× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e26a217122a4126041d9a8242bd61ef722fa954b513b45c40b0f4de26554c31f
File name: viewflt.exe
Detection ratio: 43 / 68
Analysis date: 2017-12-22 10:42:47 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12692130 20171222
AegisLab Filerepmalware.Gen!c 20171222
AhnLab-V3 Trojan/Win32.Emotet.R216134 20171221
ALYac Trojan.GenericKD.12692130 20171222
Antiy-AVL Trojan/Win32.TSGeneric 20171222
Arcabit Trojan.Generic.DC1AAA2 20171222
Avast FileRepMalware 20171222
AVG FileRepMalware 20171222
Avira (no cloud) TR/Crypt.ZPACK.dbjcc 20171222
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Trojan.GenericKD.12692130 20171222
ClamAV Win.Trojan.Emotet-6405344-0 20171222
Comodo UnclassifiedMalware 20171222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171222
Cyren W32/Trojan.GUZW-3079 20171222
eGambit Unsafe.AI_Score_54% 20171222
Emsisoft Trojan.GenericKD.12692130 (B) 20171222
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAUS 20171222
F-Secure Trojan.GenericKD.12692130 20171222
Fortinet W32/Kryptik.FZTF!tr 20171222
GData Win32.Trojan-Spy.Emotet.IH 20171222
Ikarus Trojan.Win32.Crypt 20171222
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005211911 ) 20171222
K7GW Trojan ( 005211911 ) 20171222
Kaspersky Trojan.Win32.Dovs.eif 20171222
Malwarebytes Trojan.Emotet 20171222
MAX malware (ai score=99) 20171222
McAfee RDN/Generic.grp 20171222
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.ch 20171222
eScan Trojan.GenericKD.12692130 20171222
Palo Alto Networks (Known Signatures) generic.ml 20171222
Panda Trj/Genetic.gen 20171221
Qihoo-360 HEUR/QVM20.1.FD0D.Malware.Gen 20171222
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171222
Symantec Trojan.Emotet 20171222
TrendMicro-HouseCall Suspicious_GEN.F47V1221 20171222
Webroot W32.Trojan.Emotet 20171222
ZoneAlarm by Check Point Trojan.Win32.Dovs.eif 20171222
Alibaba 20171222
Avast-Mobile 20171222
AVware 20171222
Bkav 20171221
CAT-QuickHeal 20171222
CMC 20171222
DrWeb 20171222
F-Prot 20171222
Jiangmin 20171221
Kingsoft 20171222
Microsoft 20171222
NANO-Antivirus 20171222
nProtect 20171222
Rising 20171222
SUPERAntiSpyware 20171222
Symantec Mobile Insight 20171222
Tencent 20171222
TheHacker 20171219
TotalDefense 20171222
TrendMicro 20171222
Trustlook 20171222
VBA32 20171222
VIPRE 20171222
ViRobot 20171222
WhiteArmor 20171204
Yandex 20171221
Zillya 20171221
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-21 15:50:39
Entry Point 0x00001B50
Number of sections 7
PE sections
PE imports
FreeEnvironmentStringsA
GetLastError
lstrcmpiA
GetEnvironmentStrings
VerLanguageNameA
lstrcatA
lstrcmpA
GetSystemTimeAdjustment
ReadFile
GlobalAlloc
Sleep
CreateFileW
GetCursorPos
IsClipboardFormatAvailable
GetCaretBlinkTime
GetIconInfo
LoadIconA
EndDialog
GetCapture
GetWindowTextA
GetCursor
CreateDialogParamA
DialogBoxParamA
GetWindow
timeGetSystemTime
wprintf
exit
sprintf
Number of PE resources by type
RT_STRING 14
RT_DIALOG 4
RT_BITMAP 2
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:21 16:50:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
12.14

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1b50

InitializedDataSize
110592

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1b9b605f73d391706b5ff41adfed2b05
SHA1 d83dabbc2105777093dd4b8560ccab89b6e964e7
SHA256 e26a217122a4126041d9a8242bd61ef722fa954b513b45c40b0f4de26554c31f
ssdeep
1536:o/iDGyHoLKpL/ukPf97bB5IPl8xgU8ESi0rRh4mtJ/Q:o5yI2jPf97F1nwroKJY

authentihash 28901a223d43d318fac2001ae3d894e0021cc4e9906156edae7e3172c39f1cff
imphash eea11c9c378fc9185ade123375768bdb
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-21 07:26:57 UTC ( 11 months, 4 weeks ago )
Last submission 2018-05-25 18:00:03 UTC ( 6 months, 3 weeks ago )
File names viewflt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.