× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e12b3715bd609d00612767c227373caf2af2f7d818980606fa863be40d591da7
File name: emotet_e1_e12b3715bd609d00612767c227373caf2af2f7d818980606fa863be...
Detection ratio: 46 / 71
Analysis date: 2019-01-24 16:39:39 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190124
Ad-Aware Trojan.GenericKD.31565428 20190124
AegisLab Trojan.Win32.Emotet.4!c 20190124
AhnLab-V3 Trojan/Win32.Emotet.R252937 20190124
ALYac Trojan.Agent.Emotet 20190124
Arcabit Trojan.Generic.D1E1A674 20190124
Avast Win32:Trojan-gen 20190124
AVG Win32:Trojan-gen 20190124
Avira (no cloud) TR/AD.Emotet.vxoap 20190124
BitDefender Trojan.GenericKD.31565428 20190124
ClamAV Win.Malware.Emotet-6827470-0 20190124
Comodo Malware@#1w7msgc9e4o1 20190124
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190124
Cyren W32/Trojan.BNBG-2276 20190124
DrWeb Trojan.EmotetENT.359 20190124
eGambit Unsafe.AI_Score_88% 20190124
Emsisoft Trojan.GenericKD.31565428 (B) 20190124
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOXM 20190124
F-Secure Trojan.GenericKD.31565428 20190124
Fortinet W32/Kryptik.GOWS!tr 20190124
GData Trojan.GenericKD.31565428 20190124
Ikarus Trojan-Banker.Emotet 20190124
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005461fb1 ) 20190124
K7GW Trojan ( 005461fb1 ) 20190124
Kaspersky Trojan-Banker.Win32.Emotet.cbkg 20190124
Malwarebytes Trojan.Emotet.Generic 20190124
McAfee Emotet-FHY!91ED09E2D665 20190124
McAfee-GW-Edition BehavesLike.Win32.Emotet.hm 20190124
Microsoft Trojan:Win32/Emotet.RC 20190124
eScan Trojan.GenericKD.31565428 20190124
Palo Alto Networks (Known Signatures) generic.ml 20190124
Panda Generic Malware 20190124
Qihoo-360 HEUR/QVM20.1.BA1B.Malware.Gen 20190124
Rising Trojan.Emotet!8.B95 (CLOUD) 20190124
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Emotet-Q 20190124
Symantec Trojan.Gen.2 20190124
Trapmine malicious.high.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THOABCAI 20190124
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOABCAI 20190124
VBA32 BScope.Trojan.Refinka 20190124
Webroot W32.Trojan.Emotet 20190124
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cbkg 20190124
Alibaba 20180921
Antiy-AVL 20190124
Avast-Mobile 20190124
Babable 20180918
Baidu 20190124
Bkav 20190124
CAT-QuickHeal 20190124
CMC 20190124
Cybereason 20190109
F-Prot 20190124
Jiangmin 20190124
Kingsoft 20190124
MAX 20190124
NANO-Antivirus 20190124
SUPERAntiSpyware 20190123
TACHYON 20190124
Tencent 20190124
TheHacker 20190118
TotalDefense 20190124
Trustlook 20190124
VIPRE None
ViRobot 20190124
Yandex 20190124
Zillya 20190123
Zoner 20190124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 2000-2002 Creative Technology Ltd

Product Creative Audio Product
Original name Thk3216.dll
Internal name Thk3216
File version 0.80.00.0260-0.80.2600
Description Thk3216
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-23 06:16:34
Entry Point 0x00001E00
Number of sections 9
PE sections
PE imports
InitializeAcl
CreateRestrictedToken
ClusterRegCloseKey
CertDuplicateCRLContext
SetTextAlign
LCIDToLocaleName
DeleteBoundaryDescriptor
SetThreadPreferredUILanguages
GetFileBandwidthReservation
GetModuleHandleW
GetCurrentThread
VarI4FromDate
VarI4FromCy
IsPwrHibernateAllowed
CloseDesktop
GetScrollPos
DdeAddData
CreateIconIndirect
WTHelperGetProvCertFromChain
CoLoadLibrary
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.80.0.260

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Thk3216

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
521216

EntryPoint
0x1e00

OriginalFileName
Thk3216.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2000-2002 Creative Technology Ltd

FileVersion
0.80.00.0260-0.80.2600

TimeStamp
2019:01:23 07:16:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Thk3216

ProductVersion
0.80.00.0260-0.80.2600

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Creative Technology Ltd

CodeSize
27648

ProductName
Creative Audio Product

ProductVersionNumber
0.80.0.260

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 91ed09e2d6657cb76a5016c52199a413
SHA1 3e53714b5e0e5ec89de6cdef14c0eb4d80326755
SHA256 e12b3715bd609d00612767c227373caf2af2f7d818980606fa863be40d591da7
ssdeep
3072:0bE5Bk20TlboKLNOq1OR94YkwP8n51sxxMIEJK7pma0xqsj14Y2l:bHkvLN7OR2YO5kMIEJK7UagYJ

authentihash 0bba85f5ed3fdf2ecdabc8d032a6b7527ec1a63258c7e7c504eef7f660000be1
imphash b21f586717531c80699371630b4efb48
File size 527.0 KB ( 539648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-22 22:20:53 UTC ( 2 months ago )
Last submission 2019-01-23 04:40:42 UTC ( 2 months ago )
File names Thk3216
Thk3216.dll
emotet_e1_e12b3715bd609d00612767c227373caf2af2f7d818980606fa863be40d591da7_2019-01-22__222501.exe_
0zCAoxj.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!