× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0e4d96edf5013225d42003f0eae80824a04fcda997d9a8fc2d0343f79f9abd5
File name: emotet_exe_e2_c0e4d96edf5013225d42003f0eae80824a04fcda997d9a8fc2d...
Detection ratio: 38 / 71
Analysis date: 2019-04-04 15:10:10 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190330
Ad-Aware Trojan.Agent.DTVK 20190404
AhnLab-V3 Trojan/Win32.Emotet.C3138930 20190404
Arcabit Trojan.Agent.DTVK 20190404
Avast Win32:BankerX-gen [Trj] 20190404
AVG Win32:BankerX-gen [Trj] 20190404
Avira (no cloud) TR/AD.Emotet.lzrah 20190404
BitDefender Trojan.Agent.DTVK 20190404
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.19a716 20190403
Cylance Unsafe 20190404
Cyren W32/Emotet.SI.gen!Eldorado 20190404
DrWeb Trojan.Emotet.667 20190404
eGambit Unsafe.AI_Score_92% 20190404
Emsisoft Trojan.Emotet (A) 20190404
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Injector.EELU 20190404
F-Prot W32/Emotet.SI.gen!Eldorado 20190404
FireEye Generic.mg.22db189539a86530 20190404
Fortinet W32/Generic.AP.290658!tr 20190404
GData Trojan.Agent.DTVK 20190404
Ikarus Trojan-Banker.Emotet 20190404
Sophos ML heuristic 20190313
Malwarebytes Trojan.Emotet 20190404
MAX malware (ai score=86) 20190404
McAfee Emotet-FMG!22DB189539A8 20190404
McAfee-GW-Edition Artemis 20190403
Microsoft Trojan:Win32/Fuerboos.C!cl 20190404
eScan Trojan.Agent.DTVK 20190404
Panda Trj/GdSda.A 20190404
Qihoo-360 HEUR/QVM20.1.4D1D.Malware.Gen 20190404
Rising Trojan.Injector!8.C4 (RDM+:cmRtazrcnd48sJC6DKb6Cz/G0uPK) 20190404
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190404
Symantec Packed.Generic.459 20190404
Trapmine malicious.high.ml.score 20190325
VBA32 BScope.Malware-Cryptor.Emotet 20190404
Webroot W32.Trojan.Emotet 20190404
AegisLab 20190404
Alibaba 20190402
ALYac 20190404
Antiy-AVL 20190404
Avast-Mobile 20190404
Babable 20180918
Baidu 20190318
Bkav 20190404
CAT-QuickHeal 20190404
ClamAV 20190404
CMC 20190321
Comodo 20190404
F-Secure 20190404
Jiangmin 20190404
K7AntiVirus 20190404
K7GW 20190404
Kaspersky 20190404
Kingsoft 20190404
NANO-Antivirus 20190404
Palo Alto Networks (Known Signatures) 20190404
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190325
TACHYON 20190404
Tencent 20190404
TheHacker 20190403
TotalDefense 20190404
TrendMicro 20190404
TrendMicro-HouseCall 20190404
Trustlook 20190404
ViRobot 20190404
Yandex 20190402
Zillya 20190403
ZoneAlarm by Check Point 20190404
Zoner 20190404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product WinPcap
File version 4.1.0.2001
Description WinPcap 4.1.2 ikstaller
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:07 AM 4/11/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-04 01:43:20
Entry Point 0x000011F0
Number of sections 4
PE sections
Overlays
MD5 6cce43b22684d7242a91102c4832aa5e
File type data
Offset 110080
Size 3336
Entropy 7.32
PE imports
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetComputerNameA
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapAlloc
SetFileTime
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
LoadLibraryExW
WideCharToMultiByte
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetTimeZoneInformation
WaitForSingleObject
GetSystemTimeAsFileTime
EnumResourceLanguagesA
SizeofResource
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
LoadResource
GetStringTypeExW
FindClose
HeapDestroy
FormatMessageA
GetFullPathNameW
GetStringTypeExA
OutputDebugStringA
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
GlobalFindAtomW
lstrlenW
OutputDebugStringW
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
GlobalHandle
lstrcmpiW
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
GetProfileIntA
CreateMutexA
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
UnlockFile
ExitThread
MoveFileExA
SetEnvironmentVariableA
FindAtomW
WriteConsoleA
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
MoveFileW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
OpenThread
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
AddAtomA
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
SetErrorMode
GetStartupInfoW
SetFileAttributesA
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
GetComputerNameW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
UnmapViewOfFile
FindFirstFileA
WTSGetActiveConsoleSessionId
lstrcpyA
CompareStringA
GetComputerNameExW
CreateFileMappingA
FindNextFileA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTempPathW
CreateEventW
CreateFileW
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
GlobalGetAtomNameA
InterlockedIncrement
GetLastError
LCMapStringW
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
RemoveDirectoryA
Process32NextW
VirtualFree
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCurrentDirectoryA
HeapSize
IsDebuggerPresent
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
TerminateProcess
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
OpenMutexW
GetVolumeInformationA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetFileAttributesExW
SetThreadPriority
SetStdHandle
GetLongPathNameW
CreateProcessA
TlsGetValue
ResetEvent
IsValidCodePage
HeapCreate
FindResourceW
VirtualQuery
CreateProcessW
GetLongPathNameA
Sleep
IsBadReadPtr
GetFileAttributesExA
IsBadCodePtr
SystemTimeToTzSpecificLocalTime
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
SetFocus
SetDlgItemTextA
GetForegroundWindow
DdeAccessData
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
GetScrollInfo
DdeDisconnect
DdeCreateStringHandleA
IsWindow
GrayStringW
DispatchMessageA
EndPaint
ScrollWindowEx
GetWindowLongA
MessageBoxA
DdeGetData
IntersectRect
PeekMessageA
DdeCreateStringHandleW
GetMessageTime
SendMessageW
SetActiveWindow
DispatchMessageW
DestroyCursor
GetCursorPos
DrawTextA
DdeInitializeA
GetDlgCtrlID
GetMenu
TranslateMessage
DefFrameProcA
UnregisterClassW
GetClientRect
DdeInitializeW
DrawTextW
SetScrollPos
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
TrackPopupMenu
GetActiveWindow
ShowCursor
OpenClipboard
GetWindowTextW
SetDlgItemTextW
EnumClipboardFormats
LockWindowUpdate
wsprintfA
GetWindowTextLengthW
LoadAcceleratorsW
GetMenuItemCount
GetMenuItemID
DestroyWindow
GetMessageA
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
ShowScrollBar
CheckRadioButton
GetMessageW
ShowWindow
SetPropW
GetMenuState
GetClipboardFormatNameA
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
CharUpperW
GetDlgItemTextA
DdeKeepStringHandle
GetClipboardFormatNameW
LoadIconW
SetClipboardViewer
SetParent
IsWindowEnabled
GetDlgItemTextW
GetDlgItemInt
SetClipboardData
GetMenuBarInfo
LoadStringA
DdeQueryConvInfo
RegisterClassW
ScrollWindow
GetWindowPlacement
LoadStringW
DdeConnect
WindowFromPoint
DrawMenuBar
EnableMenuItem
RegisterClassA
TrackPopupMenuEx
DrawFocusRect
GetDCEx
DdeClientTransaction
IsDialogMessageW
FillRect
CopyRect
DeferWindowPos
UnpackDDElParam
CreateWindowExW
ReleaseDC
GetWindowLongW
GetMenuStringW
IsChild
MapWindowPoints
RegisterWindowMessageW
ReleaseCapture
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
GetClipboardOwner
SetTimer
DefMDIChildProcA
GetClipboardData
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
DrawIcon
GetScrollRange
SetWindowLongW
LoadAcceleratorsA
SetWindowLongA
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
CheckDlgButton
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
SetWindowTextW
CreateWindowExA
DdeGetLastError
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
DefWindowProcA
LoadCursorA
LoadIconA
CountClipboardFormats
SetWindowsHookExA
DdeFreeStringHandle
IsDlgButtonChecked
GetSysColorBrush
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
GetMenuItemInfoW
EmptyClipboard
DdeUnaccessData
DrawTextExW
EndDialog
ModifyMenuW
GetCapture
SetMenuItemBitmaps
ScreenToClient
FindWindowA
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DdeCreateDataHandle
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
SetMenu
RegisterClipboardFormatA
DdeSetUserHandle
MoveWindow
SetDlgItemInt
GetMenuStringA
DdePostAdvise
AppendMenuW
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
GetProcessDefaultLayout
TabbedTextOutW
DestroyIcon
GetTopWindow
wsprintfW
IsWindowVisible
WinHelpW
DdeNameService
SystemParametersInfoW
WinHelpA
UnionRect
FrameRect
SetRect
DeleteMenu
AppendMenuA
SendMessageA
CallWindowProcW
GetClassNameW
InvalidateRect
SetWindowTextA
TranslateAcceleratorA
GetClassInfoW
ValidateRect
IsRectEmpty
GetFocus
InsertMenuItemW
CloseClipboard
GetDlgItem
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
33280

