× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc2b947592bb32cacb6b770656854c077606a8f6a7f7fe9bcb269a320416ce0b
File name: (12).exe
Detection ratio: 31 / 67
Analysis date: 2018-06-15 22:13:17 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30976700 20180615
Arcabit Trojan.Generic.D1D8AABC 20180615
Avast Win32:Malware-gen 20180615
AVG Win32:Malware-gen 20180615
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
BitDefender Trojan.GenericKD.30976700 20180615
Bkav W32.eHeur.Malware12 20180615
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.03fa8a 20180225
Cylance Unsafe 20180615
Cyren W32/Trojan.STBW-0858 20180615
DrWeb Trojan.EmotetENT.242 20180615
Emsisoft Trojan.GenericKD.30976700 (B) 20180615
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHUU 20180615
F-Prot W32/Emotet.RL 20180615
F-Secure Trojan.GenericKD.30976700 20180615
Fortinet W32/Kryptik.GHOF!tr 20180615
GData Trojan.GenericKD.30976700 20180615
Ikarus Trojan-Banker.Emotet 20180615
Malwarebytes Trojan.Emotet 20180615
MAX malware (ai score=86) 20180615
McAfee Artemis!38FA226919D8 20180615
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch 20180615
Microsoft Trojan:Win32/Fuery.B!cl 20180615
eScan Trojan.GenericKD.30976700 20180615
Qihoo-360 HEUR/QVM20.1.DCCE.Malware.Gen 20180615
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180615
Symantec ML.Attribute.HighConfidence 20180615
Webroot W32.Trojan.Emotet 20180615
AegisLab 20180615
AhnLab-V3 20180615
Alibaba 20180615
ALYac 20180615
Antiy-AVL 20180615
Avast-Mobile 20180614
Avira (no cloud) 20180615
AVware 20180615
Babable 20180406
CAT-QuickHeal 20180615
ClamAV 20180615
CMC 20180615
Comodo 20180615
eGambit 20180615
Sophos ML 20180601
Jiangmin 20180615
K7AntiVirus 20180615
K7GW 20180615
Kaspersky 20180615
Kingsoft 20180615
NANO-Antivirus 20180615
Palo Alto Networks (Known Signatures) 20180615
Panda 20180615
Rising 20180615
SUPERAntiSpyware 20180615
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180615
TheHacker 20180613
TrendMicro 20180615
TrendMicro-HouseCall 20180615
Trustlook 20180615
VBA32 20180615
VIPRE 20180615
ViRobot 20180615
Yandex 20180615
Zillya 20180615
ZoneAlarm by Check Point 20180615
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-17 17:53:43
Entry Point 0x00001433
Number of sections 5
PE sections
Overlays
MD5 692c8022360661692872fdc730517229
File type ASCII text
Offset 126976
Size 3
Entropy 1.58
PE imports
ImpersonateNamedPipeClient
EncryptionDisable
GetNumberOfEventLogRecords
SetWindowOrgEx
SetMapMode
LocalLock
GetSystemDefaultLocaleName
GetThreadPriority
GetNumaAvailableMemoryNode
GetFileSize
SetCurrentDirectoryW
OpenProcess
ChangeTimerQueueTimer
FatalAppExitA
GetSystemTimeAsFileTime
lstrcmpW
IsNLSDefinedString
CloseHandle
RpcBindingCopy
PathGetDriveNumberW
InflateRect
GetDoubleClickTime
IsWindowVisible
GetClipboardData
TranslateMDISysAccel
SCardGetStatusChangeW
Number of PE resources by type
RT_BITMAP 2
RT_STRING 2
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:17 18:53:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
5.0

EntryPoint
0x1433

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
53248

File identification
MD5 38fa226919d86e02ffd70bfd2d1d92ff
SHA1 8450f8603fa8a1d0f8e083659c2122605d13123a
SHA256 dc2b947592bb32cacb6b770656854c077606a8f6a7f7fe9bcb269a320416ce0b
ssdeep
3072:eecplDES+5vMi8gOdv8oLqI6KDuFoMfPD5jmrULptM6:eecp5pcMiu3A6KlL

authentihash 47a4d07d8e8dd65c741a1b3e3aa37df688de6fee9fb86d76c46ecba7718bac43
imphash 9d9eefe4c82b76abef8a7b377819fb65
File size 124.0 KB ( 126979 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-15 22:13:17 UTC ( 8 months, 1 week ago )
Last submission 2018-06-15 22:13:17 UTC ( 8 months, 1 week ago )
File names (12).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!