× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd644c5df3749ca7adf80c0f4e3dda1fb1bb0018420105bb0d65ffa654b5518a
File name: emotet_e1_cd644c5df3749ca7adf80c0f4e3dda1fb1bb0018420105bb0d65ffa...
Detection ratio: 46 / 70
Analysis date: 2019-03-13 12:16:40 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Ranapama.AEY 20190313
AegisLab Trojan.Win32.Emotet.4!c 20190313
AhnLab-V3 Trojan/Win32.Emotet.C3083600 20190313
ALYac Trojan.Ranapama.AEY 20190313
Arcabit Trojan.Ranapama.AEY 20190313
Avast Win32:BankerX-gen [Trj] 20190313
AVG Win32:BankerX-gen [Trj] 20190313
Avira (no cloud) TR/Crypt.Agent.gtwfm 20190313
BitDefender Trojan.Ranapama.AEY 20190313
ClamAV Win.Malware.Emotet-6887994-0 20190313
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.88c672 20190109
Cylance Unsafe 20190313
DrWeb Trojan.Siggen8.14293 20190313
Emsisoft Trojan.Ranapama.AEY (B) 20190313
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CRJZ 20190313
F-Secure Trojan.TR/Crypt.Agent.gtwfm 20190313
Fortinet W32/Kryptik.CQLG!tr 20190313
GData Trojan.Ranapama.AEY 20190313
Ikarus Trojan-Banker.Emotet 20190313
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0049be1f1 ) 20190313
K7GW Trojan ( 0049be1f1 ) 20190313
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen 20190313
MAX malware (ai score=100) 20190313
McAfee GenericRXHC-WN!76A855525C75 20190313
McAfee-GW-Edition Artemis!Trojan 20190313
Microsoft Trojan:Win32/Emotet.P!MTB 20190313
eScan Trojan.Ranapama.AEY 20190313
NANO-Antivirus Trojan.Win32.Kryptik.fnxsvd 20190313
Palo Alto Networks (Known Signatures) generic.ml 20190313
Panda Trj/GdSda.A 20190312
Qihoo-360 Win32/Trojan.095 20190313
Rising Trojan.Kryptik!8.8 (TFE:3:ZX5GbKnV1a) 20190313
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190313
Symantec Trojan.Gen.2 20190311
Tencent Win32.Trojan.Falsesign.Aise 20190313
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.THCABAI 20190313
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THCABAI 20190313
VBA32 BScope.Malware-Cryptor.Emotet 20190313
Webroot W32.Trojan.Emotet 20190313
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.Emotet.gen 20190313
Alibaba 20190306
Antiy-AVL 20190313
Avast-Mobile 20190313
Babable 20180918
Baidu 20190306
Bkav 20190313
CAT-QuickHeal 20190312
CMC 20190313
Comodo 20190313
Cyren 20190313
eGambit 20190313
F-Prot 20190313
Jiangmin 20190313
Kingsoft 20190313
Malwarebytes 20190313
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190313
TheHacker 20190308
TotalDefense 20190313
Trustlook 20190313
ViRobot 20190313
Yandex 20190312
Zillya 20190313
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:15 PM 3/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-09 21:24:20
Entry Point 0x00001770
Number of sections 4
PE sections
Overlays
MD5 16e33a6d8643ca1fb7f3b7d96f3e0966
File type data
Offset 265728
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegQueryValueExA
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
SaferRecordEventLogEntry
SaferComputeTokenFromLevel
RegQueryValueExW
RegOpenKeyA
RegOpenKeyExW
GetSecurityDescriptorOwner
RegOpenKeyW
RegOpenKeyExA
RegQueryValueW
SaferCloseLevel
GetFileSecurityW
CreateProcessAsUserW
RevertToSelf
RegSetValueExW
FreeSid
SaferIdentifyLevel
ImpersonateLoggedOnUser
AbortDoc
CreateSolidBrush
DeleteObject
CreateHalftonePalette
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleCursorInfo
OpenFileMappingA
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
InitAtomTable
LoadResource
TlsGetValue
QueryDosDeviceW
OutputDebugStringA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
FlushViewOfFile
FillConsoleOutputCharacterW
QueryPerformanceFrequency
FatalAppExitW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
SetCalendarInfoA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
lstrcpyW
ExpandEnvironmentStringsW
CreateTimerQueueTimer
WriteProfileSectionA
RemoveDirectoryA
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
lstrlenW
GetEnvironmentStrings
CompareFileTime
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
CloseHandle
GetVersion
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
DrawTextW
SetRectEmpty
EnableScrollBar
CopyRect
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
DispatchMessageA
EndPaint
SetDlgItemInt
IntersectRect
PeekMessageA
GetMessageTime
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
TranslateMessage
CharUpperW
UnregisterClassW
GetClassInfoW
DefMDIChildProcW
GetDlgItemTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetMenuItemID
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
MapVirtualKeyExW
GetMessageW
ShowWindow
GetQueueStatus
DrawFrameControl
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
GetCursorPos
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
CopyImage
SetParent
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetDlgItemInt
SetClipboardData
ToUnicodeEx
GetIconInfo
GetMenuItemRect
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
GetSubMenu
OpenClipboard
GetKeyboardLayout
FillRect
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
GetMessageA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
ShowCaret
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
LoadBitmapW
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
PostMessageA
DrawIcon
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
WaitMessage
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
CharUpperBuffW
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ScreenToClient
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
CheckDlgButton
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
NotifyWinEvent
SetFocus
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
EndDialog
ModifyMenuW
HideCaret
FindWindowW
GetCapture
CreatePopupMenu
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetTopWindow
wsprintfW
DefFrameProcW
IsWindowVisible
WinHelpW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
TranslateMDISysAccel
GetClientRect
ValidateRect
IsRectEmpty
IsMenu
GetFocus
BeginDeferWindowPos
CreateMenu
InsertMenuItemW
CloseClipboard
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
CZECH DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:03:09 22:24:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
157184

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1770

InitializedDataSize
107520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 76a855525c756cb25c549e2935040268
SHA1 eecea2c88c6720a696bcdcaf37433eaa3bca26ef
SHA256 cd644c5df3749ca7adf80c0f4e3dda1fb1bb0018420105bb0d65ffa654b5518a
ssdeep
6144:Ka0m9wDUi91ggOTMTtM/faJiiAf5uDv888888888888W88888888888H9:vMB1gPMTtM/faJibfq888888888888WA

authentihash ff6d822d2bfb170cebd946fafb592b04286660de968cf0bb57a0493eee1d6973
imphash 4e881621082522baa4f1e7ea3d8c8f1c
File size 262.8 KB ( 269064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-10 00:41:11 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-12 02:11:15 UTC ( 1 month, 2 weeks ago )
File names emotet_e1_cd644c5df3749ca7adf80c0f4e3dda1fb1bb0018420105bb0d65ffa654b5518a_2019-03-10__003004.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs