× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0ec4151428d80d588e491663058a833df4233b94bfed05c682db880ad995997
File name: 67B76668.exe
Detection ratio: 18 / 68
Analysis date: 2018-06-23 08:25:49 UTC ( 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R230382 20180622
Avast FileRepMalware 20180623
AVG FileRepMalware 20180623
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180622
ClamAV Win.Trojan.Generic-6584512-1 20180623
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180623
Emsisoft Trojan.Emotet (A) 20180623
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GHOI!tr 20180623
Ikarus Trojan-Banker.Emotet 20180623
MAX malware (ai score=94) 20180623
Palo Alto Networks (Known Signatures) generic.ml 20180623
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgIZp+gbA8+aIQ) 20180623
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180622
VBA32 BScope.TrojanDownloader.Stantinko 20180622
Webroot W32.Trojan.Emotet 20180623
Ad-Aware 20180623
AegisLab 20180622
Alibaba 20180622
ALYac 20180623
Antiy-AVL 20180623
Arcabit 20180623
Avast-Mobile 20180622
Avira (no cloud) 20180622
AVware 20180623
Babable 20180406
BitDefender 20180623
Bkav 20180623
CAT-QuickHeal 20180622
CMC 20180623
Comodo 20180623
Cybereason 20180225
Cyren 20180623
DrWeb 20180623
eGambit 20180623
ESET-NOD32 20180623
F-Prot 20180623
F-Secure 20180622
GData 20180623
Sophos ML 20180601
Jiangmin 20180623
K7AntiVirus 20180622
K7GW 20180623
Kaspersky 20180623
Kingsoft 20180623
Malwarebytes 20180623
McAfee 20180623
McAfee-GW-Edition 20180623
Microsoft 20180623
eScan 20180623
NANO-Antivirus 20180623
Panda 20180623
Qihoo-360 20180623
Sophos AV 20180623
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TACHYON 20180623
Tencent 20180623
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180623
TrendMicro-HouseCall 20180623
Trustlook 20180623
VIPRE 20180623
ViRobot 20180623
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180623
Zoner 20180622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-23 15:12:53
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
NotifyBootConfigStatus
CopyEnhMetaFileW
GetLayout
SetTimeZoneInformation
FindActCtxSectionStringW
NetServerGetInfo
UuidToStringA
SetupDiBuildDriverInfoList
PathAddBackslashA
wsprintfA
GetInputState
GetDialogBaseUnits
PeekMessageW
waveOutGetID
timeBeginPeriod
StringFromCLSID
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
230400

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:23 08:12:53-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
98304

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 00864d57b55e523f9399c7d5194aa232
SHA1 243306c999df765bc30786328374c31ff6c15256
SHA256 d0ec4151428d80d588e491663058a833df4233b94bfed05c682db880ad995997
ssdeep
1536:asFCCCeShxHbWmLShf+ge5AwcPB8tMwzLgJj:cCChOhmzx2uKwQ

authentihash 57c76ea4482ab4a2437dabc66160a709c7972ef95653e7fd3c62114f647288a3
imphash 37fc747b7e3738025079caa7a924b622
File size 317.5 KB ( 325120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-23 08:15:49 UTC ( 8 months ago )
Last submission 2018-11-20 12:22:07 UTC ( 3 months ago )
File names 3523.exe
67B76668.exe
1912.exe
21914.exe
1068.exe
6914.exe
bthpanswim.exe
70694.exe
2521.exe
97754.exe
output.113493317.txt
2375.exe
5997.exe
6449.exe
9543.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.