× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd7d4f422f50394030542b8961b2c051438626320a4af5818b7bb14f1430c2c7
File name: dd7d4f422f50394030542b8961b2c051438626320a4af5818b7bb14f1430c2c7
Detection ratio: 46 / 70
Analysis date: 2018-12-17 01:05:52 UTC ( 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DLLE 20181216
AegisLab Trojan.Multi.Generic.4!c 20181214
ALYac Trojan.Agent.Emotet 20181216
Arcabit Trojan.Agent.DLLE 20181216
Avast Win32:BankerX-gen [Trj] 20181216
AVG Win32:BankerX-gen [Trj] 20181216
Avira (no cloud) TR/AD.Emotet.dmrct 20181216
BitDefender Trojan.Agent.DLLE 20181216
CAT-QuickHeal Trojan.Emotet.X4 20181216
Comodo Malware@#20x6x1qa7495d 20181216
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.e39f30 20180225
Cylance Unsafe 20181217
Cyren W32/Emotet.KU.gen!Eldorado 20181216
Emsisoft Trojan.Agent.DLLE (B) 20181216
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNVA 20181216
F-Prot W32/Emotet.KU.gen!Eldorado 20181216
F-Secure Trojan.Agent.DLLE 20181216
Fortinet W32/Emotet.BVCB!tr 20181216
GData Trojan.Agent.DLLE 20181216
Ikarus Trojan.Agent 20181216
Sophos ML heuristic 20181128
K7GW Trojan ( 00543b931 ) 20181216
Kaspersky Trojan-Banker.Win32.Emotet.bvcb 20181216
Malwarebytes Trojan.Emotet 20181216
MAX malware (ai score=100) 20181217
McAfee RDN/Generic.dx 20181216
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181216
Microsoft Trojan:Win32/Emotet.AC!bit 20181216
eScan Trojan.Agent.DLLE 20181216
Palo Alto Networks (Known Signatures) generic.ml 20181217
Panda Trj/GdSda.A 20181216
Qihoo-360 Win32/Trojan.410 20181217
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181216
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181216
Symantec Trojan.Emotet 20181216
Tencent Win32.Trojan-banker.Emotet.Stai 20181217
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABADAH 20181216
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABADAH 20181217
VBA32 BScope.Trojan.Refinka 20181214
VIPRE Win32.Malware!Drop 20181216
Webroot W32.Trojan.Gen 20181217
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvcb 20181216
AhnLab-V3 20181216
Alibaba 20180921
Antiy-AVL 20181216
Avast-Mobile 20181216
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181216
CMC 20181216
DrWeb 20181216
eGambit 20181217
Jiangmin 20181216
K7AntiVirus 20181216
Kingsoft 20181217
NANO-Antivirus 20181216
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181214
TheHacker 20181216
TotalDefense 20181216
Trustlook 20181217
ViRobot 20181217
Yandex 20181214
Zillya 20181215
Zoner 20181216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corpor

Product Micro
Internal name DDODiag
File version 6.1.7600.16
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-14 03:00:49
Entry Point 0x000070BF
Number of sections 5
PE sections
PE imports
SetSecurityAccessMask
RegUnLoadKeyW
CertDuplicateCTLContext
GetCharacterPlacementA
GetTempFileNameW
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetPriorityClass
FileTimeToLocalFileTime
GetEnvironmentStrings
SetThreadPriority
LockResource
DisableThreadLibraryCalls
SetConsoleCursorPosition
GetSystemDirectoryA
GetModuleHandleW
MprInfoBlockAdd
MprConfigGetGuidName
PathMakePrettyW
EndDialog
ShutdownBlockReasonDestroy
RegisterDeviceNotificationA
DestroyWindow
GetPrinterDriverDirectoryW
WSACleanup
WSACancelAsyncRequest
Ord(29)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
36864

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x70bf

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corpor

FileVersion
6.1.7600.16

TimeStamp
2018:12:13 19:00:49-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
DDODiag

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpo

LegalTrademarks
Mozilla, Netscape

ProductName
Micro

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5064f6a3a7384591153d31ba37ad17de
SHA1 09dfdcbe39f3019192657a667675ee044659848c
SHA256 dd7d4f422f50394030542b8961b2c051438626320a4af5818b7bb14f1430c2c7
ssdeep
3072:/boYR5XTNI7GKNlqpEbJnaMoFH/UcqsKNqEO:/bos5jIGKXqpEbFjPvNqE

authentihash 7076c0fcd1e30f9c7f7d605408255971a4654c32cf67e4acb52baf9c1e5f981a
imphash 6be0eacba35b9e7a40f62581e9708087
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-13 19:06:24 UTC ( 2 months, 1 week ago )
Last submission 2018-12-14 15:53:03 UTC ( 2 months, 1 week ago )
File names 385.exe
36.exe
DDODiag
437.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!