× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc7ad294cf8140af0a1f6420132e9fe82c88b8cd516d747810fa4e24bbefca19
File name: 6de6ede3b13922387948fea34ec87679d2c31326
Detection ratio: 45 / 67
Analysis date: 2018-05-04 20:13:44 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30700928 20180504
AegisLab Filerepmalware.Gen!c 20180504
ALYac Trojan.GenericKD.30700928 20180504
Arcabit Trojan.Generic.D1D47580 20180504
Avast Win32:Malware-gen 20180504
AVG Win32:Malware-gen 20180504
Avira (no cloud) TR/Crypt.Xpack.yzgoo 20180504
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
BitDefender Trojan.GenericKD.30700928 20180504
CAT-QuickHeal Trojan.Dynamer 20180504
ClamAV Win.Trojan.Emotet-6527688-0 20180504
Comodo UnclassifiedMalware 20180504
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180504
Cyren W32/Trojan.DRKQ-8407 20180504
Emsisoft Trojan.GenericKD.30700928 (B) 20180504
Endgame malicious (high confidence) 20180504
ESET-NOD32 a variant of Win32/Kryptik.GGHE 20180504
F-Prot W32/Trojan3.AMJD 20180504
F-Secure Trojan.GenericKD.30700928 20180504
Fortinet W32/Kryptik.GFZX!tr 20180504
GData Win32.Trojan-Spy.Emotet.QA 20180504
Ikarus Trojan.Win32.Crypt 20180504
Sophos ML heuristic 20180503
K7AntiVirus Riskware ( 0040eff71 ) 20180504
K7GW Riskware ( 0040eff71 ) 20180504
Kaspersky Trojan.Win32.Agent.qwgkya 20180504
Malwarebytes Trojan.Emotet 20180504
MAX malware (ai score=96) 20180504
McAfee RDN/Generic.grp 20180504
McAfee-GW-Edition RDN/Generic.grp 20180504
Microsoft Trojan:Win32/Dynamer!ac 20180504
eScan Trojan.GenericKD.30700928 20180504
Palo Alto Networks (Known Signatures) generic.ml 20180504
Panda Trj/Genetic.gen 20180504
Qihoo-360 Win32/Trojan.9de 20180504
Rising Trojan.Kryptik!8.8 (TFE:5:PoP240KOZ5S) 20180504
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180504
Symantec Trojan.Gen.6 20180504
TrendMicro TSPY_EMOTET.TTIBBHL 20180504
TrendMicro-HouseCall TSPY_EMOTET.TTIBBHL 20180504
VIPRE Trojan.Win32.Generic!BT 20180504
Webroot W32.Trojan.Emotet 20180504
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgkya 20180504
AhnLab-V3 20180504
Alibaba 20180503
Antiy-AVL 20180504
Avast-Mobile 20180504
AVware 20180428
Babable 20180406
Bkav 20180504
CMC 20180504
Cybereason None
DrWeb 20180504
eGambit 20180504
Jiangmin 20180504
Kingsoft 20180504
NANO-Antivirus 20180504
nProtect 20180504
SUPERAntiSpyware 20180504
Symantec Mobile Insight 20180501
Tencent 20180504
TheHacker 20180504
TotalDefense 20180504
Trustlook 20180504
VBA32 20180504
ViRobot 20180504
Yandex 20180504
Zillya 20180504
Zoner 20180503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©1983-1990, 1993-2004 Adobe Systems Inc.

Product Adobe Type Manager
Original name ATMLIB.DLL
Internal name ATMLIB
File version 5.1 Build 230
Description Windows NT OpenType/Type 1 API Library.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-02 17:25:59
Entry Point 0x0000160B
Number of sections 6
PE sections
PE imports
GetSystemDefaultLCID
lstrlenA
CreateMemoryResourceNotification
SetSystemTimeAdjustment
TlsSetValue
IsProcessDPIAware
RealChildWindowFromPoint
GetParent
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
96768

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2.230

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows NT OpenType/Type 1 API Library.

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x160b

OriginalFileName
ATMLIB.DLL

MIMEType
application/octet-stream

LegalCopyright
1983-1990, 1993-2004 Adobe Systems Inc.

FileVersion
5.1 Build 230

TimeStamp
2018:05:02 17:25:59+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
ATMLIB

ProductVersion
5.1 Build 230

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems

LegalTrademarks
Adobe, Multiple Master, ATM, Adobe Type Manager, Postscript, and others are Trademarks of Adobe Systems.

ProductName
Adobe Type Manager

ProductVersionNumber
5.1.2.230

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 912a53de70b96174516f86f87b096aa4
SHA1 5a3db533707960d19e911b07b2c294ecd7ec08bc
SHA256 cc7ad294cf8140af0a1f6420132e9fe82c88b8cd516d747810fa4e24bbefca19
ssdeep
1536:Jhscu3Gai+ddYHE/+q0962QgvaLAx7yVCMRDApFiD7MOLwSqChoP:J1L+cEX5VAXMRDEWMqwSdhoP

authentihash 60838e043f0137ce36e7361a1c8ab10965c2c8e0ae8075eb82f4c2b3280ce947
imphash cc4027b8d57678c7e26015d774e72e73
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-02 17:43:02 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-11 00:12:08 UTC ( 9 months, 2 weeks ago )
File names 78813.exe
ATMLIB
78813.exe_
ATMLIB.DLL
6de6ede3b13922387948fea34ec87679d2c31326
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!