× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dea1aefd0b7f0ee52eae7ec1b488149e654903e99059514bbba09d5564717452
File name: dea1aefd0b7f0ee52eae7ec1b488149e654903e99059514bbba09d5564717452
Detection ratio: 21 / 68
Analysis date: 2019-01-18 01:49:38 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Gen:Variant.Emotet.62 20190118
Arcabit Trojan.Emotet.62 20190118
Avast FileRepMalware 20190118
AVG Win32:BankerX-gen [Trj] 20190118
Bkav HW32.Packed. 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.c9e0ac 20190109
eGambit Unsafe.AI_Score_85% 20190118
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190117
Microsoft Trojan:Win32/Emotet.AC!bit 20190117
NANO-Antivirus Virus.Win32.Gen.ccmw 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190118
Qihoo-360 HEUR/QVM19.1.9E89.Malware.Gen 20190118
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgGAfkeubQottA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190117
Trapmine malicious.high.ml.score 20190103
Webroot W32.Trojan.Emotet 20190118
AegisLab 20190118
AhnLab-V3 20190118
Alibaba 20180921
ALYac 20190118
Antiy-AVL 20190118
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Comodo 20190118
Cyren 20190117
DrWeb 20190117
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190117
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190118
Malwarebytes 20190117
MAX 20190118
McAfee 20190117
eScan 20190117
Panda 20190117
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190118
Tencent 20190118
TheHacker 20190115
TrendMicro 20190117
TrendMicro-HouseCall 20190118
Trustlook 20190118
VBA32 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190117
ZoneAlarm by Check Point 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 1998-2001. All rights reserved.

Product Microsoft .NET Framework
Original name IEHost.exe
Internal name IEHOST.EXE
File version 1.0.3705.6018
Description Microsoft IE hosting interface
Comments Microsoft IE hosting interface
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 01:21:34
Entry Point 0x00002BF2
Number of sections 4
PE sections
PE imports
GetTokenInformation
LookupPrivilegeNameW
InitiateSystemShutdownA
GetFileSecurityW
LookupPrivilegeDisplayNameW
CryptHashSessionKey
LookupAccountNameA
EnumServicesStatusExW
GetSidIdentifierAuthority
GetSecurityDescriptorControl
GetCurrentHwProfileA
GetPrivateObjectSecurity
GetUserNameA
GetServiceDisplayNameA
GetSidSubAuthorityCount
GetCurrentHwProfileW
IsTextUnicode
DecryptFileW
GetFileSecurityA
GetClusterFromResource
GetLogColorSpaceA
GetTextCharset
ExtEscape
DescribePixelFormat
GetTextCharsetInfo
GetTextExtentPointA
GetClipBox
DeleteColorSpace
GetCurrentPositionEx
GetCharWidthW
GetPolyFillMode
GetViewportOrgEx
GetFontData
GetTextExtentExPointW
GetRegionData
GetTextFaceW
ExtSelectClipRgn
GdiSetBatchLimit
GetLayout
GetUserDefaultUILanguage
GetSystemTime
GetSystemWindowsDirectoryA
GetVolumePathNameW
GetComputerNameExW
GetUserDefaultLangID
GetSystemInfo
FindResourceA
GetFileAttributesA
GlobalFree
GetTapeStatus
GlobalFindAtomA
GlobalGetAtomNameA
FlsGetValue
FindNLSString
GlobalUnlock
GetFileAttributesW
GlobalAlloc
FindNextVolumeW
DefineDosDeviceW
GetPrivateProfileStructW
GetPrivateProfileSectionW
HeapAlloc
GetCommTimeouts
FreeLibraryAndExitThread
GetConsoleMode
LocalAlloc
WriteProfileStringA
GlobalAddAtomA
GetConsoleCursorInfo
GetCurrentProcess
GetDateFormatW
SetErrorMode
MultiByteToWideChar
GetShortPathNameA
GetFileInformationByHandle
GetCompressedFileSizeA
lstrcatW
GetProfileSectionA
WriteProfileStringW
GetCommProperties
GetTempFileNameW
lstrcpynW
GetModuleFileNameW
GetTimeFormatW
FindResourceExA
GlobalAddAtomW
EraseTape
MapViewOfFile
GetModuleHandleA
EnumResourceNamesW
QueryIdleProcessorCycleTime
InterlockedExchange
GetConsoleDisplayMode
EnumSystemCodePagesA
FindNextFileA
GetDiskFreeSpaceExA
FindFirstFileExW
GlobalLock
CreateFileMappingW
FindActCtxSectionStringW
GetFileAttributesExW
LocalFree
GetThreadSelectorEntry
IsWow64Process
LoadLibraryW
GetLocalTime
UnmapViewOfFile
GetAtomNameA
VirtualQuery
GetPrivateProfileStringA
GetFileSizeEx
EnumSystemGeoID
GetFileType
GetTempFileNameA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesW
GlobalHandle
VirtualAlloc
GetCurrencyFormatW
LoadLibraryExW
VarCyMulI4
LoadTypeLibEx
ExtractAssociatedIconA
ExtractIconExA
ExtractIconA
FreeCredentialsHandle
GetMessageA
GetPriorityClipboardFormat
SetWindowPlacement
GetForegroundWindow
LoadImageA
EnableWindow
GetCursorInfo
FillRect
PostQuitMessage
GetUpdateRect
EnumWindowStationsA
DefWindowProcW
GetScrollPos
GetCapture
GetShellWindow
GetClassInfoExA
GetComboBoxInfo
GetMessageW
DefMDIChildProcA
MessageBeep
FlashWindow
DrawStateW
SetWindowPos
LockWorkStation
GetSysColorBrush
GetSystemMetrics
SetWindowLongW
RemoveClipboardFormatListener
GetWindowRect
RegisterClassExW
UpdateWindow
IsWindowUnicode
DialogBoxParamW
DrawIcon
GetMessageExtraInfo
GetSystemMenu
DestroyCursor
LookupIconIdFromDirectoryEx
FindWindowExW
DrawFocusRect
InsertMenuItemA
GetWindowRgn
SetScrollPos
GetRawInputDeviceInfoW
SendMessageW
GetSubMenu
CharUpperW
GetClipboardViewer
GetWindowPlacement
LockSetForegroundWindow
SetForegroundWindow
LoadMenuIndirectA
GetDlgItem
SetCursor
IsIconic
DeleteMenu
InvalidateRect
EnumWindows
GetWindowLongA
PeekMessageW
CharNextW
LoadImageW
GetKeyboardLayout
GetMenuStringA
OpenClipboard
GetWindowTextW
SetActiveWindow
GetMenuState
CreateIconFromResource
LoadCursorW
LoadIconW
FindWindowW
CreateWindowExW
CheckMenuItem
GetWindowLongW
CloseClipboard
DrawTextW
GetMenuStringW
DestroyWindow
FindCloseUrlCache
FindFirstUrlCacheEntryW
GetUrlCacheEntryInfoA
InternetGoOnline
FindNextUrlCacheGroup
FindClosePrinterChangeNotification
DeletePrinterDriverW
DeletePrinter
GetColorProfileElement
GetColorProfileHeader
GetColorDirectoryW
fwrite
ungetwc
system
fgetws
strncmp
towupper
strcspn
CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

