× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd8a4b2c3c4495543909f85961a3a6c4b0f17b464a7966c1f9d4dca93bcf010f
File name: cd8a4b2c3c4495543909f85961a3a6c4b0f17b464a7966c1f9d4dca93bcf010f
Detection ratio: 16 / 70
Analysis date: 2019-02-09 10:28:21 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190208
AVG FileRepMalware 20190209
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.c5843b 20190109
Cylance Unsafe 20190209
eGambit Unsafe.AI_Score_93% 20190209
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CYXP 20190209
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Emotet 20190209
Qihoo-360 HEUR/QVM20.1.1C49.Malware.Gen 20190209
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgSmBvxI1AsX2Q) 20190209
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190209
Trapmine malicious.moderate.ml.score 20190123
VBA32 Trojan.Krap.gen 20190208
Ad-Aware 20190209
AegisLab 20190209
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190209
Antiy-AVL 20190209
Arcabit 20190208
Avast 20190209
Avast-Mobile 20190209
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
BitDefender 20190209
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190209
Cyren 20190209
DrWeb 20190209
Emsisoft 20190209
F-Prot 20190209
F-Secure 20190209
Fortinet 20190209
GData 20190209
Ikarus 20190209
Jiangmin 20190209
K7AntiVirus 20190208
K7GW 20190209
Kaspersky 20190209
Kingsoft 20190209
Malwarebytes 20190209
MAX 20190209
McAfee 20190209
McAfee-GW-Edition 20190209
eScan 20190209
NANO-Antivirus 20190209
Palo Alto Networks (Known Signatures) 20190209
Panda 20190209
Sophos AV 20190209
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190209
Tencent 20190209
TheHacker 20190203
TotalDefense 20190206
TrendMicro 20190209
TrendMicro-HouseCall 20190209
Trustlook 20190209
ViRobot 20190208
Webroot 20190209
Yandex 20190208
Zillya 20190208
ZoneAlarm by Check Point 20190209
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-09 18:21:00
Entry Point 0x00002B27
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
GetUserNameW
ImpersonateSelf
IsTokenRestricted
InitializeSecurityDescriptor
GetUserNameA
LookupPrivilegeNameA
GetEventLogInformation
GetOpenFileNameW
GetBkColor
GetBitmapBits
GdiSetBatchLimit
FrameRgn
GetTextExtentPoint32W
ExtTextOutA
GetPath
GetWorldTransform
RestoreDC
GetTextExtentExPointW
GetPaletteEntries
GetObjectW
SetStretchBltMode
GetViewportExtEx
GetCharWidth32W
GetTextExtentPointW
GetTextAlign
DeleteMetaFile
GetTextFaceA
GlobalGetAtomNameW
GetVolumePathNameW
FreeConsole
FileTimeToDosDateTime
GetShortPathNameW
VirtualAllocEx
ApplicationRecoveryInProgress
GetOverlappedResult
DeactivateActCtx
GetConsoleCP
GetDefaultCommConfigW
GetOEMCP
GetTimeFormatW
GetTickCount
EnumUILanguagesW
DefineDosDeviceW
GetVolumePathNamesForVolumeNameW
GetStartupInfoA
EnumSystemLocalesA
GetWindowsDirectoryW
GetCompressedFileSizeW
GetProcessId
GetConsoleTitleA
Sleep
GetProcAddress
GetProfileSectionA
GetSystemPowerStatus
FileTimeToSystemTime
GetLocaleInfoW
EnumResourceTypesA
FlushProcessWriteBuffers
GetTempPathA
LockFileEx
GetFileAttributesExW
LocalFlags
FindFirstFileExA
IsProcessorFeaturePresent
GetComputerNameA
GetThreadTimes
IsValidLocale
GetSystemDirectoryA
GetLargestConsoleWindowSize
DecodePointer
GetModuleHandleW
GetBinaryTypeA
FindActCtxSectionStringW
GetExitCodeProcess
LocalFree
ResumeThread
DeviceIoControl
LoadResource
FindResourceW
GetCurrentConsoleFont
LocalHandle
GetPrivateProfileSectionA
SleepEx
LoadRegTypeLib
GetRecordInfoFromTypeInfo
VarCyMul
GetPwrCapabilities
ExtractIconExW
ExtractAssociatedIconA
FindExecutableA
EnumerateSecurityPackagesW
GetComputerObjectNameW
InitializeSecurityContextA
IsRectEmpty
GetCaretBlinkTime
UpdateWindow
GetScrollInfo
LoadMenuA
DefWindowProcW
GetClassInfoExA
GetComboBoxInfo
GetShellWindow
FindWindowA
GetCaretPos
LockSetForegroundWindow
FlashWindowEx
LoadMenuW
GetWindowThreadProcessId
GetMenuState
GetTabbedTextExtentA
DdeSetUserHandle
LoadImageA
LoadCursorFromFileA
GetMenuStringA
DestroyCursor
DialogBoxParamA
GetSysColor
GetDlgItemInt
GetMenuItemID
LoadBitmapW
GetDoubleClickTime
DefFrameProcW
GetTitleBarInfo
LogicalToPhysicalPoint
GetWindowPlacement
GetClassInfoA
LoadStringW
GetClientRect
GetKeyboardLayoutList
DrawMenuBar
DrawTextW
GetClassLongA
LoadAcceleratorsA
wsprintfA
DeregisterShellHookWindow
GetClassInfoW
GetSysColorBrush
ExcludeUpdateRgn
GetSystemMenu
LoadAcceleratorsW
GetWindowRgnBox
GetUpdateRect
ModifyMenuA
GetMenuContextHelpId
DestroyWindow
GetFileVersionInfoA
FindFirstUrlCacheEntryExW
InternetInitializeAutoProxyDll
DeleteUrlCacheEntryW
DeletePrinterDriverW
FindFirstPrinterChangeNotification
GetPrinterDriverDirectoryA
GetStandardColorSpaceProfileW
fputc
memset
fputws
fread
_time64
strspn
_localtime64
strcmp
fgetws
CoInternetIsFeatureEnabled
FaultInIEFeature
GetClassFileOrMime
Number of PE resources by type
RT_DIALOG 51
RT_GROUP_CURSOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_MENU 1
Number of PE resources by language
ENGLISH US 55
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:02:09 10:21:00-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38912

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
427520

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2b27

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 de60d987b41eb1e82a31554971ffda30
SHA1 231b6bbc5843bf0073def799731df8147ede002e
SHA256 cd8a4b2c3c4495543909f85961a3a6c4b0f17b464a7966c1f9d4dca93bcf010f
ssdeep
3072:9WdoEBjA2pBlXssssssssssssssssssssssssssssssssssssssssssssssssssA:Qo2fBKN0yHaQV8cbg3LEIC

authentihash 7a2226f7591968c2125462af96c4daf35c04e5e2675f8492530dad24f104e986
imphash 618ce39e93212e2caca8a4bcd390a157
File size 448.5 KB ( 459264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (46.2%)
Win32 Dynamic Link Library (generic) (18.4%)
Win32 Executable (generic) (12.6%)
Win16/32 Executable Delphi generic (5.8%)
OS/2 Executable (generic) (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-09 10:28:21 UTC ( 1 month, 1 week ago )
Last submission 2019-02-09 10:28:21 UTC ( 1 month, 1 week ago )
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!