× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c79b2d24112b19afb39303ae4512b0f1e01a0c252ec8a498ef3eb354433d2987
File name: emotet_e1_c79b2d24112b19afb39303ae4512b0f1e01a0c252ec8a498ef3eb35...
Detection ratio: 49 / 71
Analysis date: 2019-02-16 06:37:22 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.31684204 20190215
AhnLab-V3 Trojan/Win32.Emotet.R254996 20190215
ALYac Trojan.Agent.Emotet 20190215
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190215
Arcabit Trojan.Generic.D1E3766C 20190215
Avast Win32:BankerX-gen [Trj] 20190215
AVG Win32:BankerX-gen [Trj] 20190215
BitDefender Trojan.GenericKD.31684204 20190215
Bkav HW32.Packed. 20190215
ClamAV Win.Malware.Emotet-6856528-0 20190215
Comodo Malware@#96ficem6igxo 20190215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.744410 20190109
Cylance Unsafe 20190215
Cyren W32/Emotet.OK.gen!Eldorado 20190215
DrWeb Trojan.Emotet.626 20190215
Emsisoft Trojan.Emotet (A) 20190215
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPPP 20190215
F-Prot W32/Emotet.OK.gen!Eldorado 20190215
Fortinet W32/Kryptik.GPPP!tr 20190215
GData Trojan.GenericKD.31684204 20190215
Ikarus Trojan-Banker.Emotet 20190215
K7AntiVirus Riskware ( 0040eff71 ) 20190215
K7GW Riskware ( 0040eff71 ) 20190215
Kaspersky Trojan-Banker.Win32.Emotet.cfim 20190215
Malwarebytes Trojan.Emotet 20190215
McAfee Emotet-FLY!FFD87D565166 20190215
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20190215
Microsoft Trojan:Win32/Emotet.AC!bit 20190215
eScan Trojan.GenericKD.31684204 20190215
NANO-Antivirus Trojan.Win32.Generic.fmywve 20190215
Palo Alto Networks (Known Signatures) generic.ml 20190215
Panda Trj/GdSda.A 20190215
Qihoo-360 HEUR/QVM20.1.2A43.Malware.Gen 20190215
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190215
Symantec Trojan.Emotet 20190215
TACHYON Banker/W32.Emotet.274432.S 20190215
Tencent Win32.Trojan-banker.Emotet.Eivg 20190215
Trapmine malicious.high.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THBABAI 20190215
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THBABAI 20190215
VBA32 BScope.Trojan.Emotet 20190215
ViRobot Trojan.Win32.S.Emotet.274432.B 20190215
Webroot W32.Trojan.Emotet 20190215
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cfim 20190215
AegisLab 20190215
Alibaba 20180921
Avast-Mobile 20190215
Avira (no cloud) 20190215
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190215
CMC 20190215
eGambit 20190215
F-Secure 20190215
Sophos ML 20181128
Jiangmin 20190215
Kingsoft 20190215
MAX 20190215
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TheHacker 20190215
TotalDefense 20190215
Trustlook 20190215
VIPRE 20190215
Yandex 20190215
Zillya 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® O
Original name apisetstu
Internal name apisetstu
File version 6.2.9200
Description ApiSet Stub DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-11 21:00:11
Entry Point 0x00002161
Number of sections 5
PE sections
PE imports
IsTokenRestricted
GetTextExtentExPointW
HeapCompact
GetTimeZoneInformation
GetCurrentProcessId
GetLargePageMinimum
ZombifyActCtx
WaitForSingleObject
GetCommandLineW
UnregisterApplicationRestart
TlsGetValue
CloseHandle
UnlockFileEx
GetVersion
Thread32First
GetMenuPosFromID
GetClassNameW
GetTopWindow
EnableScrollBar
GetFocus
SetMenuContextHelpId
GetKeyboardType
GetFileVersionInfoSizeA
DeletePrinterConnectionW
Number of PE resources by type
RT_STRING 93
RT_VERSION 1
Number of PE resources by language
FRENCH 94
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:11 22:00:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2161

InitializedDataSize
0

SubsystemVersion
6.1

ImageVersion
6.0

OSVersion
6.0

UninitializedDataSize
102400

File identification
MD5 ffd87d565166198da063244d3b6f9c44
SHA1 3077bb874441042740809781c9c72b10bdf23865
SHA256 c79b2d24112b19afb39303ae4512b0f1e01a0c252ec8a498ef3eb354433d2987
ssdeep
3072:WIlI8YOOiAosrD8CTP8CLHuu6shDikam/to092r6U1fHP0Ndas60YvZdLqk5O:rlI8U48XHuurhOs/tt2r6Kl0kdL5

authentihash d3892933323792ceb194541500d8ae43e4809c3c83ba8b1f5c2d2a2bf2c17ffb
imphash 3851a882136a44bd9e9b1ee6dba0b5b9
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-11 21:05:49 UTC ( 2 months ago )
Last submission 2019-02-12 02:46:00 UTC ( 2 months ago )
File names VTrNox.exe
ovPcODTF4.exe
emotet_e1_c79b2d24112b19afb39303ae4512b0f1e01a0c252ec8a498ef3eb354433d2987_2019-02-11__211002.exe_
apisetstu
4ykWkCWr7x.exe
nzhe4fDWx.exe
700.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!