ESET-NOD32 20180928
F-Prot 20180928
F-Secure 20180928
Fortinet 20180928
GData 20180928
Ikarus 20180928
Jiangmin 20180928
K7AntiVirus 20180928
Kaspersky 20180928
Kingsoft 20180928
Malwarebytes 20180928
MAX 20180928
eScan 20180928
NANO-Antivirus 20180928
Palo Alto Networks (Known Signatures) 20180928
Panda 20180928
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180928
Tencent 20180928
TheHacker 20180927
TotalDefense 20180925
TrendMicro 20180928
TrendMicro-HouseCall 20180928
Trustlook 20180928
VBA32 20180928
VIPRE 20180928
ViRobot 20180928
Webroot 20180928
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-28 20:17:27
Entry Point 0x00003A90
Number of sections 5
PE sections
PE imports
LogonUserA
LookupPrivilegeNameA
GetFileTitleA
GetClipRgn
GetSystemPaletteUse
GetCharWidth32A
GetTextAlign
GetPixel
GetDriveTypeA
GetPriorityClass
GetSystemTimeAsFileTime
GetCPInfo
lstrcmpiA
FormatMessageA
VirtualUnlock
GetDefaultCommConfigW
GetNamedPipeServerProcessId
GetCurrentConsoleFont
GlobalFlags
GetVolumeInformationW
FindNextVolumeMountPointW
ExitProcess
GetStartupInfoW
IsProcessorFeaturePresent
FindActCtxSectionStringW
LoadTypeLibEx
GetClassInfoExW
GetMenu
GetPropW
LoadMenuA
DeferWindowPos
GetClientRect
ChildWindowFromPoint
GetShellWindow
GetThreadDesktop
GetKeyState
GetPrinterDriverDirectoryW
SCardGetProviderIdA
GetStandardColorSpaceProfileW
GetColorProfileHeader
strcspn
fgetwc
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:28 13:17:27-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
155648

LinkerVersion
16.1

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3a90

InitializedDataSize
49152

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 62f1859acecb29cf5f5a28bfedb91ef2
SHA1 2a5b2e12f917dd36fe880ad9c076f3c18be09487
SHA256 bed8df4a2f0daf63ac8a19f7993a96185b779b52362f75cf840929354d038f75
ssdeep
3072:r37BKuKPtu9ksOc6HxYWekVqCWCk/im/I:r3MffNR5VICK/I

authentihash b10b80b1426aa314396fd75fca4b58cd3bf3a38ef355f0185129f24faabcbaae
imphash 4db7ab3dad83d46309ec47a7f16cb98e
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-28 13:28:35 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-16 18:57:20 UTC ( 3 months ago )
File names 599.exe
1WOGRIWL7.EXE
15788488.EXE
06137338.exe
loadalayout.exe
493131.exe
nZAM.exe
5195.exe
wyLw3SCTw0.exe
2840.exe
PRURVOZCR9WKVT3.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!