Antivirus scan for d7d58dc6412020196e8b3ffea05a97fd65b6486716bdba8215486b5ef1d52e17 at 2018-06-05 16:54:44 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.GenericKD.30921270	20180605
AhnLab-V3	Trojan/Win32.Emotet.R229707	20180605
ALYac	Trojan.Agent.Emotet	20180605
Antiy-AVL	Trojan[Banker]/Win32.Emotet	20180605
Arcabit	Trojan.Generic.D1D7D236	20180605
Avast	Win32:Malware-gen	20180605
AVG	Win32:Malware-gen	20180605
Avira (no cloud)	TR/AD.Emotet.jktqx	20180605
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180605
BitDefender	Trojan.GenericKD.30921270	20180605
CAT-QuickHeal	Trojan.Drixed.100454	20180605
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20180202
Cylance	Unsafe	20180605
Cyren	W32/Trojan.EWIJ-0958	20180605
DrWeb	Trojan.Emotet.226	20180605
Emsisoft	Trojan.GenericKD.30921270 (B)	20180605
Endgame	malicious (high confidence)	20180507
ESET-NOD32	Win32/Emotet.BK	20180605
F-Secure	Trojan.GenericKD.30921270	20180605
Fortinet	W32/GenKryptik.CAZQ!tr	20180605
GData	Win32.Trojan-Spy.Emotet.QX	20180605
Ikarus	Trojan.Win32.Emotet	20180605
Sophos ML	heuristic	20180601
Kaspersky	Trojan-Banker.Win32.Emotet.aqie	20180605
Malwarebytes	Spyware.Emotet	20180605
MAX	malware (ai score=96)	20180605
McAfee	Emotet-FHK!5CB852BB4753	20180605
McAfee-GW-Edition	Artemis!Trojan	20180605
eScan	Trojan.GenericKD.30921270	20180605
Palo Alto Networks (Known Signatures)	generic.ml	20180605
Panda	Trj/Genetic.gen	20180605
Qihoo-360	HEUR/QVM20.1.9EDF.Malware.Gen	20180605
SentinelOne (Static ML)	static engine - malicious	20180225
Sophos AV	Mal/EncPk-ANX	20180605
Symantec	Trojan.Emotet	20180605
TrendMicro	TSPY_EMOTET.THFOEAH	20180605
TrendMicro-HouseCall	TSPY_EMOTET.THFOEAH	20180605
VBA32	BScope.TrojanBanker.Emotet	20180605
Webroot	W32.Trojan.Emotet	20180605
ZoneAlarm by Check Point	Trojan-Banker.Win32.Emotet.aqie	20180605
AegisLab		20180605
Alibaba		20180604
Avast-Mobile		20180605
AVware		20180605
Babable		20180406
Bkav		20180605
ClamAV		20180605
CMC		20180605
Comodo		20180604
Cybereason
eGambit		20180605
F-Prot		20180605
Jiangmin		20180605
K7AntiVirus		20180605
K7GW		20180605
Kingsoft		20180605
Microsoft		20180605
NANO-Antivirus		20180605
Rising		20180605
SUPERAntiSpyware		20180605
Symantec Mobile Insight		20180605
TACHYON		20180605
Tencent		20180605
TheHacker		20180605
TotalDefense		20180605
Trustlook		20180605
VIPRE		20180605
ViRobot		20180605
Yandex		20180529
Zillya		20180605
Zoner		20180605

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2018-06-04 14:10:14

Entry Point 0x000012A9

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 9028 12288 5.08 be4d416794db060ee0cfd375ab5a38a2

.rdata 16384 151090 151552 5.81 9d1ad7ef73f4e028d3a29786aef93ba8

.pdata 167936 18804 16384 5.67 76c186a5ef0935c15b66b0f336adc177

.rsrc 188416 10552 12288 3.95 c10dbe6677acbf1510bdfa6079850550

.reloc 200704 5544 8192 4.86 d388f8f7f8d3bd2880d5a3c8ebcb48ff

PE imports

[+] KERNEL32.dll

[+] USER32.dll

[+] WinSCard.dll

Number of PE resources by type

RT_BITMAP 2

RT_STRING 2

RT_DIALOG 1

Number of PE resources by language

NEUTRAL 5

PE resources

2a84497f9b789a157cb015007af803dc6492d9e763d730eb3254b737b9463109 data

460532c82070521b09213c1e85cde0ef99fcb0a7a55075b8e1851ea712f00f7b data

86972be5229ebdcab788bb5ec77234a62f7a591aeb34e1e6f25b1f95bab43f34 ASCII text

aa9cb8eca27bd3fc69b9e1f60c9729e4291aa74cc717a7368ffaa15d394bd617 data

f19acd5a46d79a6ca568d722316468fb040a66b94e6bbdf55363e9e4aaff6d4f ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Mon Jun 4 14:10:14 2018 166992 34 Bytes

12 (12) Mon Jun 4 14:10:14 2018 167116 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2018:06:04 15:10:14+01:00

FileType

Win32 EXE

PEType

PE32

CodeSize

12288

LinkerVersion

16.1

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x12a9

InitializedDataSize

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

5.0

UninitializedDataSize

135168

File identification

MD5 5cb852bb475371db85388e342752deb5

SHA1 9b53455e11f2e65395f5b6c6ea55ffe03902f1a8

SHA256 d7d58dc6412020196e8b3ffea05a97fd65b6486716bdba8215486b5ef1d52e17

ssdeep

3072:9AdO1xOnDEj5//nzcdq+Y6FWs+asOuu/ppo4JiAf5qa+Lg8PfpOT:+o6AVXnznsFH+ae4pG4lQ

authentihash e8b122e04fe01b96f9adb071106269c29b9453ccbaa4c31445eaf3d521493f30

imphash 9c3f200e4a84dbf42dc664b2e387d37a

File size 200.0 KB ( 204800 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-06-04 14:27:33 UTC ( 8 months, 2 weeks ago )

Last submission 2018-06-05 16:54:44 UTC ( 8 months, 2 weeks ago )

File names

5087.exe
426be62fdf8f2d36d7527abb770d0506e399d5f3
4687.exe

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

SHA256:	d7d58dc6412020196e8b3ffea05a97fd65b6486716bdba8215486b5ef1d52e17
File name:	426be62fdf8f2d36d7527abb770d0506e399d5f3
Detection ratio:	40 / 68
Analysis date:	2018-06-05 16:54:44 UTC ( 8 months, 2 weeks ago ) View latest

Ciphered bundle