× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4e5d7fa81ec704c4faa98e8ff6410c1d8eb34daad638043f4a918b31544a170
File name: output.113669594.txt
Detection ratio: 38 / 66
Analysis date: 2018-07-21 03:10:56 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40319687 20180721
AVG Win32:Malware-gen 20180721
AVware Trojan.Win32.Generic!BT 20180721
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Trojan.GenericKD.40319687 20180721
Comodo UnclassifiedMalware 20180721
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180721
Cyren W32/Trojan.VINV-3894 20180721
Emsisoft Trojan.Emotet (A) 20180721
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GJBH 20180721
F-Secure Trojan.GenericKD.40319687 20180721
Fortinet Malicious_Behavior.SB 20180721
GData Win32.Trojan-Spy.Emotet.A5VD00 20180721
Ikarus Win32.Outbreak 20180720
Sophos ML heuristic 20180717
K7GW Trojan ( 0053861f1 ) 20180721
Kaspersky Trojan-Banker.Win32.Emotet.ayrj 20180721
Malwarebytes Spyware.Emotet 20180721
MAX malware (ai score=94) 20180721
McAfee Emotet-FHS!00CF1A7C2129 20180721
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180721
Microsoft Trojan:Win32/Emotet.AN 20180721
eScan Trojan.GenericKD.40319687 20180721
Palo Alto Networks (Known Signatures) generic.ml 20180721
Qihoo-360 HEUR/QVM20.1.A1B3.Malware.Gen 20180721
Rising Trojan.Fuerboos!8.EFC8 (TFE:dGZlOgTk2ZgSWQ+BaA) 20180721
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Emotet-WS 20180721
Symantec Packed.Generic.517 20180720
TACHYON Banker/W32.Emotet.163328.C 20180722
TrendMicro TROJ_FRS.VSN14G18 20180721
TrendMicro-HouseCall TROJ_FRS.VSN14G18 20180721
VBA32 BScope.TrojanBanker.Emotet 20180720
VIPRE Trojan.Win32.Generic!BT 20180721
Webroot W32.Trojan.Gen 20180721
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ayrj 20180721
AegisLab 20180722
AhnLab-V3 20180720
Alibaba 20180713
ALYac 20180721
Antiy-AVL 20180722
Arcabit 20180721
Avast-Mobile 20180720
Avira (no cloud) 20180721
Babable 20180406
Bkav 20180719
CAT-QuickHeal 20180720
ClamAV 20180721
CMC 20180721
DrWeb 20180721
eGambit 20180721
F-Prot 20180721
Jiangmin 20180720
K7AntiVirus 20180721
Kingsoft 20180721
NANO-Antivirus 20180721
Panda 20180720
SUPERAntiSpyware 20180721
Tencent 20180721
TheHacker 20180720
TotalDefense 20180721
Trustlook 20180721
ViRobot 20180721
Yandex 20180720
Zillya 20180720
Zoner 20180720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name icardagt.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x00001BEA
Number of sections 6
PE sections
PE imports
StrokePath
GetThreadIOPendingFlag
lstrlenA
SetComputerNameW
DeleteAtom
FlsGetValue
FlsFree
SleepEx
SysFreeString
VarCyCmp
StrCmpNIA
DdeDisconnectList
DrawIconEx
IsCharAlphaA
GetClipboardOwner
GetPrinterDriverDirectoryW
RegisterMediaTypes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Scription
Windows CardSpace Us

InitializedDataSize
31744

ImageVersion
0.0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

NETFramework
ing S

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.1

EntryPoint
0x1bea

MIMEType
application/octet-stream

Name
icardagt.exe

TimeStamp
2017:02:23 04:20:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
icardagt.exe

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
136704

FileSubtype
0

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

InalFilename
wfw.fwf

File identification
MD5 00cf1a7c2129d185f7710652f4ac0bd9
SHA1 5956f261cfd7284eaebca6c99ee32bd17b0a17fd
SHA256 e4e5d7fa81ec704c4faa98e8ff6410c1d8eb34daad638043f4a918b31544a170
ssdeep
3072:ULlF5wpzwJWP9DcFuW+uB8hZa1nx/NZewgk8kA1PEr8b:AniwUJcFiZ+nx/1CkA1P

authentihash 0551c66fe1ba51918edaedf1f67ec5671f74c1280996215fc0eb44c89a3d4e43
imphash 111e4c23fe0db49a02a112815aa6afaa
File size 159.5 KB ( 163328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-20 14:03:45 UTC ( 7 months ago )
Last submission 2018-12-13 00:05:58 UTC ( 2 months, 1 week ago )
File names 2018_12_13_00_05_58.000508
599.exe
2018_12_12_22_41_00.000205
74.exe
zQoJe1Ovg.exe
246.exe
Samp(14).vir
icardagt.exe
1908.exe
diagramsls.exe
04353425.exe
704651.exe
output.113669594.txt
0348.exe
2573188.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!