× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c39f03a593fda8d327f681f113ed4f2117ab781adfd01837ace2cd5ca023eadf
File name: YtweCHRVxiXuBNgt.exe
Detection ratio: 42 / 71
Analysis date: 2019-01-03 05:54:47 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20181227
Ad-Aware Trojan.Autoruns.GenericKDS.31474558 20190103
ALYac Trojan.Autoruns.GenericKDS.31474558 20190103
Arcabit Trojan.Autoruns.GenericS.D1E0437E 20190103
Avast Win32:MalwareX-gen [Trj] 20190103
AVG Win32:MalwareX-gen [Trj] 20190103
Avira (no cloud) TR/AD.Emotet.avslq 20190102
BitDefender Trojan.Autoruns.GenericKDS.31474558 20190103
Comodo Malware@#3mpydl2f7l2eu 20190103
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.396ea9 20180225
Cylance Unsafe 20190103
Cyren W32/Trojan.JZWF-4894 20190103
eGambit Unsafe.AI_Score_99% 20190103
Emsisoft Trojan.Autoruns.GenericKDS.31474558 (B) 20190103
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOFY 20190103
F-Secure Trojan.Autoruns.GenericKDS.31474558 20190103
Fortinet W32/GenKryptik.CVMJ!tr 20190103
GData Trojan.Autoruns.GenericKDS.31474558 20190103
Ikarus Trojan.Autoruns.GenericKDS 20190102
Sophos ML heuristic 20181128
K7GW Trojan ( 00544cb91 ) 20190102
Kaspersky Trojan-Banker.Win32.Emotet.bxpq 20190102
Malwarebytes Trojan.Emotet 20190102
MAX malware (ai score=100) 20190103
McAfee Emotet-FID!01D3672396EA 20190103
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20190103
Microsoft Trojan:Win32/Emotet.AC!bit 20190103
eScan Trojan.Autoruns.GenericKDS.31474558 20190103
Palo Alto Networks (Known Signatures) generic.ml 20190103
Panda Trj/RnkBend.A 20190102
Qihoo-360 HEUR/QVM19.1.3DD1.Malware.Gen 20190103
Rising Trojan.Fuery!8.EAFB (CLOUD) 20190103
Sophos AV Mal/EncPk-AOI 20190103
Symantec Trojan.Emotet 20190103
Tencent Win32.Trojan-banker.Emotet.Fhz 20190103
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_FRS.VSN01A19 20190103
TrendMicro-HouseCall TROJ_FRS.VSN01A19 20190103
Webroot W32.Trojan.Emotet 20190103
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxpq 20190103
AegisLab 20190103
Alibaba 20180921
Antiy-AVL 20190102
Avast-Mobile 20190102
AVware 20180925
Babable 20180918
Baidu 20190102
Bkav 20190102
CAT-QuickHeal 20190102
ClamAV 20190103
CMC 20190102
DrWeb 20190103
F-Prot 20190103
Jiangmin 20190102
K7AntiVirus 20190102
Kingsoft 20190103
NANO-Antivirus 20190103
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190102
TheHacker 20181230
TotalDefense 20190102
Trustlook 20190103
VBA32 20181229
VIPRE 20190102
ViRobot 20190103
Yandex 20181229
Zillya 20190102
Zoner 20190103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-14 22:00:48
Entry Point 0x0000A220
Number of sections 8
PE sections
PE imports
GetSidSubAuthority
DuplicateToken
IsTokenRestricted
GetPrivateObjectSecurity
InitializeSecurityDescriptor
FindFirstFreeAce
GetOldestEventLogRecord
GetSecurityDescriptorOwner
EqualDomainSid
EqualPrefixSid
LookupPrivilegeNameA
GetCurrentHwProfileW
DecryptFileW
GetSecurityDescriptorLength
GetFileSecurityA
GetClusterFromResource
GetClusterResourceNetworkName
GetFileTitleA
FindTextA
GetDIBColorTable
GetRgnBox
GetROP2
GetObjectType
GetLayout
GetObjectA
LineTo
GetTextExtentExPointI
GetWorldTransform
GetRegionData
FillPath
GetCharacterPlacementA
GetOutlineTextMetricsA
GetMetaFileBitsEx
GetOutlineTextMetricsW
ExtCreateRegion
GdiFlush
GetTextFaceA
GetClipRgn
GetTextExtentPoint32A
GetCharWidth32W
GetTextColor
GetTextExtentPoint32W
GetTextCharacterExtra
GetUserDefaultUILanguage
GetVolumePathNameW
GlobalFindAtomW
GetConsoleOutputCP
GetConsoleFontSize
GetComputerNameA
LoadLibraryW
