× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c87bf0ea83752bb95e3599798e752906b34a79a6ec692f3ec729ae61d0371322
File name: 3982f2a73fc4ed068d367b28ffb2e640
Detection ratio: 52 / 69
Analysis date: 2018-11-21 17:27:17 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.224347 20181121
AegisLab Trojan.Win32.Emotet.4!c 20181121
AhnLab-V3 Trojan/Win32.Emotet.R215266 20181121
ALYac Gen:Variant.Razy.224347 20181121
Antiy-AVL Trojan/Win32.TSGeneric 20181121
Arcabit Trojan.Razy.D36C5B 20181121
Avast Win32:Malware-gen 20181121
AVG Win32:Malware-gen 20181121
Avira (no cloud) TR/Crypt.ZPACK.Gen 20181121
BitDefender Gen:Variant.Razy.224347 20181121
Bkav HW32.Packed. 20181121
CAT-QuickHeal TrojanPWS.Emotet.ZZ5 20181121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.73fc4e 20180225
Cylance Unsafe 20181121
Cyren W32/Emotet.MGDQ-5269 20181121
DrWeb Trojan.Packed2.40646 20181121
Emsisoft Gen:Variant.Razy.224347 (B) 20181121
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.AZ 20181121
F-Prot W32/Emotet.LY 20181121
F-Secure Gen:Variant.Razy.224347 20181121
Fortinet W32/GenKryptik.CFNI!tr 20181121
GData Win32.Trojan-Spy.Emotet.HM 20181121
Ikarus Trojan-Banker.Emotet 20181121
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 005202181 ) 20181121
K7GW Trojan ( 005202181 ) 20181121
Kaspersky Trojan-Banker.Win32.Emotet.bqys 20181121
Malwarebytes Trojan.Emotet 20181121
MAX malware (ai score=87) 20181121
McAfee Emotet-FCY! 20181121
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181121
Microsoft Trojan:Win32/Emotet.PB!bit 20181121
eScan Gen:Variant.Razy.224347 20181121
NANO-Antivirus Trojan.Win32.Dovs.evwbwl 20181121
Palo Alto Networks (Known Signatures) generic.ml 20181121
Panda Trj/GdSda.A 20181121
Qihoo-360 HEUR/QVM20.1.57D3.Malware.Gen 20181121
Rising Trojan.Kryptik!8.8 (CLOUD) 20181121
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181121
SUPERAntiSpyware Trojan.Agent/Gen-Crypt 20181121
Symantec Packed.Generic.517 20181121
Tencent Win32.Trojan.Crypt.Llhi 20181121
TrendMicro TSPY_EMOTET.SMD26 20181121
TrendMicro-HouseCall TSPY_EMOTET.SMD26 20181121
VBA32 Trojan.Dovs 20181121
ViRobot Trojan.Win32.Agent.126976.FE 20181121
Webroot W32.Trojan.Emotet 20181121
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bqys 20181121
Zoner Trojan.Emotet 20181121
Alibaba 20180921
Avast-Mobile 20181121
Babable 20180918
Baidu 20181121
ClamAV 20181121
CMC 20181121
Comodo 20181121
eGambit 20181121
Jiangmin 20181121
Kingsoft 20181121
Symantec Mobile Insight 20181121
TACHYON 20181121
TheHacker 20181118
TotalDefense 20181121
Trustlook 20181121
VIPRE 20181121
Yandex 20181119
Zillya 20181121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© Intel Corporation 1994-1997

Product Intel Indeo® Video Interactive Quic
Original name ir41_qc.
Internal name ir41_qc
File version 4.30.6
Description Intel Indeo® Video
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-09 22:52:15
Entry Point 0x00001B50
Number of sections 7
PE sections
PE imports
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
ImageList_Create
CryptMemFree
SetBkMode
CreateSolidBrush
DeleteObject
ImmNotifyIME
FreeEnvironmentStringsA
GetEnvironmentStrings
GetUserDefaultLangID
PeekConsoleInputW
WaitForSingleObject
GetFileAttributesA
CreateFileW
CreateThread
WriteFile
GetTickCount
CloseHandle
GetUserDefaultLCID
VarDateFromI2
RegisterTypeLib
DuplicateIcon
GetCursorPos
GetRawInputData
GetActiveWindow
AdjustWindowRect
CallMsgFilterA
CopyRect
EnumWindows
GetSysColorBrush
GetClassNameA
getsockopt
rand
wprintf
srand
_time64
_localtime64
asctime
strstr
strlen
CoResumeClassObjects
CoGetCurrentLogicalThreadId
Number of PE resources by type
RT_DIALOG 14
RT_GROUP_ICON 2
RT_ICON 1
RT_VERSION 1
Number of PE resources by language
ITALIAN 18
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.12

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.17

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Intel Indeo Video

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
110592

EntryPoint
0x1b50

OriginalFileName
ir41_qc.

MIMEType
application/octet-stream

LegalCopyright
Copyright Intel Corporation 1994-1997

FileVersion
4.30.6

TimeStamp
2017:12:09 23:52:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ir41_qc

ProductVersion
4.30.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Corpora

CodeSize
0

ProductName
Intel Indeo Video Interactive Quic

ProductVersionNumber
2.1.0.17

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3982f2a73fc4ed068d367b28ffb2e640
SHA1 621315b3b77b0654b5527477e122783a8e4254de
SHA256 c87bf0ea83752bb95e3599798e752906b34a79a6ec692f3ec729ae61d0371322
ssdeep
3072:TCkX6rsIpPk+WP6UM4C3MtnvEvIZco48oh:+EbI6VHM4CcNKIZcWoh

authentihash cbd833e1cd11fbfc0b9da08250c27b1acbaa8423b9b7f6493c8ebb8283fd4466
imphash 9bb3a391cd6472e4ae2badbb0727ff9f
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-21 02:42:06 UTC ( 5 months ago )
Last submission 2019-01-06 11:54:23 UTC ( 3 months, 2 weeks ago )
File names 38d1d8d9-df56-11e7-8fd4-80e65024849a_perturb.file
3982f2a73fc4ed068d367b28ffb2e640.virobj
ir41_qc
ir41_qc.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.