× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3b60fe46c471044d46462de8b2dfda807d75b36dc0a6938b6cf20f554042018
File name: e3b60fe46c471044d46462de8b2dfda807d75b36dc0a6938b6cf20f554042018
Detection ratio: 14 / 70
Analysis date: 2018-11-28 23:18:40 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
ClamAV Win.Trojan.Emotet-6748802-0 20181128
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.b9a369 20180225
Cylance Unsafe 20181129
eGambit Unsafe.AI_Score_81% 20181129
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CSMJ 20181128
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20181128
Microsoft Trojan:Win32/Ludicrouz.O 20181128
Qihoo-360 HEUR/QVM20.1.8426.Malware.Gen 20181129
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazpOJ/mgCDqSV4nYu+MZU2aF) 20181128
Symantec Trojan.Emotet 20181128
Trapmine malicious.moderate.ml.score 20181126
Ad-Aware 20181128
AegisLab 20181128
AhnLab-V3 20181128
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181128
Avast 20181128
Avast-Mobile 20181128
AVG 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181128
CAT-QuickHeal 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181128
Emsisoft 20181128
F-Prot 20181128
F-Secure 20181128
Fortinet 20181128
GData 20181128
Ikarus 20181128
Jiangmin 20181128
K7AntiVirus 20181128
Kaspersky 20181128
Kingsoft 20181129
Malwarebytes 20181128
MAX 20181129
McAfee 20181128
McAfee-GW-Edition 20181128
eScan 20181128
NANO-Antivirus 20181128
Palo Alto Networks (Known Signatures) 20181129
Panda 20181128
SentinelOne (Static ML) 20181011
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181129
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181129
VBA32 20181128
VIPRE 20181128
ViRobot 20181128
Webroot 20181129
Yandex 20181128
Zillya 20181128
ZoneAlarm by Check Point 20181128
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All

Product Microsoft®
Internal name kbdusa
File version 3.00.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 23:15:40
Entry Point 0x000026F0
Number of sections 4
PE sections
PE imports
DeregisterEventSource
FileEncryptionStatusW
AVIFileGetStream
GetClipRgn
GetCharWidth32A
FillRgn
GetCharacterPlacementA
Rectangle
GetNamedPipeClientProcessId
GetFileTime
GetCurrentProcess
WriteProcessMemory
GetSystemPowerStatus
GetModuleHandleA
GetConsoleWindow
GetVolumeInformationW
GetTimeFormatW
GetSystemWindowsDirectoryW
FreeEnvironmentStringsW
GetTickCount
SetMailslotInfo
GetDiskFreeSpaceA
GetUserDefaultLangID
FillConsoleOutputAttribute
GetPrivateProfileStringW
LZSeek
NetLocalGroupAddMembers
CM_Get_Next_Log_Conf
CallMsgFilterA
GetCursorInfo
GetDlgItemInt
DrawStateA
GetProcessWindowStation
DrawFrameControl
timeGetTime
FindFirstPrinterChangeNotification
GetPrintProcessorDirectoryW
SCardListReadersA
fputc
malloc
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:29 00:15:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
491520

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x26f0

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 44dc3f0b9a369a91699add7681712b9f
SHA1 995f92f6bc2c89c1d189bbb1abfca29c2fca7146
SHA256 e3b60fe46c471044d46462de8b2dfda807d75b36dc0a6938b6cf20f554042018
ssdeep
3072:SFoXQy2iMAHzooXx5jPr2FiY4G4tHtFUpgTjo3fgFK3:SFHiMSphV2Fi5fHHi3vg

authentihash 5d2a0ba219433375d41d23c4be4d3b26e479d9aca3a965eaef754951f0ac0941
imphash 42a4b707b82d821ddd45b6fcede7ea8f
File size 508.0 KB ( 520192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 23:18:40 UTC ( 2 months, 3 weeks ago )
Last submission 2019-01-22 04:44:28 UTC ( 1 month ago )
File names 562.exe
20.exe
4.exe
3311.exe
kbdusa
44dc3f0b9a369a91699add7681712b9f
270.exe
8.exe
5096520.exe
878.exe
6824612.exe
364.exe
9.exe
508797.exe
35400744.exe
1687424.exe
44dc3f0b9a369a91699add7681712b9f
statusrestart.exe
361.exe
0537.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!