× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ceab87494135032dae1e5edec54d45de9bccd487357411def54f51189c789d31
File name: output.114763676.txt
Detection ratio: 40 / 69
Analysis date: 2018-12-26 06:56:20 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.GenericKD.40862139 20181226
AhnLab-V3 Trojan/Win32.Kryptik.R249671 20181226
Antiy-AVL Trojan/Win32.Fuerboos 20181226
Arcabit Trojan.Generic.D26F81BB 20181226
Avast Win32:Trojan-gen 20181226
AVG Win32:Trojan-gen 20181226
Avira (no cloud) TR/Kryptik.mzmgd 20181226
BitDefender Trojan.GenericKD.40862139 20181226
Comodo Malware@#dqubrujw0d0i 20181226
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.d92b82 20180225
Cylance Unsafe 20181226
eGambit Unsafe.AI_Score_86% 20181226
Emsisoft Trojan.GenericKD.40862139 (B) 20181226
ESET-NOD32 a variant of Win32/Kryptik.GOBN 20181226
F-Secure Trojan.GenericKD.40862139 20181226
Fortinet W32/GenKryptik.CUWE!tr 20181226
GData Trojan.GenericKD.40862139 20181226
Ikarus Trojan-Banker.Emotet 20181226
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005443ee1 ) 20181225
K7GW Trojan ( 005443ee1 ) 20181225
Kaspersky Trojan-Banker.Win32.Emotet.bwln 20181226
Malwarebytes Trojan.Emotet 20181225
McAfee RDN/Generic.dx 20181226
McAfee-GW-Edition RDN/Generic.dx 20181225
eScan Trojan.GenericKD.40862139 20181226
Palo Alto Networks (Known Signatures) generic.ml 20181226
Panda Trj/GdSda.A 20181225
Qihoo-360 Win32/Trojan.34d 20181226
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181226
Symantec Packed.Generic.517 20181225
Tencent Win32.Trojan-banker.Emotet.Dbb 20181226
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.USLM18 20181226
TrendMicro-HouseCall TROJ_GEN.USLM18 20181226
VBA32 BScope.Trojan.Refinka 20181222
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bwln 20181226
AegisLab 20181226
Alibaba 20180921
Avast-Mobile 20181225
Babable 20180918
Baidu 20181207
Bkav 20181224
CAT-QuickHeal 20181225
ClamAV 20181226
CMC 20181225
Cyren 20181226
DrWeb 20181226
Endgame 20181108
F-Prot 20181226
Jiangmin 20181226
Kingsoft 20181226
MAX 20181226
Microsoft 20181225
NANO-Antivirus 20181226
Rising 20181226
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181225
TACHYON 20181226
TheHacker 20181225
TotalDefense 20181223
Trustlook 20181226
ViRobot 20181225
Webroot 20181226
Yandex 20181223
Zillya 20181225
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2013

Product TortoiseSVN TortoisePlink
Original name TortoisePlink.exe
Internal name TortoisePlink
File version Release 0.63
Description TortoisePlink
Comments Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-22 18:20:12
Entry Point 0x0000358E
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
LookupPrivilegeNameW
GetSidSubAuthority
LogonUserW
CryptDestroyHash
CM_Get_Class_Name_ExW
FindTextW
CertAddCTLContextToStore
GlobalSize
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetModuleHandleA
GetSystemDefaultLCID
TransactNamedPipe
GetDynamicTimeZoneInformation
GetModuleFileNameA
FlsFree
LZSeek
LZInit
MprAdminInterfaceTransportGetInfo
DsFreeDomainControllerInfoW
CreateErrorInfo
VarI2FromStr
VarI4FromR4
SysAllocStringLen
RpcServerRegisterIf2
SetupDiDestroyClassImageList
ShellAboutW
StrFromTimeIntervalW
UrlApplySchemeW
PathGetCharTypeW
PathCreateFromUrlW
FreeDDElParam
ShowScrollBar
SetTimer
GetKeyboardType
HideCaret
GetClassNameA
RegisterDeviceNotificationW
GetMenuContextHelpId
GetMenuItemInfoW
midiStreamOpen
GetPrinterW
SCardStatusA
SCardGetStatusChangeW
Ord(30)
CoEnableCallCancellation
OleIsRunning
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
GERMAN SWISS 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Adapted from PuTTY plink (http://www.chiark.greenend.org.uk/~sgtatham/putty/)

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.63.0.9999

LanguageCode
English (British)

FileFlagsMask
0x003f

FileDescription
TortoisePlink

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
131072

EntryPoint
0x358e

OriginalFileName
TortoisePlink.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2013

FileVersion
Release 0.63

TimeStamp
2018:12:22 19:20:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TortoisePlink

ProductVersion
Release 0.63

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
http://tortoisesvn.net

CodeSize
280576

ProductName
TortoiseSVN TortoisePlink

ProductVersionNumber
0.63.0.9999

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0717e92d92b82b2b1ba86d2f9503e202
SHA1 60292b6729836eb5278c153d456dac4fb4fb9f17
SHA256 ceab87494135032dae1e5edec54d45de9bccd487357411def54f51189c789d31
ssdeep
3072:n03rA+Dghmh4H0huBQfvCgwkyA5n/VxI4zc7tym0sD56jzuM7Ssx:omu4H0hdvCgwfA5/DVSfEjh

authentihash 2826c50f0c009b5ef69b69f92c36ef918246f205b93d3faac0948883c1bb1ae0
imphash a8ff3245079d40616fa0cf0499bf5a9d
File size 556.0 KB ( 569344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-22 18:29:38 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-19 07:46:22 UTC ( 3 weeks, 6 days ago )
File names TortoisePlink.exe
QsC70JDhM.exe
b55mqroeM.exe
TYL3quRBGlZ.exe
TortoisePlink
output.114763676.txt
374.exe
of0U46hnZb.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!