× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d30ba814cb583c66c9eff444561638451ef82f02284f346c4c005819fd35b2cf
File name: SLSMONTANA.EXE
Detection ratio: 31 / 68
Analysis date: 2018-08-02 01:11:59 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180802
AhnLab-V3 Trojan/Win32.Emotet.R232549 20180801
Avast Win32:Malware-gen 20180801
AVG Win32:Malware-gen 20180801
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9691 20180801
CAT-QuickHeal Trojan.Emotet.X4 20180801
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180802
Cyren W32/Emotet.EK.gen!Eldorado 20180801
Emsisoft Trojan.Emotet (A) 20180802
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJKM 20180802
F-Prot W32/Emotet.EK.gen!Eldorado 20180802
Fortinet W32/Kryptik.GJKM!tr 20180801
GData Win32.Trojan-Spy.Emotet.DIKPUE 20180802
Ikarus Trojan.Win32.Crypt 20180801
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.baai 20180802
Malwarebytes Trojan.Emotet 20180801
McAfee Artemis!70290045C05A 20180802
McAfee-GW-Edition BehavesLike.Win32.Adware.ch 20180802
Palo Alto Networks (Known Signatures) generic.ml 20180802
Panda Trj/RnkBend.A 20180801
Qihoo-360 HEUR/QVM20.1.E14B.Malware.Gen 20180802
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180802
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180802
Symantec Packed.Generic.517 20180801
TrendMicro-HouseCall TROJ_GEN.R020H05H118 20180802
Webroot W32.Trojan.Emotet 20180802
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.baai 20180802
Ad-Aware 20180802
Alibaba 20180713
ALYac 20180801
Antiy-AVL 20180802
Arcabit 20180801
Avast-Mobile 20180801
Avira (no cloud) 20180801
AVware 20180727
Babable 20180725
BitDefender 20180802
Bkav 20180801
ClamAV 20180801
CMC 20180801
Comodo 20180801
Cybereason 20180225
DrWeb 20180802
eGambit 20180802
F-Secure 20180801
Jiangmin 20180801
K7AntiVirus 20180801
K7GW 20180802
Kingsoft 20180802
MAX 20180802
Microsoft 20180801
eScan 20180802
NANO-Antivirus 20180802
SUPERAntiSpyware 20180801
Symantec Mobile Insight 20180801
TACHYON 20180801
Tencent 20180802
TheHacker 20180730
TotalDefense 20180801
TrendMicro 20180802
Trustlook 20180802
VBA32 20180801
VIPRE 20180802
ViRobot 20180801
Yandex 20180731
Zillya 20180801
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x0001B348
Number of sections 6
PE sections
PE imports
CertAddCertificateLinkToStore
SetBitmapDimensionEx
GetTextCharset
EqualRgn
ConvertFiberToThread
lstrlenA
SwitchToThread
GetModuleHandleA
GetBinaryTypeA
GetCurrentThreadId
VerifyScripts
GetNamedPipeClientSessionId
InterlockedIncrement
VarUI1FromStr
RasRenameEntryW
SendMessageTimeoutA
SetScrollRange
DispatchMessageA
AnyPopup
PostThreadMessageA
GetDC
DeviceCapabilitiesW
g_rgSCardT1Pci
realloc
strncmp
OleDestroyMenuDescriptor
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1b348

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
114688

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 70290045c05a106bc03a46f505264ac4
SHA1 6b3d6764fc6d709dae59be08ea23abff3bfbdb9f
SHA256 d30ba814cb583c66c9eff444561638451ef82f02284f346c4c005819fd35b2cf
ssdeep
3072:F1qUYaH3k4LyuWjWcCd9H2b96mi94C15hVXEpoiLmChv5Bj:F1GaH03xjz+H2b894C1npmRB

authentihash 5f51f94cdb7aba74e0afac8a64b36450cca72037b078975f715aab97c76c7876
imphash b5c8aa8573cd8dd1ae8971bf5bd8952a
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-01 00:19:09 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-01 00:19:09 UTC ( 6 months, 3 weeks ago )
File names SLSMONTANA.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!