SubsystemVersion
4.0

Comments
Microsoft IE hosting interface

Platform
Windows 95 and Windows NT (I386)

InitializedDataSize
133120

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
1.0.3705.6018

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
IEHost.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.3705.6018

TimeStamp
2019:01:18 02:21:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEHOST.EXE

ProductVersion
1.0.3705.6018

FileDescription
Microsoft IE hosting interface

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright Microsoft Corporation 1998-2001. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36864

FileSubtype
0

ProductVersionNumber
1.0.3705.6018

EntryPoint
0x2bf2

ObjectFileType
Dynamic link library

File identification
MD5 d11684c8498be98d2cd795e05861d605
SHA1 3ef9a26c9e0ac1e820baf5dc2d4b90f5fba1c65d
SHA256 dea1aefd0b7f0ee52eae7ec1b488149e654903e99059514bbba09d5564717452
ssdeep
3072:VCT+m2JdQbyGkwGJ4EMsnCHDhYR9JbuEr06+BgSxPblSeZ2g+D84ESP:4Ty1XwAO+7

authentihash 844920b6a5a8cf31d6171998991b2135d33d01b40885f9ff366c538d094ba4ac
imphash e287a924bf8022687f23a7180317651d
File size 158.0 KB ( 161792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-18 01:28:42 UTC ( 4 months ago )
Last submission 2019-01-18 23:27:46 UTC ( 4 months ago )
File names IEHost.exe
52j4PYEqUc.exe
qjgGDvYW.exe
InklFKsyd.exe
639.exe
sVevtwS4.exe
mXYmcfYxnp.exe
zYKTOGJx.exe
52zETwVt0.exe
Y39oK9Biu9Y.exe
pPJH1o0ygNiJ.exe
emotet_e1_dea1aefd0b7f0ee52eae7ec1b488149e654903e99059514bbba09d5564717452_2019-01-18__013001.exe_
IEHOST.EXE
FMTZP7zrK7Bc.exe
VnuPLME4.exe
NGVjdkiYoO.exe
578.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!