× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e304a19b6ddce5b098a9f5c67939cdbf5c8f3a6fb718bdcb502d3f9a81ca5e36
File name: e304a19b6ddce5b098a9f5c67939cdbf5c8f3a6fb718bdcb502d3f9a81ca5e36
Detection ratio: 21 / 71
Analysis date: 2019-04-16 02:51:28 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190415
AegisLab Hacktool.Win32.Krap.lKMc 20190416
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.72a2d0 20190403
Cylance Unsafe 20190416
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRLK 20190415
FireEye Generic.mg.87515ee67a018400 20190416
Fortinet W32/Agent.DVFS!tr 20190416
Sophos ML heuristic 20190313
McAfee Trojan-FQMJ!87515EE67A01 20190415
Microsoft Trojan:Win32/Emotet.LK!ml 20190415
Qihoo-360 HEUR/QVM20.1.8DCB.Malware.Gen 20190416
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgRaQrv21wuvdA) 20190415
SentinelOne (Static ML) DFI - Suspicious PE 20190407
Sophos AV Mal/Emotet-Q 20190416
Symantec Packed.Generic.459 20190415
Trapmine suspicious.low.ml.score 20190325
TrendMicro TrojanSpy.Win32.EMOTET.SMTHF 20190415
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHF 20190416
VBA32 Malware-Cryptor.Bambarbiya 20190415
Ad-Aware 20190416
AhnLab-V3 20190416
Alibaba 20190401
ALYac 20190416
Antiy-AVL 20190416
Arcabit 20190416
Avast 20190416
Avast-Mobile 20190415
AVG 20190416
Avira (no cloud) 20190415
Babable 20180918
Baidu 20190318
BitDefender 20190415
Bkav 20190412
CAT-QuickHeal 20190415
ClamAV 20190415
CMC 20190321
Comodo 20190415
Cyren 20190416
DrWeb 20190415
eGambit 20190416
Emsisoft 20190416
F-Prot 20190416
F-Secure 20190415
GData 20190416
Ikarus 20190415
Jiangmin 20190415
K7AntiVirus 20190415
K7GW 20190415
Kaspersky 20190415
Kingsoft 20190416
Malwarebytes 20190416
MAX 20190416
McAfee-GW-Edition 20190415
eScan 20190415
NANO-Antivirus 20190415
Palo Alto Networks (Known Signatures) 20190416
Panda 20190415
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190416
Tencent 20190416
TheHacker 20190411
TotalDefense 20190413
Trustlook 20190416
ViRobot 20190415
Webroot 20190416
Yandex 20190415
Zillya 20190415
ZoneAlarm by Check Point 20190416
Zoner 20190415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 9:39 AM 4/18/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-16 02:44:21
Entry Point 0x00001670
Number of sections 4
PE sections
Overlays
MD5 f3e25b17ee503aa394dcd96c812df80c
File type data
Offset 122880
Size 3384
Entropy 7.33
PE imports
RegOpenKeyA
RegQueryValueExA
ImageList_GetIcon
ImageList_Read
ImageList_GetIconSize
ImageList_Write
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
CreateFontW
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
StretchBlt
EndDoc
SetWindowOrgEx
StartPage
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
CreateFontA
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetROP2
CreateCompatibleDC
StartDocW
SetBrushOrgEx
EndPage
DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
DPtoLP
SelectObject
SetBkColor
GetTextExtentPointW
GetTextExtentPoint32W
SetTextColor
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
Toolhelp32ReadProcessMemory
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
UnhandledExceptionFilter
ExpandEnvironmentStringsA
GetFileInformationByHandle
lstrcpyA
SetFileAttributesA
GetFileTime
GetTempPathA
lstrcmpiA
GetCPInfo
GetOverlappedResult
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
BackupRead
GetTempPathW
FormatMessageW
WaitForSingleObject
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
GetEnvironmentVariableA
CopyFileW
ReadFile
GetModuleFileNameW
TryEnterCriticalSection
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
FlushViewOfFile
QueueUserAPC
RaiseException
FreeLibrary
GetPriorityClass
SetThreadPriority
SetHandleCount
Module32First
TlsGetValue
MultiByteToWideChar
SetProcessAffinityMask
CreateMutexA
CreateEventW
SetFileAttributesW
LockFileEx
CreateThread
MoveFileExW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetNamedPipeHandleState
GlobalAddAtomA
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
UnlockFile
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
