× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e206e6064f0d77ab82f6d48c024146ffc3ec22704f814ec3f3fb2c44b52bd184
File name: e206e6064f0d77ab82f6d48c024146ffc3ec22704f814ec3f3fb2c44b52bd184
Detection ratio: 44 / 71
Analysis date: 2018-12-19 18:02:12 UTC ( 2 months ago )
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Trojan.GenericKD.31422380 20181219
AegisLab Trojan.Win32.Emotet.4!c 20181219
AhnLab-V3 Trojan/Win32.Emotet.R249146 20181219
ALYac Trojan.GenericKD.31422380 20181219
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181219
Arcabit Trojan.Generic.D1DF77AC 20181219
Avast Win32:BankerX-gen [Trj] 20181219
AVG Win32:BankerX-gen [Trj] 20181219
BitDefender Trojan.GenericKD.31422380 20181219
CAT-QuickHeal Trojan.Emotet.X4 20181219
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181219
Cyren W32/Trojan.EQIC-4987 20181219
Emsisoft Trojan.Emotet (A) 20181219
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNWN 20181219
F-Secure Trojan.GenericKD.31422380 20181219
Fortinet W32/GenKryptik.CUHC!tr 20181219
GData Win32.Trojan-Spy.Emotet.A8ZOZD 20181219
Ikarus Trojan-Banker.Emotet 20181219
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00543d9d1 ) 20181219
K7GW Trojan ( 00543d9d1 ) 20181219
Kaspersky Trojan-Banker.Win32.Emotet.bvmm 20181219
Malwarebytes Trojan.Emotet 20181219
McAfee Emotet-FLD!45606F052907 20181219
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181219
Microsoft Trojan:Win32/Emotet.AC!bit 20181219
eScan Trojan.GenericKD.31422380 20181219
Palo Alto Networks (Known Signatures) generic.ml 20181219
Panda Trj/GdSda.A 20181219
Qihoo-360 Win32/Trojan.c84 20181219
Rising Trojan.Fuerboos!8.EFC8 (TFE:2:xBEn8WEcuzM) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181219
Symantec Trojan.Emotet 20181219
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.USLH18 20181219
TrendMicro-HouseCall TROJ_GEN.USLH18 20181219
VBA32 BScope.TrojanBanker.Emotet 20181219
ViRobot Trojan.Win32.Z.Emotet.151552.AG 20181219
Webroot W32.Trojan.Emotet 20181219
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvmm 20181219
Alibaba 20180921
Avast-Mobile 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
Bkav 20181219
ClamAV 20181219
CMC 20181218
Comodo 20181219
Cybereason 20180225
DrWeb 20181219
eGambit 20181219
F-Prot 20181219
Jiangmin 20181219
Kingsoft 20181219
MAX 20181219
NANO-Antivirus 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
Trustlook 20181219
VIPRE 20181219
Yandex 20181219
Zillya 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2001 Microsoft Corporation.

Product Twain Thunker
Internal name msencode
File version 2001072500
Description Twain.dll Client's 32-Bit
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:09
Entry Point 0x00007227
Number of sections 6
PE sections
PE imports
CertDuplicateCTLContext
GetColorAdjustment
EndPath
GetModuleHandleW
SetCurrentConsoleFontEx
NetLocalGroupGetInfo
BeginPaint
PackDDElParam
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
32768

SubsystemVersion
5.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2001.7.25.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Twain.dll Client's 32-Bit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
62976

EntryPoint
0x7227

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2001 Microsoft Corporation.

FileVersion
2001072500

TimeStamp
2004:08:04 08:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msencode

ProductVersion
10.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Twain Working Group

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

ProductName
Twain Thunker

ProductVersionNumber
10.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 45606f052907984b592a5e22aa2ec7a8
SHA1 d90b6fac20efccb6bf2592250ffd3d5c4678e582
SHA256 e206e6064f0d77ab82f6d48c024146ffc3ec22704f814ec3f3fb2c44b52bd184
ssdeep
3072:UgP0++R5tFfcEz1+09obtkENHjfO9WLkRm:UcM5tFf71+09wHNHjW9WB

authentihash 0b581bb540912f8adc7f27b3ca15ad8e476606b9a053999d3f85f38f93655e14
imphash 5bbf31eddbe95ae2ccb92b2cffed6bbc
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 12:50:06 UTC ( 2 months ago )
Last submission 2018-12-19 18:02:12 UTC ( 2 months ago )
File names 7877.exe
msencode
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!