× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c05f956f5b40f32a33c0ee96e6da887b0f4b9fd911cc8ea1cdccfb0ffa29970f
File name: hXgnYa3YeR6Vp.exe
Detection ratio: 31 / 68
Analysis date: 2018-06-08 17:37:38 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180608
AhnLab-V3 Win-Trojan/Emotet.Exp 20180608
Avast Win32:Malware-gen 20180608
AVG Win32:Malware-gen 20180608
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180608
Comodo TrojWare.Win32.Dovs.MO 20180608
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cylance Unsafe 20180608
Cyren W32/Trojan.ZLOZ-1462 20180608
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHOH 20180608
F-Secure Trojan.GenericKD.30937769 20180608
Fortinet W32/Kryptik.GHOH!tr 20180608
GData Win32.Trojan-Spy.Emotet.RC 20180608
Ikarus Trojan-Banker.Emotet 20180608
K7GW Riskware ( 0040eff71 ) 20180608
Kaspersky Trojan-Banker.Win32.Emotet.aqzl 20180608
Malwarebytes Trojan.Emotet 20180608
MAX malware (ai score=89) 20180608
McAfee Emotet-FDM!6BECA908623C 20180608
McAfee-GW-Edition Artemis!Trojan 20180608
Microsoft Trojan:Win32/Cloxer.D!cl 20180608
eScan Trojan.GenericKD.30937769 20180608
Palo Alto Networks (Known Signatures) generic.ml 20180608
Panda Trj/Genetic.gen 20180608
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180608
Symantec ML.Attribute.HighConfidence 20180608
TrendMicro-HouseCall Suspicious_GEN.F47V0608 20180608
Webroot W32.Trojan.Emotet 20180608
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aqzl 20180608
Ad-Aware 20180608
Alibaba 20180608
ALYac 20180608
Antiy-AVL 20180608
Arcabit 20180608
Avast-Mobile 20180608
Avira (no cloud) 20180608
AVware 20180608
Babable 20180406
BitDefender 20180608
Bkav 20180608
CAT-QuickHeal 20180608
ClamAV 20180608
CMC 20180608
Cybereason 20180225
DrWeb 20180608
eGambit 20180608
Emsisoft 20180608
F-Prot 20180608
Sophos ML 20180601
Jiangmin 20180608
K7AntiVirus 20180608
Kingsoft 20180608
NANO-Antivirus 20180608
Qihoo-360 20180608
Rising 20180608
SUPERAntiSpyware 20180608
Symantec Mobile Insight 20180605
TACHYON 20180608
Tencent 20180608
TheHacker 20180608
TotalDefense 20180608
TrendMicro 20180608
Trustlook 20180608
VBA32 20180608
VIPRE 20180608
ViRobot 20180608
Yandex 20180529
Zillya 20180608
Zoner 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Realtek Semiconductor Corporation. All Right Reserved.

Product RTNicProp
Original name RTNicProp.dll
Internal name RTNicProp
File version 1, 2, 0, 6
Description About Page
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-08 04:20:35
Entry Point 0x0000100F
Number of sections 7
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
SetThreadAffinityMask
CreateConsoleScreenBuffer
CancelIo
acmDriverRemove
glPopAttrib
GetGUIThreadInfo
SCardGetStatusChangeW
Number of PE resources by type
RT_DIALOG 32
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
PORTUGUESE NEUTRAL 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
FRENCH NEUTRAL 1
CZECH DEFAULT 1
SPANISH NEUTRAL 1
DUTCH NEUTRAL 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
ITALIAN NEUTRAL 1
SWEDISH NEUTRAL 1
BULGARIAN DEFAULT 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
ARABIC NEUTRAL 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
CHINESE TRADITIONAL 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
SLOVENIAN DEFAULT 1
ROMANIAN 1
RUSSIAN 1
NORWEGIAN NEUTRAL 1
GERMAN NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
About Page

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x100f

OriginalFileName
RTNicProp.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Realtek Semiconductor Corporation. All Right Reserved.

FileVersion
1, 2, 0, 6

TimeStamp
2018:06:08 06:20:35+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
RTNicProp

ProductVersion
1, 2, 0, 6

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
0

ProductName
RTNicProp

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 6beca908623c280351a9c6d17fde1f24
SHA1 7bd0b05358fff916c2cc6906e6b230fde504de67
SHA256 c05f956f5b40f32a33c0ee96e6da887b0f4b9fd911cc8ea1cdccfb0ffa29970f
ssdeep
1536:tXbVx+bTlmbzpF7XXLwP2CGHSiz+C2xa+C9kEjbKcCKT:9bHmxSr7XMP2CASErgCCj+

authentihash 9464e6ccfb4866c8a7354ad3df55278f48b76d7e099bf1a9bbcd385051d25880
imphash 072c72b2e8bd237fd8ab7fcf81895003
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-08 04:23:50 UTC ( 8 months, 2 weeks ago )
Last submission 2018-06-08 04:23:50 UTC ( 8 months, 2 weeks ago )
File names RTNicProp
RTNicProp.dll
hXgnYa3YeR6Vp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs