× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0e6e9ab5fb53869304ddacb67b6c02ad3a487d3aa9ae2bb31c593283d70a6f8
File name: output.115022680.txt
Detection ratio: 48 / 69
Analysis date: 2019-01-28 12:00:48 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190128
Ad-Aware Trojan.GenericKD.31580433 20190128
AegisLab Trojan.Multi.Generic.4!c 20190128
AhnLab-V3 Trojan/Win32.Emotet.R253622 20190128
ALYac Trojan.GenericKD.31580433 20190128
Arcabit Trojan.Generic.D1E1E111 20190128
Avast Win32:Malware-gen 20190128
AVG Win32:Malware-gen 20190128
BitDefender Trojan.GenericKD.31580433 20190128
CAT-QuickHeal Trojan.Emotet.X4 20190127
Comodo Malware@#31s8zyyz3mgnv 20190128
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.0c8691 20190109
Cylance Unsafe 20190128
Cyren W32/Trojan.TCFW-2858 20190128
DrWeb Trojan.DownLoader27.26939 20190128
Emsisoft Trojan.GenericKD.31580433 (B) 20190128
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GPBS 20190128
F-Secure Trojan.GenericKD.31580433 20190128
Fortinet W32/GenKryptik.CXPC!tr 20190128
GData Trojan.GenericKD.31580433 20190128
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190128
K7GW Riskware ( 0040eff71 ) 20190128
Kaspersky Trojan-Banker.Win32.Emotet.cbyr 20190128
Malwarebytes Trojan.Emotet.Generic 20190128
MAX malware (ai score=100) 20190128
McAfee GenericRXGW-MH!CE090725CD4F 20190128
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.dm 20190128
Microsoft Trojan:Win32/Emotet 20190128
eScan Trojan.GenericKD.31580433 20190128
Palo Alto Networks (Known Signatures) generic.ml 20190128
Panda Trj/Genetic.gen 20190127
Qihoo-360 HEUR/QVM19.1.CAB5.Malware.Gen 20190128
Rising Trojan.Emotet!8.B95 (TFE:2:zmS260AySjH) 20190128
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Emotet-Q 20190128
Symantec Trojan.Emotet 20190128
Tencent Win32.Trojan-banker.Emotet.Syrp 20190128
Trapmine malicious.high.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THOABHAI 20190128
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOABHAI 20190128
VBA32 BScope.Trojan.Refinka 20190128
VIPRE Trojan.Win32.Generic!BT 20190127
ViRobot Trojan.Win32.Z.Highconfidence.259072.C 20190128
Webroot W32.Trojan.Gen 20190128
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cbyr 20190128
Alibaba 20180921
Antiy-AVL 20190128
Avast-Mobile 20190128
Avira (no cloud) 20190128
Babable 20180918
Baidu 20190128
Bkav 20190125
ClamAV 20190128
CMC 20190128
eGambit 20190128
F-Prot 20190128
Jiangmin 20190128
Kingsoft 20190128
NANO-Antivirus 20190128
SUPERAntiSpyware 20190123
TACHYON 20190128
TheHacker 20190125
Trustlook 20190128
Yandex 20190125
Zillya 20190125
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-26 05:00:09
Entry Point 0x00021E6C
Number of sections 7
PE sections
PE imports
GetTokenInformation
GetUserNameA
InitiateSystemShutdownA
CryptDestroyKey
QueryUsersOnEncryptedFile
LineTo
DeleteColorSpace
GetCurrentPositionEx
GetCharWidthW
StrokePath
GetPath
CreateDIBPatternBrush
DeleteObject
CreateCompatibleBitmap
GetRegionData
VirtualFree
LocalFree
GetAtomNameA
FindAtomW
GetConsoleOutputCP
GetConsoleMode
GetFileMUIPath
GetPrivateProfileStringA
DeviceIoControl
GetStringTypeExW
GlobalAddAtomA
UnregisterApplicationRecoveryCallback
GetPrivateProfileSectionNamesW
GetAtomNameW
FindNextFileA
lstrcatW
GetModuleHandleW
GetPrivateProfileSectionW
LoadRegTypeLib
VarCyNeg
IsPwrSuspendAllowed
GetMessageA
GetClipboardViewer
GetProcessDefaultLayout
GetPriorityClipboardFormat
GetKeyboardLayout
RegisterClassExW
FillRect
EnumWindows
DialogBoxParamW
GetScrollPos
GetSysColorBrush
CreateIconFromResource
PhysicalToLogicalPoint
DestroyCursor
PostQuitMessage
SetForegroundWindow
SetScrollPos
SetActiveWindow
OpenClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:25 21:00:09-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x21e6c

InitializedDataSize
124416

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 ce090725cd4f6b72f065f6d953fbabf2
SHA1 cf5f0920c8691813483f035d0869d4f67a32176d
SHA256 e0e6e9ab5fb53869304ddacb67b6c02ad3a487d3aa9ae2bb31c593283d70a6f8
ssdeep
3072:OJD57FXNSE0qy/G5Pey4Ww4bAPJgqJDzQrLEszVf0sh+o8gnBdaDTrVJe74Yk4ip:EzUszVf0shDBdUrkq3sDo3

authentihash 47acedd09eda298723327139c513fbdfda3a6ed6dc64c5f3c3f9849f4f2edef5
imphash b91639d815d5bb8ca6b8906cc1f866ce
File size 253.0 KB ( 259072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-25 21:08:18 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-07 10:35:11 UTC ( 1 month, 1 week ago )
File names S55ZXBAwYzsS.exe
fXhKvFcH12.exe
output.115022680.txt
q3rHtbZ5q.exe
411.exe
861.exe
07dpgZJmvKWY.exe
y4ci9gRpyu.exe
TLeLaGyHK.exe
KqBFJlCc4r.exe
hHXtH3QiYcZL.exe
baseddefine.exe
r07ttBh67H.exe
deuqIaIkqs.exe
b8GTlgUk.exe
mSXO0xtfQoN.exe
n2lkEaNdPu3.exe
ggxPcFRc.exe
output.115042271.txt
bsPKbNGM.exe
sTunHPoRUqoGz7.exe
Cv3fh7usOMk.exe
emotet_e1_e0e6e9ab5fb53869304ddacb67b6c02ad3a487d3aa9ae2bb31c593283d70a6f8_2019-01-25__211002.exe_
gpSXIRhPuGL.exe
L9KPxtye.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!