× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cbeb18a996556141fe58bcf7a5190faf5642989021be1b408f96580d59df674c
File name: 370.exe
Detection ratio: 46 / 67
Analysis date: 2018-07-17 19:02:16 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31099568 20180717
AegisLab Packer.Generic!c 20180717
AhnLab-V3 Trojan/Win32.Emotet.R231895 20180717
ALYac Trojan.GenericKD.31099568 20180717
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180717
Arcabit Trojan.Generic.D1DA8AB0 20180717
Avast Win32:MdeClass 20180717
AVG Win32:MdeClass 20180717
AVware Trojan.Win32.Generic!BT 20180717
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Trojan.GenericKD.31099568 20180717
Bkav HW32.Packed.7E9E 20180717
CAT-QuickHeal Trojan.Emotet 20180717
ClamAV Win.Trojan.Agent-6612133-0 20180717
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180717
Cyren W32/Trojan.RQAE-3223 20180717
Emsisoft Trojan.GenericKD.31099568 (B) 20180717
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Emotet.BK 20180717
F-Secure Trojan.GenericKD.31099568 20180717
Fortinet W32/Emotet.AXSS!tr 20180717
GData Trojan.GenericKD.31099568 20180717
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20180717
K7GW Riskware ( 0040eff71 ) 20180717
Kaspersky Trojan-Banker.Win32.Emotet.axss 20180717
Malwarebytes Spyware.Emotet 20180717
MAX malware (ai score=95) 20180717
McAfee Generic.cmq 20180717
McAfee-GW-Edition BehavesLike.Win32.Downloader.nc 20180717
Microsoft Trojan:Win32/Emotet.AC!bit 20180717
eScan Trojan.GenericKD.31099568 20180717
Palo Alto Networks (Known Signatures) generic.ml 20180717
Panda Trj/Emotet.C 20180717
Qihoo-360 HEUR/QVM20.1.8735.Malware.Gen 20180717
Rising Trojan.Kryptik!8.8 (CLOUD) 20180717
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180717
Symantec Packed.Generic.517 20180717
TrendMicro-HouseCall TROJ_GEN.R020H05GF18 20180717
VBA32 BScope.TrojanBanker.Emotet 20180717
VIPRE Trojan.Win32.Generic!BT 20180717
ViRobot Trojan.Win32.Z.Emotet.93696 20180717
Webroot W32.Trojan.Emotet 20180717
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.axss 20180717
Alibaba 20180713
Avast-Mobile 20180717
Avira (no cloud) 20180717
Babable 20180406
CMC 20180717
Comodo 20180717
Cybereason 20180225
DrWeb 20180717
eGambit 20180717
F-Prot 20180717
Ikarus 20180717
Jiangmin 20180717
Kingsoft 20180717
NANO-Antivirus 20180717
SUPERAntiSpyware 20180717
TACHYON 20180717
Tencent 20180717
TheHacker 20180716
TotalDefense 20180717
TrendMicro 20180717
Trustlook 20180717
Yandex 20180717
Zoner 20180717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Internal name DDddDDDdeeEEEPrintIsolationHost.exe
Description ВериБИГUnicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-15 21:10:34
Entry Point 0x000120DF
Number of sections 6
PE sections
PE imports
CryptDecrypt
CryptDecodeObjectEx
JetRetrieveKey
JetMakeKey
GetThreadId
lstrlenA
GetBinaryTypeA
VarCyCmp
RasRenameEntryW
DdeDisconnectList
ShowCursor
GetClipboardOwner
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
22528

EntryPoint
0x120df

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:07:15 23:10:34+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DDddDDDdeeEEEPrintIsolationHost.exe

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
11111 Corporation

CodeSize
74240

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 11dd9874f0cbbc76946cdbafe8fb9937
SHA1 d05cc6810ce13d51e179284a8b62f1f21e18c033
SHA256 cbeb18a996556141fe58bcf7a5190faf5642989021be1b408f96580d59df674c
ssdeep
1536:sGYiLxAaX/4M6P36wCLb7q3HRxMxNaj3c/Ytk7O+MiKDg2C4eq6X:Gs9QPqwsGHRKOc/YyLb4eq6

authentihash 4c4ce20f07a39e16829094b19f55149ec48f424518ffdc87738ca8a8c2bf9810
imphash e9f8f18f1cfefb23c4a4f56ebbdcc49f
File size 91.5 KB ( 93696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-15 21:14:40 UTC ( 7 months ago )
Last submission 2018-10-28 07:18:15 UTC ( 3 months, 2 weeks ago )
File names wcfaero.exe
TVJWMHT.exe
380095.exe
DDddDDDdeeEEEPrintIsolationHost.exe
370.exe
11dd9874f0cbbc76946cdbafe8fb9937.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!