× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2d064d0cb582675ebb3b9cdf8bd131ffa730e7fcb7be37d872b9f659bb39e80
File name: 7kVg35RR3VtKYgwK.exe
Detection ratio: 41 / 71
Analysis date: 2019-01-16 04:12:51 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.40940521 20190115
AhnLab-V3 Trojan/Win32.Emotet.R251540 20190114
ALYac Trojan.Autoruns.GenericKD.40940521 20190115
Arcabit Trojan.Autoruns.Generic.D270B3E9 20190115
Avast Win32:BankerX-gen [Trj] 20190115
AVG Win32:BankerX-gen [Trj] 20190115
BitDefender Trojan.Autoruns.GenericKD.40940521 20190115
CAT-QuickHeal Trojan.Emotet.X4 20190116
Comodo Malware@#v3tp8rn1ezsp 20190114
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190116
Cyren W32/Trojan.ZOKT-0330 20190115
Emsisoft Trojan.Autoruns.GenericKD.40940521 (B) 20190114
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOQU 20190116
Fortinet W32/GenKryptik.CWGN!tr 20190114
GData Trojan.Autoruns.GenericKD.40940521 20190115
Ikarus Trojan.Win32.Krypt 20190115
Sophos ML heuristic 20181128
K7GW Trojan ( 005454eb1 ) 20190115
Kaspersky Trojan-Banker.Win32.Emotet.byzo 20190115
Malwarebytes Trojan.Emotet 20190115
MAX malware (ai score=100) 20190116
McAfee RDN/Generic.hra 20190115
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190115
Microsoft Trojan:Win32/Emotet.F 20190114
eScan Trojan.Autoruns.GenericKD.40940521 20190115
NANO-Antivirus Virus.Win32.Gen.ccmw 20190116
Palo Alto Networks (Known Signatures) generic.ml 20190116
Panda Trj/GdSda.A 20190116
Qihoo-360 Win32/Trojan.5a7 20190116
Rising Trojan.Emotet!8.B95 (CLOUD) 20190116
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190116
Symantec Trojan.Emotet 20190115
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.SMTHGC.hp 20190115
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHGC.hp 20190115
ViRobot Trojan.Win32.Z.Agent.200704.AXB 20190115
Webroot W32.Trojan.Emotet 20190116
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.byzo 20190115
Acronis 20190111
AegisLab 20190115
Alibaba 20180921
Antiy-AVL 20190115
Avast-Mobile 20190115
Avira (no cloud) 20190115
Babable 20180918
Baidu 20190115
Bkav 20190108
ClamAV 20190115
CMC 20190114
Cybereason 20190109
DrWeb 20190114
eGambit 20190116
F-Prot 20190115
F-Secure 20190114
Jiangmin 20190115
K7AntiVirus 20190115
Kingsoft 20190116
SUPERAntiSpyware 20190109
TACHYON 20190115
Tencent 20190116
TheHacker 20190115
TotalDefense 20190115
Trustlook 20190116
VBA32 20190115
VIPRE 20190115
Yandex 20190111
Zillya 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1995-2003 Ahead Software and its licensors

Product Nero Burning ROM
File version 6, 3, 0, 2
Description Nero Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-12 03:00:32
Entry Point 0x00004ECE
Number of sections 4
PE sections
PE imports
GetCurrentHwProfileW
CreateProcessWithLogonW
IsWellKnownSid
CM_Get_DevNode_Registry_PropertyA
GetTextCharsetInfo
CreatePalette
DPtoLP
GetFontUnicodeRanges
GetUserDefaultUILanguage
HeapFree
LoadLibraryW
HeapAlloc
FindNLSString
GlobalUnlock
GetFileAttributesW
GetLocalTime
OpenFile
GetCurrentProcess
EnumSystemLocalesA
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
GetDateFormatW
MultiByteToWideChar
GetFileInformationByHandle
GlobalLock
GetProcessHeap
CreateFileMappingW
MapViewOfFile
GetTimeFormatW
CreateThread
GetModuleFileNameW
SetDefaultCommConfigA
InterlockedExchange
GetCommTimeouts
Wow64RevertWow64FsRedirection
QueryIdleProcessorCycleTime
GetModuleHandleW
GetBinaryTypeA
FormatMessageW
IsWow64Process
FreeLibraryAndExitThread
UnmapViewOfFile
GlobalAlloc
FindResourceA
LZSeek
LZInit
BSTR_UserUnmarshal
SetupDiGetINFClassW
StrPBrkW
PathIsFileSpecW
FreeCredentialsHandle
RegisterWindowMessageW
GetForegroundWindow
UpdateWindow
GetMessageW
DefWindowProcW
FindWindowW
PostQuitMessage
SetWinEventHook
MessageBeep
SetWindowPos
GetSystemMetrics
IsIconic
PeekMessageW
EnableWindow
SetWindowPlacement
MoveWindow
DialogBoxParamW
LoadIconW
PostMessageW
SetActiveWindow
GetDC
CreateDialogParamW
CharNextExA
GetWindowLongW
GetWindowPlacement
SetWindowLongW
SetScrollPos
InvalidateRect
GetWindowLongA
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
GetKeyboardLayout
GetWindowTextW
CharUpperW
LoadCursorW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
CloseClipboard
DestroyWindow
SetCursor
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
GERMAN 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
6, 3, 0, 2b

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.0.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Nero Library

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
167936

EntryPoint
0x4ece

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1995-2003 Ahead Software and its licensors

FileVersion
6, 3, 0, 2

TimeStamp
2019:01:11 19:00:32-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6, 3, 0, 2

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ahead Software AG

CodeSize
0

ProductName
Nero Burning ROM

ProductVersionNumber
6.3.0.2

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9d713bfa78405d3663e5f186975a1beb
SHA1 0161e5ee58f1028cbeb17375e5cd218c58028f27
SHA256 d2d064d0cb582675ebb3b9cdf8bd131ffa730e7fcb7be37d872b9f659bb39e80
ssdeep
3072:+m0vbf47o/9FatojBIR8bz3qCnRSCFHniFJIbo:1S3Wu90QDqMRO2

authentihash f76975215a3474b053f31564609419a2d5bacdc2a598cadb8bda0c8b81fc9e57
imphash 5bf16dac20946a75d35de7e27bc084cd
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 20:01:39 UTC ( 1 month, 1 week ago )
Last submission 2019-01-14 14:07:49 UTC ( 1 month, 1 week ago )
File names Rej6Y0HQsztJ.exe
7kVg35RR3VtKYgwK.exe
e6hvM4RK28tGCxm.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!