× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d779486728df91d88ab5137aed79d552a2febaf7511dfd24a811c2a81026bb89
Detection ratio: 18 / 68
Analysis date: 2017-11-29 18:02:58 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171129
AVG FileRepMalware 20171129
Avira (no cloud) TR/Crypt.ZPACK.svufu 20171129
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171129
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.fed0f9 20171103
Cylance Unsafe 20171129
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/GenKryptik.BGCV 20171129
Fortinet W32/Kryptik.FZTF!tr 20171129
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171129
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20171129
Qihoo-360 HEUR/QVM20.1.82C3.Malware.Gen 20171129
SentinelOne (Static ML) static engine - malicious 20171113
Symantec Trojan.Emotet 20171129
Webroot W32.Trojan.Emotet 20171129
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171129
Ad-Aware 20171129
AegisLab 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast-Mobile 20171129
AVware 20171129
BitDefender 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
F-Prot 20171129
F-Secure 20171129
GData 20171129
Ikarus 20171129
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Panda 20171129
Rising 20171129
Sophos AV 20171129
SUPERAntiSpyware 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TotalDefense 20171129
TrendMicro 20171129
TrendMicro-HouseCall 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Config JB C

Product Config Toolzz JB
Original name config
Internal name jb
File version 6.1.7600.
Description JB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-29 23:42:40
Entry Point 0x000018C0
Number of sections 7
PE sections
PE imports
DeregisterEventSource
CM_Get_First_Log_Conf
GetTickCount64
GetSystemTime
GetLastError
CreateThread
lstrlenA
lstrcmpA
ContinueDebugEvent
OpenMutexA
GetSystemDefaultLCID
Sleep
WaitForSingleObject
GetCurrentThreadId
CloseHandle
DsMakePasswordCredentialsW
SysFreeString
VarI4FromUI1
SysAllocString
SetupDiGetClassDevPropertySheetsW
wsprintfA
GetSystemMetrics
CountClipboardFormats
AnyPopup
CharNextA
GetFocus
AddMonitorA
IsValidURL
Number of PE resources by type
RT_DIALOG 15
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 18
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.1

LinkerVersion
12.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x18c0

OriginalFileName
config

MIMEType
application/octet-stream

LegalCopyright
Config JB C

FileVersion
6.1.7600.

TimeStamp
2017:11:30 00:42:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jb

ProductVersion
6.1.7600.

FileDescription
JB

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Config Toolzz

CodeSize
0

ProductName
Config Toolzz JB

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3f0b1cbb64d643cdb62c3bf965ab33f0
SHA1 e2449d0fed0f97fc81fc03b9d5377f13c1ffde7b
SHA256 d779486728df91d88ab5137aed79d552a2febaf7511dfd24a811c2a81026bb89
ssdeep
1536:BeKKMUxF+KyJ+jiCnxXS+CKLddCt883uGJuDJP84uajnF2VWfIwr2vGqzt:IyUX+K7WCxjCKLdUV3fuDJP8SFT78

authentihash dcc0e3d434e56c5e9b77e44c8367f7d27aa5401c1513f06d1571c51e5f90c59e
imphash 1aa5aef0d48e1bc63caf513a2bc22207
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-29 14:46:28 UTC ( 6 months, 3 weeks ago )
Last submission 2018-05-08 03:56:17 UTC ( 1 month, 2 weeks ago )
File names emotet payload
ae.exe
qgrHFpltNq.exe
1002-e2449d0fed0f97fc81fc03b9d5377f13c1ffde7b
output.112620335.txt
qiz.exe
b.exe
adr.exe
e2449d0fed0f97fc81fc03b9d5377f13c1ffde7b.exe
3f0b1cbb64d643cdb62c3bf965ab33f0.virobj
qn.exe
17_Q3QvIgjqPo01b7HF.ex_
config
r.exe
jb
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!