× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce816c7f0640d5386d7e837788efb384485b2a81ab11f708255f2414a8b5cc2b
File name: 2af3cffcd8d9775e7f9b537b35de16774117fd71
Detection ratio: 47 / 67
Analysis date: 2018-05-05 17:43:58 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.313508 20180505
AegisLab Gen.Variant.Johnnie!c 20180505
AhnLab-V3 Trojan/Win32.Crypt.R226668 20180505
ALYac Gen:Variant.Razy.313508 20180505
Arcabit Trojan.Razy.D4C8A4 20180505
Avast Win32:Malware-gen 20180505
AVG Win32:Malware-gen 20180505
Avira (no cloud) TR/Crypt.ZPACK.udtkh 20180505
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
BitDefender Gen:Variant.Razy.313508 20180505
CAT-QuickHeal Trojan.Critet 20180505
ClamAV Win.Trojan.Emotet-6526955-0 20180505
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180505
Cyren W32/Trojan.ZQQY-2228 20180505
eGambit Unsafe.AI_Score_100% 20180505
Emsisoft Gen:Variant.Razy.313508 (B) 20180505
Endgame malicious (high confidence) 20180504
ESET-NOD32 a variant of Win32/Kryptik.GGGJ 20180505
F-Prot W32/Emotet.AX.gen!Eldorado 20180505
F-Secure Gen:Variant.Razy.313508 20180505
Fortinet W32/Kryptik.GFYL!tr 20180505
GData Gen:Variant.Razy.313508 20180505
Ikarus Trojan-Banker.Emotet 20180505
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052f7701 ) 20180505
K7GW Trojan ( 0052f7701 ) 20180505
Kaspersky Trojan.Win32.Agent.qwgkve 20180505
MAX malware (ai score=97) 20180505
McAfee Emotet-FDM!BC968696CB69 20180505
McAfee-GW-Edition Emotet-FDM!BC968696CB69 20180505
Microsoft Trojan:Win32/Critet.E!cl 20180505
eScan Gen:Variant.Razy.313508 20180505
NANO-Antivirus Trojan.Win32.Kryptik.fbdiqq 20180505
Palo Alto Networks (Known Signatures) generic.ml 20180505
Panda Trj/GdSda.A 20180505
Qihoo-360 Win32/Trojan.9de 20180505
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANY 20180505
Symantec Trojan.Gen.2 20180505
Tencent Win32.Trojan.Agent.Piju 20180505
TrendMicro TSPY_HPEMOTET.SMAL4 20180505
TrendMicro-HouseCall TSPY_HPEMOTET.SMAL4 20180505
VBA32 BScope.Trojan.Agent 20180504
VIPRE Trojan.Win32.Generic!BT 20180505
Webroot W32.Trojan.Emotet 20180505
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgkve 20180505
Alibaba 20180503
Antiy-AVL 20180505
Avast-Mobile 20180505
AVware 20180428
Babable 20180406
Bkav 20180504
CMC 20180505
Comodo 20180505
Cybereason None
DrWeb 20180505
Jiangmin 20180505
Kingsoft 20180505
nProtect 20180505
Rising 20180505
SUPERAntiSpyware 20180505
Symantec Mobile Insight 20180505
TheHacker 20180504
TotalDefense 20180505
Trustlook 20180505
ViRobot 20180505
Yandex 20180504
Zillya 20180504
Zoner 20180504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name shacct.dll
Internal name shacct
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Shell Accounts Classes
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-01 19:41:25
Entry Point 0x00029035
Number of sections 5
PE sections
PE imports
GetUserNameA
IsTextUnicode
GetOldestEventLogRecord
GetUserNameW
GetFileTitleW
GetCurrentObject
GetClipRgn
DeleteColorSpace
GetCurrentPositionEx
GetStretchBltMode
GdiFlush
GetTextColor
GetOutlineTextMetricsW
GetDIBits
GetRegionData
GetObjectW
ExtSelectClipRgn
GetCharWidth32A
GetBkColor
GetTextCharset
GetNativeSystemInfo
GetLastError
GetVolumePathNameW
GlobalFindAtomW
FlushConsoleInputBuffer
GetPrivateProfileStructA
GetPrivateProfileSectionNamesA
FreeLibrary
GlobalFindAtomA
EnumUILanguagesW
LoadLibraryA
GetFileAttributesW
GetStartupInfoA
Module32FirstW
GetDriveTypeA
GetPrivateProfileStringA
LocalAlloc
GetConsoleCursorInfo
GetPriorityClass
GetCurrentActCtx
FindActCtxSectionGuid
GetProcAddress
FlsFree
VirtualProtectEx
WritePrivateProfileStringW
lstrcpynW
FindResourceExA
RaiseException
GetBinaryTypeW
DeleteVolumeMountPointW
WritePrivateProfileStructA
InterlockedExchange
GetConsoleDisplayMode
EnumSystemCodePagesA
GetProcessWorkingSetSize
IsValidLocale
WritePrivateProfileStructW
GlobalAddAtomA
LocalFree
GetAtomNameA
GlobalAlloc
RpcMgmtEpEltInqBegin
InitializeSecurityContextA
FreeContextBuffer
GetPrinterDriverW
GetColorProfileHeader
Ord(30)
fputc
malloc
fputws
strtod
_time64
fprintf
strftime
towlower
toupper
strcmp
GetRunningObjectTable
GetConvertStg
MkParseDisplayNameEx
FindMimeFromData
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
32256

EntryPoint
0x29035

OriginalFileName
shacct.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:05:01 20:41:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
shacct

ProductVersion
6.1.7601.17514

FileDescription
Shell Accounts Classes

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1659788813

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bc968696cb690876c5835c0cd50f79d9
SHA1 2af3cffcd8d9775e7f9b537b35de16774117fd71
SHA256 ce816c7f0640d5386d7e837788efb384485b2a81ab11f708255f2414a8b5cc2b
ssdeep
1536:N2PV8NzWjqxslHrUBR9NY0jwODIJEoBcdx9gqt3wZEt85SukgyLFH6Lm4A7:N2PVUVxUY9PDEex9gqtAZV5Nkt4q

authentihash ac15a5f7d8c8443c510242e2e31cfad9b057f0095df9bdbf9d73760ac0cb49ed
imphash 4d99556e445b2a5e89846b8b6d390a9d
File size 202.0 KB ( 206848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-02 04:35:16 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-28 17:50:49 UTC ( 8 months, 4 weeks ago )
File names 4900.exe
shacct.dll
shacct
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!