ImageVersion
0.0

ProductName
WinPcap

FileVersionNumber
4.1.0.2001

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
4.1.0.2001

TimeStamp
2019:04:04 03:43:20+02:00

FileType
Win32 EXE

PEType
PE32

FileDescription
WinPcap 4.1.2 ikstaller

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
75776

FileSubtype
0

ProductVersionNumber
4.1.0.2001

EntryPoint
0x11f0

ObjectFileType
Executable application

File identification
MD5 22db189539a86530de964b9fa2dfeb4f
SHA1 1a78aa119a71614be45cffa9cdf8044d0bca5bd6
SHA256 c0e4d96edf5013225d42003f0eae80824a04fcda997d9a8fc2d0343f79f9abd5
ssdeep
3072:qdtmcXvQuDsKmmpVXAF6XhO+KxmQIXVWR4cdU40Q:qbmcbDs3mppAF6xO5BaVQ

authentihash 68f7ecbfbe36f2dd5935fc8e7a6ff0582544f1b791831fc8a0d739ae555332e8
imphash a48d93d80d971bb366218f2d6b212d90
File size 110.8 KB ( 113416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-04 15:10:10 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-04 15:10:10 UTC ( 1 month, 2 weeks ago )
File names emotet_exe_e2_c0e4d96edf5013225d42003f0eae80824a04fcda997d9a8fc2d0343f79f9abd5_2019-04-04__055004.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs