× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d202ae813edeb5168c6bef46ced415e08d9d5136863216cb87b110947e7c9dbc
File name: JERSEYWORDPAD.EXE
Detection ratio: 50 / 65
Analysis date: 2019-02-25 00:31:10 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Razy.464232 20190224
AhnLab-V3 Trojan/Win32.Emotet.R253022 20190224
ALYac Gen:Variant.Razy.464232 20190224
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190224
Arcabit Trojan.Razy.D71568 20190224
Avast Win32:BankerX-gen [Trj] 20190224
AVG Win32:BankerX-gen [Trj] 20190224
Avira (no cloud) HEUR/AGEN.1038622 20190224
BitDefender Gen:Variant.Razy.464232 20190224
ClamAV Win.Malware.Emotet-6856874-0 20190224
Comodo Malware@#f60tbuxwis9o 20190224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.b5c9f0 20190109
Cylance Unsafe 20190224
Cyren W32/Emotet.NG.gen!Eldorado 20190224
DrWeb Trojan.DownLoader27.25429 20190224
eGambit Unsafe.AI_Score_92% 20190224
Emsisoft Gen:Variant.Razy.464232 (B) 20190224
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GOYX 20190224
F-Secure Heuristic.HEUR/AGEN.1038622 20190224
Fortinet W32/Kryptik.GPQL!tr 20190224
GData Gen:Variant.Razy.464232 20190224
Ikarus Trojan-Banker.Emotet 20190224
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005463c71 ) 20190223
K7GW Trojan ( 005463c71 ) 20190223
Kaspersky Trojan-Banker.Win32.Emotet.cbot 20190224
Malwarebytes Trojan.Emotet.Generic 20190224
MAX malware (ai score=87) 20190224
McAfee Emotet-FLI!A2B7B18B5C9F 20190224
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20190224
Microsoft Trojan:Win32/Emotet.DX 20190224
eScan Gen:Variant.Razy.464232 20190224
NANO-Antivirus Trojan.Win32.Emotet.fnemzi 20190224
Palo Alto Networks (Known Signatures) generic.ml 20190224
Panda Trj/CI.A 20190224
Qihoo-360 Win32/Trojan.BO.1f6 20190224
Rising Trojan.Kryptik!8.8 (CLOUD) 20190224
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190224
Symantec Trojan.Emotet 20190224
Tencent Win32.Trojan-banker.Emotet.Lmkl 20190224
Trapmine malicious.high.ml.score 20190123
VBA32 BScope.Trojan.Emotet 20190222
ViRobot Trojan.Win32.Z.Emotet.159744.BN 20190224
Webroot W32.Trojan.Emotet 20190224
Yandex Trojan.PWS.Emotet! 20190222
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cbot 20190224
AegisLab 20190224
Alibaba 20180921
Avast-Mobile 20190224
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190224
CMC 20190223
Jiangmin 20190224
Kingsoft 20190224
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190223
TheHacker 20190224
TotalDefense 20190224
Trustlook 20190224
Zoner 20190224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-24 01:01:11
Entry Point 0x00003E60
Number of sections 10
PE sections
PE imports
IsTokenRestricted
OpenProcessToken
GetTickCount64
SetTimeZoneInformation
GetSystemDefaultUILanguage
GetCommandLineW
GetCommMask
CreateMutexW
DeleteTimerQueueTimer
GetThreadTimes
GlobalMemoryStatusEx
DuplicateHandle
CancelSynchronousIo
GetCurrentThread
CheckMenuItem
TranslateMessage
SetProcessDefaultLayout
SetThreadDesktop
GetWindow
GetMenuDefaultItem
IsChild
SCardStatusA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE TRADITIONAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
6.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:01:24 02:01:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
14.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
147456

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3e60

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a2b7b18b5c9f0fd41ecbe31aa2b95a75
SHA1 de2a14edd749b9f8acaaae3c82f6f9a7170dd9f2
SHA256 d202ae813edeb5168c6bef46ced415e08d9d5136863216cb87b110947e7c9dbc
ssdeep
1536:Rp5yU2pwlHS589sICkCV9Mk6MZM+mkQhLxfW26z8oPFKL0+SnChSAy5+jguEsGTL:Rp5y5pCGICZB49LBzz4y01nCh1/w

authentihash 282c11d5f5f964aeaa107754da9c0a27484bf52394147c1f02e7be3e1b530ee4
imphash 7a07325a3b0b7d1620a817118f290bab
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-18 17:29:10 UTC ( 3 months, 1 week ago )
Last submission 2019-03-01 16:54:10 UTC ( 2 months, 3 weeks ago )
File names JERSEYWORDPAD.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!