× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cbd21c5644feb72a8ee38558917591f9420a755f1777989f917251594d69f438
File name: 393cea5ef3705eea337e9acdbca326c4.virus
Detection ratio: 52 / 69
Analysis date: 2018-12-05 07:18:52 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Emotet.4 20181205
AegisLab Trojan.Win32.Emotet.4!c 20181205
AhnLab-V3 Trojan/Win32.Emotet.R238307 20181204
ALYac Gen:Heur.Emotet.4 20181205
Antiy-AVL Trojan/Win32.Fuerboos 20181205
Arcabit Trojan.Emotet.4 20181205
Avast Win32:Malware-gen 20181205
AVG Win32:Malware-gen 20181205
BitDefender Gen:Heur.Emotet.4 20181205
CAT-QuickHeal Trojan.IGENERIC 20181204
ClamAV Win.Trojan.Emotet-6707392-0 20181203
Comodo TrojWare.Win32.Dovs.MO@7lrh2k 20181205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.04684c 20180225
Cylance Unsafe 20181205
Cyren W32/Trojan.WZFM-4250 20181205
DrWeb Trojan.EmotetENT.275 20181205
eGambit Unsafe.AI_Score_99% 20181205
Emsisoft Trojan.Emotet (A) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BT 20181205
F-Secure Gen:Heur.Emotet.4 20181205
Fortinet W32/GenKryptik.COKO!tr 20181205
GData Gen:Heur.Emotet.4 20181205
Ikarus Trojan.Win32.Emotet 20181204
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.daz 20181205
K7AntiVirus Trojan ( 0053d4a91 ) 20181205
K7GW Trojan ( 0053d4a91 ) 20181205
Kaspersky Trojan-Banker.Win32.Emotet.bqgp 20181204
Malwarebytes Trojan.Emotet 20181205
MAX malware (ai score=100) 20181205
McAfee Emotet-FJG!393CEA5EF370 20181205
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181205
Microsoft Trojan:Win32/Emotet.AC!bit 20181205
eScan Gen:Heur.Emotet.4 20181205
NANO-Antivirus Trojan.Win32.Emotet.fipfio 20181205
Palo Alto Networks (Known Signatures) generic.ml 20181205
Panda Trj/GdSda.A 20181204
Rising Trojan.Emotet!8.B95 (CLOUD) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181205
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181128
Symantec ML.Attribute.HighConfidence 20181205
Trapmine suspicious.low.ml.score 20181128
TrendMicro TrojanSpy.Win32.EMOTET.SMGD1.hp 20181205
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMGD1.hp 20181205
VBA32 BScope.Trojan.Emotet 20181204
ViRobot Trojan.Win32.Z.Emotet.176128.V 20181205
Zillya Trojan.Emotet.Win32.4261 20181204
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bqgp 20181205
Zoner Trojan.Emotet 20181205
Alibaba 20180921
Avast-Mobile 20181204
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181204
Bkav 20181203
CMC 20181204
F-Prot 20181205
Kingsoft 20181205
Qihoo-360 20181205
Symantec Mobile Insight 20181204
TACHYON 20181204
Tencent 20181205
TheHacker 20181202
TotalDefense 20181205
Trustlook 20181205
Webroot 20181205
Yandex 20181204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-28 15:01:14
Entry Point 0x00003E00
Number of sections 5
PE sections
Overlays
MD5 f64a9cc8d2c329d813a352480433aa14
File type data
Offset 162816
Size 13312
Entropy 2.43
PE imports
RegSaveKeyExW
GetSecurityDescriptorControl
SetFileSecurityW
CreateToolbarEx
GetOpenFileNameW
CryptMsgGetAndVerifySigner
CryptStringToBinaryA
JetSetColumns
PaintRgn
GetCharABCWidthsW
InvertRgn
GetClipRgn
GetCharacterPlacementW
EqualRgn
ExtCreateRegion
EnumFontsA
RectVisible
GetPixel
CreateFontW
ImmGetCompositionStringW
PeekNamedPipe
CompareStringW
FillConsoleOutputAttribute
SetCriticalSectionSpinCount
SetCurrentDirectoryW
SetTimerQueueTimer
PostQueuedCompletionStatus
GetCurrentConsoleFont
GetNamedPipeServerProcessId
ResetEvent
FreeConsole
InterlockedCompareExchange
GetCurrencyFormatW
LZOpenFileW
MprConfigBufferFree
VARIANT_UserFree
SysAllocStringLen
glGetError
glTexCoord2f
WriteGlobalPwrPolicy
RpcUserFree
SetupInstallServicesFromInfSectionExW
SetupFindNextMatchLineW
CM_Get_Device_ID_ExW
PathIsSystemFolderW
QuerySecurityContextToken
GetOpenClipboardWindow
CopyAcceleratorTableW
DlgDirSelectComboBoxExA
ExcludeUpdateRgn
EnumDisplaySettingsExW
GetWindow
ChildWindowFromPoint
SetDlgItemTextW
GetKeyState
midiOutGetDevCapsA
mciGetCreatorTask
EnumFormsW
DeletePrinter
SCardGetProviderIdA
CoUnmarshalHresult
OleBuildVersion
GetConvertStg
PdhEnumObjectItemsW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:28 17:01:14+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
155648

LinkerVersion
16.1

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3e00

InitializedDataSize
49152

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 393cea5ef3705eea337e9acdbca326c4
SHA1 662c77104684cffdb737cc5a052b74fbef36f47d
SHA256 cbd21c5644feb72a8ee38558917591f9420a755f1777989f917251594d69f438
ssdeep
3072:o5KShNk+LPcoOxniU1MAwtrmCZL+xXQap9Bzma5:sDXygzJjZi7ga5

authentihash eab09fa8aa65fc082d21eb66320bb9276629988b6a7ff976bb3d0b25a74db216
imphash c4f69f34f4b628a287032ae90bb4a7b5
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-16 14:36:01 UTC ( 3 months, 1 week ago )
Last submission 2018-11-16 14:36:01 UTC ( 3 months, 1 week ago )
File names 393cea5ef3705eea337e9acdbca326c4.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!