× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d99816a22bd433b4233781145d2f1d13b78d25b040b95ab7705848a3d90d4b92
File name: 130.exe
Detection ratio: 34 / 69
Analysis date: 2018-09-28 05:14:28 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40532553 20180928
Arcabit Trojan.Generic.D26A7A49 20180928
Avast FileRepMalware 20180927
AVG FileRepMalware 20180927
BitDefender Trojan.GenericKD.40532553 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180927
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180928
Emsisoft Trojan.GenericKD.40532553 (B) 20180928
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLDY 20180928
F-Secure Trojan.GenericKD.40532553 20180928
Fortinet W32/Kryptik.GLDY!tr 20180928
GData Win32.Trojan-Spy.Emotet.HJQX5S 20180928
Ikarus Win32.Outbreak 20180927
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180928
Kaspersky Trojan-Banker.Win32.Emotet.bfgb 20180928
Malwarebytes Trojan.Emotet 20180928
McAfee RDN/Generic.tfr 20180928
McAfee-GW-Edition BehavesLike.Win32.Emotet.dm 20180928
Microsoft Trojan:Win32/Emotet.AC!bit 20180928
eScan Trojan.GenericKD.40532553 20180928
Palo Alto Networks (Known Signatures) generic.ml 20180928
Qihoo-360 HEUR/QVM20.1.2643.Malware.Gen 20180928
Rising Trojan.Emotet!8.B95 (CLOUD) 20180928
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Troj/Emotet-AFJ 20180928
Symantec Trojan.Emotet 20180928
TrendMicro TROJ_GEN.USIR18 20180928
TrendMicro-HouseCall TROJ_GEN.USIR18 20180928
VBA32 Malware-Cryptor.Limpopo 20180927
VIPRE Trojan.Win32.Generic!BT 20180928
Webroot W32.Trojan.Emotet 20180928
AegisLab 20180928
AhnLab-V3 20180927
Alibaba 20180921
ALYac 20180928
Antiy-AVL 20180928
Avast-Mobile 20180927
Avira (no cloud) 20180928
AVware 20180925
Babable 20180918
Baidu 20180927
Bkav 20180927
ClamAV 20180928
CMC 20180928
Comodo 20180928
Cybereason 20180225
Cyren 20180928
DrWeb 20180928
eGambit 20180928
F-Prot 20180928
Jiangmin 20180928
K7AntiVirus 20180927
Kingsoft 20180928
MAX 20180928
NANO-Antivirus 20180928
Panda 20180927
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180928
Tencent 20180928
TheHacker 20180927
TotalDefense 20180925
Trustlook 20180928
ViRobot 20180927
Yandex 20180927
Zillya 20180927
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Microsoft® Windows® Operat
Original name DeviceMetadata
Internal name DeviceMetadata
File version 6.1.7600.16385 (win7_rtm.090713-125
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 16:46:23
Entry Point 0x0002E247
Number of sections 5
PE sections
PE imports
ImpersonateNamedPipeClient
SetPrivateObjectSecurity
QueryUsersOnEncryptedFile
SetTextAlign
StrokePath
GetSystemPaletteEntries
HeapCompact
DecodePointer
GetModuleHandleA
CreatePipe
GetSystemDefaultLCID
SetProcessShutdownParameters
GetSystemTimes
UnlockFileEx
FillConsoleOutputCharacterW
GetSystemPowerStatus
SetFileBandwidthReservation
CompareStringA
MprAdminInterfaceDisconnect
MprAdminInterfaceTransportRemove
MprConfigInterfaceTransportSetInfo
NetApiBufferSize
SafeArrayCopy
glEvalMesh1
RpcBindingSetAuthInfoW
SetupDiClassNameFromGuidExW
SetupDiSetDeviceInstallParamsA
StrRChrIW
UrlEscapeW
ToUnicodeEx
SendDlgItemMessageA
BeginDeferWindowPos
CharPrevA
RealGetWindowClassW
DrawIconEx
LoadCursorFromFileA
InsertMenuW
PtInRect
GetUrlCacheEntryInfoExW
CommitUrlCacheEntryW
InternetReadFileExA
waveOutSetVolume
mmioWrite
iswascii
localeconv
StgOpenStorageEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
30720

EntryPoint
0x2e247

OriginalFileName
DeviceMetadata

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights res

FileVersion
6.1.7600.16385 (win7_rtm.090713-125

TimeStamp
2018:09:27 09:46:23-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
DeviceMetadata

ProductVersion
6.1.7600.163

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
192512

ProductName
Microsoft Windows Operat

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1da9e321b4857c7ffc9e54a6449749c5
SHA1 efed3361ed0f28a0879def0d3b2dfce182ddad73
SHA256 d99816a22bd433b4233781145d2f1d13b78d25b040b95ab7705848a3d90d4b92
ssdeep
3072:eZb2xnX8zg3vzWRmP8FsCK0S5HaKsVKIEBa:eZKxX0g3vzWRmP8VK0SlaFVo

authentihash a3eb56ec8c260d991fc5542636cfa62aa62c85b3e3faa7b06a34ad00bca9da75
imphash 72ef8c598a4790dbc1bfff2f82acbe6f
File size 213.5 KB ( 218624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-27 16:56:50 UTC ( 4 months, 3 weeks ago )
Last submission 2019-02-13 12:44:09 UTC ( 4 days, 8 hours ago )
File names d99816a22bd433b4233781145d2f1d13b78d25b040b95ab7705848a3d90d4b92.exe
31384936.exe
74.exe
130.exe
58575287.exe
87893800.exe
19349615.exe
21216512.exe
89206269.exe
33010.exe
40035144.exe
11771.exe
DeviceMetadata
18381.exe
3940541.exe
6131503.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!