GetCommModemStatus
GetLongPathNameW
GetThreadTimes
DefineDosDeviceA
GetStringTypeExA
GetVolumeInformationW
EnumSystemLocalesW
GetCommandLineW
DeleteVolumeMountPointW
ExitThread
GetLocalTime
IsProcessorFeaturePresent
GetCommTimeouts
GetPriorityClass
SwitchToThread
VirtualFreeEx
GlobalGetAtomNameA
WriteProcessMemory
GetPrivateProfileIntA
GetConsoleTitleW
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetSystemDefaultLCID
FatalAppExitA
GetCommandLineA
GetTapePosition
GetProfileIntA
lstrcpynW
GetProfileStringW
GetSystemDefaultLangID
LockFileEx
GetFileSizeEx
VirtualUnlock
GetStringTypeA
ExpandEnvironmentStringsW
LocalFlags
WritePrivateProfileStructA
GetFileAttributesA
DeleteAtom
ReadFile
FreeConsole
GetProcessWorkingSetSize
lstrcmpA
IsValidLocale
GetACP
GetDiskFreeSpaceA
IsValidLanguageGroup
EscapeCommFunction
GetFileAttributesExW
LocalFree
GetThreadPriority
GetDefaultCommConfigW
GlobalHandle
GetLogicalDriveStringsW
VirtualQueryEx
GetLongPathNameA
FindNextChangeNotification
FormatMessageA
GetTickCount
GetSystemWindowsDirectoryW
CancelSynchronousIo
GetDefaultCommConfigA
VirtualAlloc
LoadRegTypeLib
GetErrorInfo
GetRecordInfoFromGuids
FindExecutableW
FindExecutableA
ExtractIconExA
GetComputerObjectNameW
DeleteSecurityContext
DecryptMessage
FreeCredentialsHandle
IsRectEmpty
EnumWindowStationsA
GetClassInfoExW
GetKeyboardLayoutNameA
GetScrollRange
DefWindowProcW
GetKeyboardLayoutNameW
GetClassInfoExA
DestroyMenu
GetClipboardOwner
GetShellWindow
GetDialogBaseUnits
GetCaretPos
GetPropA
LoadBitmapA
GetParent
FreeDDElParam
GetSystemMetrics
MessageBoxW
GetWindowLongA
IsWindowUnicode
GetDlgItemTextA
GetMessageExtraInfo
GetCursor
ChildWindowFromPoint
DeleteMenu
GetKeyNameTextA
DestroyCaret
InsertMenuItemA
GetCursorPos
GetWindowRgn
DrawStateW
GetClassInfoA
DestroyIcon
GetSubMenu
GetQueueStatus
LookupIconIdFromDirectoryEx
DefMDIChildProcA
DefFrameProcA
GetWindowModuleFileNameW
LoadMenuIndirectA
GetDlgItem
DrawTextW
GetClassLongA
GetMenuContextHelpId
DrawFocusRect
FindWindowExA
LoadImageW
SetPhysicalCursorPos
FlashWindow
GetUpdateRgn
DestroyAcceleratorTable
GetMenuState
LoadCursorW
GetSystemMenu
GetFocus
GetMenuItemCount
GetUpdateRect
GetWindowInfo
ModifyMenuA
DefDlgProcW
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoA
GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryA
SCardConnectA
GetColorProfileHeader
srand
system
fsetpos
ungetc
ftell
vfwprintf
fprintf
vfprintf
fwprintf
ungetwc
strcoll
MkParseDisplayName
FaultInIEFeature
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
MALTESE DEFAULT 1
PE resources
Debug information
ExifTool file metadata
CodeSize
40960

UninitializedDataSize
114688

LinkerVersion
15.0

ImageVersion
0.0

FileVersionNumber
5.1.2600.2180

LanguageCode
Unknown ()

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

InitializedDataSize
0

EntryPoint
0xa220

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:14 15:00:48-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 01d3672396ea9364afde0122d5225395
SHA1 819122e596454c2d499f54026dc0b7db7d72dc5a
SHA256 c39f03a593fda8d327f681f113ed4f2117ab781adfd01837ace2cd5ca023eadf
ssdeep
3072:kFwvZXDJ4gTCt9HiJCxLwM9LHlqquI8XJBy+B9UeE2oZxcq+ECjRqAGW0SKUPM7R:kkFarMu5wRbstiNbBO

authentihash ec649569226219fbab59114561236680b539f06dce8d1f9609eb30b58b666900
imphash 4401323af621d1bfa0c29081127c64e8
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-31 22:01:27 UTC ( 1 month, 2 weeks ago )
Last submission 2018-12-31 22:01:27 UTC ( 1 month, 2 weeks ago )
File names YtweCHRVxiXuBNgt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!