× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da400228e69ac55bb77f85ba77aa01a9ef80486d128779ff711ae1d3f6c3dfda
File name: 04.exe
Detection ratio: 29 / 67
Analysis date: 2018-06-28 20:32:55 UTC ( 7 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31023097 20180628
ALYac Trojan.Agent.Emotet 20180628
Arcabit Trojan.Generic.D1D95EFE 20180628
Avast FileRepMalware 20180628
AVG FileRepMalware 20180628
Avira (no cloud) TR/AD.Emotet.EE 20180628
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9967 20180628
BitDefender Trojan.Autoruns.GenericKDS.31023097 20180628
Comodo Heur.Packed.Unknown 20180628
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cyren W32/Emotet.DF.gen!Eldorado 20180628
Emsisoft Trojan.Emotet (A) 20180628
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIHC 20180628
F-Prot W32/Emotet.DF.gen!Eldorado 20180628
F-Secure Trojan.Autoruns.GenericKDS.31023097 20180628
Fortinet W32/Kryptik.FVEZ!tr 20180628
GData Trojan.Autoruns.GenericKDS.31023097 20180628
K7GW Hacktool ( 700007861 ) 20180628
Kaspersky UDS:DangerousObject.Multi.Generic 20180628
Malwarebytes Trojan.Emotet 20180628
MAX malware (ai score=84) 20180628
McAfee Emotet-FHP!45E6E6F58741 20180628
McAfee-GW-Edition BehavesLike.Win32.Dropper.ct 20180628
eScan Trojan.Autoruns.GenericKDS.31023097 20180628
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgIZp+gbA8+aIQ) 20180628
Symantec Packed.Generic.517 20180628
Webroot W32.Trojan.Emotet 20180628
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180628
AegisLab 20180628
AhnLab-V3 20180628
Alibaba 20180628
Antiy-AVL 20180628
Avast-Mobile 20180628
AVware 20180628
Babable 20180406
Bkav 20180628
CAT-QuickHeal 20180628
ClamAV 20180628
CMC 20180628
Cybereason 20180225
Cylance 20180628
DrWeb 20180628
eGambit 20180628
Ikarus 20180628
Sophos ML 20180601
Jiangmin 20180628
K7AntiVirus 20180628
Kingsoft 20180628
Microsoft 20180628
NANO-Antivirus 20180628
Palo Alto Networks (Known Signatures) 20180628
Panda 20180628
Qihoo-360 20180628
SentinelOne (Static ML) 20180618
Sophos AV 20180628
SUPERAntiSpyware 20180628
Symantec Mobile Insight 20180626
TACHYON 20180628
Tencent 20180628
TheHacker 20180628
TrendMicro 20180628
TrendMicro-HouseCall 20180628
Trustlook 20180628
VBA32 20180628
VIPRE 20180628
ViRobot 20180628
Yandex 20180628
Zillya 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-28 05:20:17
Entry Point 0x00001014
Number of sections 6
PE sections
Overlays
MD5 692c8022360661692872fdc730517229
File type ASCII text
Offset 195584
Size 3
Entropy 1.58
PE imports
PtVisible
GetThreadId
GetUserDefaultLCID
GetTickCount
GetVersion
VarCyMul
VarCyCmp
CallMsgFilterW
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
25088

EntryPoint
0x1014

MIMEType
application/octet-stream

TimeStamp
2018:06:28 06:20:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
174080

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 45e6e6f587412f646e6405248eaf2d59
SHA1 c0f073bb29eca207506b444fdf15c054472998dc
SHA256 da400228e69ac55bb77f85ba77aa01a9ef80486d128779ff711ae1d3f6c3dfda
ssdeep
1536:XKcuJa6ERJCc6fp40cq+0gPvgUVhteeVZwHpDtlP57vm7Bmi1FsC:vkCRJCNlGJngUVhteeVZipV7viN

authentihash 768f20598e989ab3b2a727aebd803a1ffee9dbf57d21546b4aface90b4515f50
imphash ab12496bdbe2f238b3132b13efea8706
File size 191.0 KB ( 195587 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-28 20:32:55 UTC ( 7 months, 4 weeks ago )
Last submission 2018-09-14 02:38:35 UTC ( 5 months, 1 week ago )
File names 04.exe
0628(12).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!