× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3d73984cfc1f9300234bc7a7870f97f8e48fc400c8744422357afe4eb1e7373
File name: QHoZ.exe
Detection ratio: 21 / 68
Analysis date: 2018-11-28 06:04:55 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181128
ClamAV Win.Trojan.Emotet-6715185-2 20181127
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181128
Emsisoft Trojan.Emotet (A) 20181128
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CSJR 20181128
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181128
Malwarebytes Trojan.Emotet 20181128
McAfee Emotet-FKN!8EC129A7D708 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.gt 20181128
Microsoft Trojan:Win32/Emotet.AC!bit 20181127
Palo Alto Networks (Known Signatures) generic.ml 20181128
Qihoo-360 HEUR/QVM19.1.7FB2.Malware.Gen 20181128
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181128
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.moderate.ml.score 20181126
VBA32 BScope.Trojan.Refinka 20181127
Webroot W32.Trojan.Emotet 20181128
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181128
Ad-Aware 20181128
AegisLab 20181128
AhnLab-V3 20181127
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181127
Avast 20181128
Avast-Mobile 20181127
Avira (no cloud) 20181127
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181127
CAT-QuickHeal 20181127
CMC 20181127
Comodo 20181128
Cybereason 20180225
Cyren 20181128
DrWeb 20181128
eGambit 20181128
F-Prot 20181128
F-Secure 20181128
Fortinet 20181128
Ikarus 20181127
Jiangmin 20181128
K7AntiVirus 20181128
K7GW 20181128
Kingsoft 20181128
MAX 20181128
eScan 20181128
NANO-Antivirus 20181128
Panda 20181127
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181128
ViRobot 20181128
Yandex 20181127
Zillya 20181127
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation

Product Microsoft®
Internal name securit
File version 3.00.
Description V
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 02:20:46
Entry Point 0x00063C61
Number of sections 5
PE sections
PE imports
AreFileApisANSI
GetCurrentProcess
GetUserDefaultLangID
GetModuleHandleA
SetFileApisToOEM
GetNamedPipeClientProcessId
GetTimeZoneInformation
GetTickCount
SetFileApisToANSI
ExpandEnvironmentStringsA
LZSeek
MprAdminTransportSetInfo
DdeConnect
timeGetTime
CryptCATOpen
WSACancelAsyncRequest
SCardForgetCardTypeW
RtlCaptureStackBackTrace
CoInvalidateRemoteMachineBindings
PdhSetDefaultRealTimeDataSource
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.1

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
V

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
53248

EntryPoint
0x63c61

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation

FileVersion
3.00.

TimeStamp
2018:11:28 03:20:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
securit

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S Corpora

CodeSize
689152

ProductName
Microsoft

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8ec129a7d70829ba6ce288460c79c942
SHA1 0e2697e6ddfad86ba1824a3bd5cd5c9d723b99e7
SHA256 d3d73984cfc1f9300234bc7a7870f97f8e48fc400c8744422357afe4eb1e7373
ssdeep
3072:RW1gwsSzb8VcU76tSyPWp2p2ENLiaJI0NM6Ydefz3:Q1gwpGcclCmW2ENLHNM67

authentihash edc8c16f5c1f74107542c768dda580446b50444aa27fbaee7ee3ea39c9b42a72
imphash 50c37f1a0c3f1147206f556b7390f551
File size 448.0 KB ( 458752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 02:30:24 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-21 20:57:16 UTC ( 2 months ago )
File names 8ec129a7d70829ba6ce288460c79c942
8ec129a7d70829ba6ce288460c79c942
QHoZ.exe
securit
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!