SetPriorityClass
Module32Next
WaitForMultipleObjectsEx
GlobalMemoryStatus
CancelIo
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
SetEndOfFile
BackupSeek
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CloseHandle
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
VerLanguageNameA
Process32First
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
UnlockFileEx
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
GetWindowsDirectoryW
SetHandleInformation
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
RemoveDirectoryW
FreeEnvironmentStringsW
FindNextFileW
GetModuleHandleA
WaitNamedPipeA
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetDiskFreeSpaceExA
WaitForMultipleObjects
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
CompareStringW
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
GetShortPathNameA
Process32NextW
CreateProcessW
HeapCompact
WaitForSingleObjectEx
Module32FirstW
FileTimeToLocalFileTime
GetEnvironmentStrings
SearchPathA
GetCurrentProcessId
SetFileTime
lstrlenW
GetCurrentDirectoryA
HeapSize
SetSystemPowerState
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
GetSystemDefaultLangID
QueryPerformanceFrequency
CompareStringA
MapViewOfFile
TlsFree
SetFilePointer
Module32NextW
FindFirstFileA
lstrcpynA
GetVolumeInformationA
GetACP
CopyFileA
GetModuleHandleW
SetThreadExecutionState
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
CreateProcessA
WideCharToMultiByte
CompareFileTime
HeapCreate
WriteFile
VirtualFree
Sleep
TerminateProcess
GetFileAttributesExA
OpenEventA
VirtualAlloc
ResetEvent
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
CopyRect
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassA
UnregisterClassW
GetClientRect
DefWindowProcW
AllowSetForegroundWindow
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
GetTopWindow
GetWindowTextW
SetDlgItemTextW
GetActiveWindow
GetMenuItemID
PtInRect
GetUserObjectInformationW
GetParent
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
SetPropW
GetMenuState
PeekMessageW
EnableWindow
CharUpperW
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
LoadStringA
RegisterClassW
GetWindowPlacement
IsIconic
GetSubMenu
SetTimer
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
GetClassInfoW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
DestroyWindow
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
SetFocus
DrawIcon
KillTimer
CharPrevW
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SendDlgItemMessageW
GetProcessWindowStation
CheckDlgButton
CheckMenuItem
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
ClientToScreen
PostMessageW
LoadCursorA
PostThreadMessageW
GetMenuItemCount
IsDlgButtonChecked
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CreateIconIndirect
GetCapture
MessageBeep
GetWindowThreadProcessId
MessageBoxW
GetMenu
DestroyIcon
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
GetWindowDC
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
EnableMenuItem
IsWindowVisible
WinHelpW
GetDesktopWindow
SystemParametersInfoW
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
GetFocus
wsprintfW
SetCursor
Number of PE resources by type
RT_DIALOG 12
RT_ICON 9
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:04:16 04:44:21+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5120

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
116736

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1670

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 87515ee67a018400a4cf4838e4b9d562
SHA1 83ae97f72a2d0478c633e027d1dd551ceda82a88
SHA256 e304a19b6ddce5b098a9f5c67939cdbf5c8f3a6fb718bdcb502d3f9a81ca5e36
ssdeep
3072:p0SFTgkJNr/LJHD06mYG4MS5pC+BC3K5eqyo:p0igkJJ/V06mR4MhK7yo

authentihash ffacde355a75de8cb5e6d0bbffe8f07cf355845f7728b1ed8d877f544f164897
imphash 05394a14b124878b11a586ff55ddc1ce
File size 123.3 KB ( 126264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-16 02:51:28 UTC ( 1 month ago )
Last submission 2019-04-16 02:51:28 UTC ( 1 month ago )
File names 56X_C1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs