× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2badc5c1db3a86e818dadfd0abd4975e95f9d788d41d6a6e87989bae83324d5
File name: h5OLzf.exe
Detection ratio: 47 / 67
Analysis date: 2018-03-14 18:51:17 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30394543 20180314
AegisLab W32.Troj.Spy!c 20180314
AhnLab-V3 Trojan/Win32.Emotet.R222414 20180314
ALYac Trojan.GenericKD.30394543 20180314
Antiy-AVL Trojan/Win32.TSGeneric 20180314
Arcabit Trojan.Generic.D1CFC8AF 20180314
Avast Win32:Malware-gen 20180314
AVG Win32:Malware-gen 20180314
Avira (no cloud) TR/Crypt.ZPACK.xsnjz 20180314
AVware Trojan.Win32.Generic!BT 20180314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180314
BitDefender Trojan.GenericKD.30394543 20180314
Bkav HW32.Packed.5BF1 20180314
CAT-QuickHeal Trojan.Emotet 20180314
ClamAV Win.Trojan.Emotet-6471906-0 20180314
Comodo UnclassifiedMalware 20180314
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180314
Cyren W32/Trojan.NUZQ-8397 20180314
Emsisoft Trojan.GenericKD.30394543 (B) 20180314
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/Kryptik.GEGB 20180314
F-Secure Trojan.GenericKD.30394543 20180314
Fortinet W32/Kryptik.GDRZ!tr 20180314
GData Win32.Trojan-Spy.Emotet.NH 20180314
Ikarus Trojan-Banker.Emotet 20180314
Sophos ML heuristic 20180121
K7GW Trojan ( 0052a5bc1 ) 20180314
Kaspersky Trojan-Banker.Win32.Emotet.aatv 20180314
Malwarebytes Trojan.Emotet 20180314
MAX malware (ai score=91) 20180314
McAfee Emotet-FGY!097D26359ADB 20180314
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20180314
eScan Trojan.GenericKD.30394543 20180314
NANO-Antivirus Trojan.Win32.Emotet.eyvtfn 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Panda Trj/CI.A 20180314
Qihoo-360 HEUR/QVM20.1.C6E1.Malware.Gen 20180314
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180314
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180314
Symantec Trojan.Gen.2 20180314
TrendMicro TROJ_GEN.R002C0RCD18 20180314
TrendMicro-HouseCall TROJ_GEN.R002C0RCD18 20180314
VIPRE Trojan.Win32.Generic!BT 20180314
Webroot W32.Trojan.Emotet 20180314
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aatv 20180314
Alibaba 20180314
Avast-Mobile 20180314
CMC 20180314
Cybereason None
DrWeb 20180314
eGambit 20180314
F-Prot 20180314
Jiangmin 20180314
K7AntiVirus 20180314
Kingsoft 20180314
Microsoft 20180314
nProtect 20180314
SUPERAntiSpyware 20180314
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TotalDefense 20180314
Trustlook 20180314
VBA32 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180314
Zillya 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-12 19:02:43
Entry Point 0x00005000
Number of sections 9
PE sections
PE imports
SetWindowExtEx
CreateFontIndirectA
GetStretchBltMode
GetBkColor
GetLayout
LocaleNameToLCID
DeleteBoundaryDescriptor
GetProfileStringW
GetSystemDefaultLangID
GetVersion
WaitForDebugEvent
GlobalFree
GetNLSVersion
CreateDirectoryExA
CreateMutexW
CloseHandle
PrepareTape
WaitForMultipleObjects
GetCurrentThread
acmFormatSuggest
SetupAddToSourceListW
PathRemoveArgsW
IsClipboardFormatAvailable
HiliteMenuItem
GetWindowRect
IsRectEmpty
LockWindowUpdate
IsMenu
DestroyMenu
DestroyCursor
CreateMenu
DrawTextW
GetFocus
GetCaretPos
CallNextHookEx
SCardConnectA
DisassociateColorProfileFromDeviceW
OleCreateFromFile
OleCreateFromData
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_RCDATA 2
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:12 20:02:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
14.5

EntryPoint
0x5000

InitializedDataSize
122368

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 097d26359adb62a2e60b0035942447b9
SHA1 3c9c1059e30a392152ff19372b3419e76121b77c
SHA256 e2badc5c1db3a86e818dadfd0abd4975e95f9d788d41d6a6e87989bae83324d5
ssdeep
3072:bBdS83hahBDHlqOP5DhaYfyQL3xYGmXEhO9/:bBdS834hBDHQRLgUUhO9

authentihash 2534608203d91c8bcf96c3d384c47c97b88cebe306cf6dd2a295877ad6231387
imphash 9d2ecd1246614efe865bf7f1a6a020b2
File size 130.0 KB ( 133120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-12 19:10:07 UTC ( 3 months, 1 week ago )
Last submission 2018-05-08 17:45:00 UTC ( 1 month, 2 weeks ago )
File names defragwmi.exe
defragwmi.exe
h5OLzf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!