× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4e5bef50e0f473605fec025b6a8401e5976635453926bff92c9c8bb7aba6606
File name: failcab.exe
Detection ratio: 32 / 68
Analysis date: 2018-09-28 05:12:46 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31242377 20180928
Arcabit Trojan.Generic.D1DCB889 20180928
Avast FileRepMalware 20180927
AVG FileRepMalware 20180927
BitDefender Trojan.GenericKD.31242377 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180927
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180928
Emsisoft Trojan.GenericKD.31242377 (B) 20180928
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLDY 20180928
F-Secure Trojan.GenericKD.31242377 20180928
Fortinet W32/Kryptik.GLDY!tr 20180928
GData Win32.Trojan-Spy.Emotet.4AIPJ1 20180928
Ikarus Win32.Outbreak 20180927
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180928
Kaspersky Trojan-Banker.Win32.Emotet.bffz 20180928
Malwarebytes Trojan.Emotet 20180928
McAfee RDN/Generic.grp 20180928
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm 20180928
Microsoft Trojan:Win32/Emotet.AC!bit 20180928
eScan Trojan.GenericKD.31242377 20180928
Palo Alto Networks (Known Signatures) generic.ml 20180928
Qihoo-360 HEUR/QVM20.1.2643.Malware.Gen 20180928
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Troj/Emotet-AFI 20180928
Symantec Trojan.Emotet 20180928
TrendMicro TROJ_GEN.USIR18 20180928
TrendMicro-HouseCall TROJ_GEN.USIR18 20180928
VBA32 Malware-Cryptor.Limpopo 20180927
Webroot W32.Trojan.Emotet 20180928
AegisLab 20180928
AhnLab-V3 20180927
Alibaba 20180921
ALYac 20180928
Antiy-AVL 20180928
Avast-Mobile 20180927
Avira (no cloud) 20180928
AVware 20180925
Babable 20180918
Baidu 20180927
Bkav 20180927
ClamAV 20180928
CMC 20180928
Comodo 20180928
Cyren 20180928
DrWeb 20180928
eGambit 20180928
F-Prot 20180928
Jiangmin 20180928
K7AntiVirus 20180927
Kingsoft 20180928
MAX 20180928
NANO-Antivirus 20180928
Panda 20180927
Rising 20180928
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180928
Tencent 20180928
TheHacker 20180927
TotalDefense 20180925
Trustlook 20180928
VIPRE 20180928
ViRobot 20180927
Yandex 20180927
Zillya 20180927
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Microsoft® Windows® Operat
Original name DeviceMetadata
Internal name DeviceMetadata
File version 6.1.7600.16385 (win7_rtm.090713-125
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 16:45:25
Entry Point 0x0002E7E1
Number of sections 5
PE sections
PE imports
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
QueryUsersOnEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
HeapCompact
GetSystemPowerStatus
GetModuleHandleA
CreatePipe
GetSystemDefaultLCID
CompareStringA
UnlockFileEx
GetSystemTimes
FillConsoleOutputCharacterW
DecodePointer
SetFileBandwidthReservation
SetProcessShutdownParameters
MprConfigInterfaceTransportSetInfo
MprAdminInterfaceDisconnect
MprAdminInterfaceTransportRemove
NetApiBufferSize
SafeArrayCopy
glEvalMesh1
RpcBindingSetAuthInfoW
SetupDiClassNameFromGuidExW
SetupDiSetDeviceInstallParamsA
StrRChrIW
UrlEscapeW
ToUnicodeEx
CharPrevA
BeginDeferWindowPos
SendDlgItemMessageA
RealGetWindowClassW
DrawIconEx
LoadCursorFromFileA
InsertMenuW
PtInRect
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryW
InternetReadFileExA
waveOutSetVolume
mmioWrite
iswascii
localeconv
StgOpenStorageEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

InitializedDataSize
30720

ImageVersion
0.0

ProductName
Microsoft Windows Operat

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
DeviceMetadata

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-125

TimeStamp
2018:09:27 09:45:25-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
DeviceMetadata

ProductVersion
6.1.7600.163

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights res

MachineType
Intel 386 or later, and compatibles

CodeSize
194048

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x2e7e1

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ef853aab246535f92600e1c738a8e223
SHA1 6fcfc032c91664992bf94187c2b0026265f0fadf
SHA256 d4e5bef50e0f473605fec025b6a8401e5976635453926bff92c9c8bb7aba6606
ssdeep
6144:Hc77PBIEyyyyygWzzPX58iSpdyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy4F:qWzySe579v

authentihash 7867eb993221be075fb20f954766b2a30a7e4c232b794895763870b490bc9b3f
imphash 424af0f900d2ea3faccee3bfcd12a251
File size 214.5 KB ( 219648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-27 16:54:08 UTC ( 4 months, 3 weeks ago )
Last submission 2019-01-10 08:09:28 UTC ( 1 month, 1 week ago )
File names HgFKqYWs.exe
failcab.exe
etiOlIvhtnZ.exe
d2EtrzNziJsV.exe
DeviceMetadata
g8KoFx2pSz8.exe
Aag3kzE7zbx.exe
9qA11ZWKw.exe
yLYGRx8X.exe
unitysearcha.exe
rxwWjd5k.exe
DLjh5ONg.exe
Y9ysCGnof2P.exe
C$~Users~test~AppData~Local~Microsoft~Windows~computeneed.exe
EUvxNk9bidC.exe
mxUixa4SOtAQ.exe
C7mcyqzz.exe
v2TiUOCW8Tk.exe
ef853aab246535f92600e1c738a8e223
ziSeeSVYc6.exe
unitysearcha.exe
vmGJIh7jg5aF.exe
d4e5bef50e0f473605fec025b6a8401e5976635453926bff92c9c8bb7aba6606.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!