× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6d7930019a05b43e235856b3a43e8b6111f9dee5487447864a9f8ffce3713bf
File name: gNGwqTvcKFmAAdIWTRj.exe
Detection ratio: 19 / 68
Analysis date: 2018-08-03 01:46:21 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180802
AVG FileRepMalware 20180802
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180802
CAT-QuickHeal Trojan.Emotet.X4 20180802
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.c9422b 20180225
Cylance Unsafe 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJMI 20180802
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180802
Microsoft Trojan:Win32/Emotet.AC!bit 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Qihoo-360 HEUR/QVM20.1.EC71.Malware.Gen 20180803
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazpuxxZHU6D692pasurf5mwX) 20180802
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180802
Symantec Packed.Generic.517 20180802
VBA32 Malware-Cryptor.Limpopo 20180802
Ad-Aware 20180803
AegisLab 20180803
AhnLab-V3 20180802
Alibaba 20180713
ALYac 20180803
Antiy-AVL 20180803
Arcabit 20180803
Avast-Mobile 20180802
Avira (no cloud) 20180802
AVware 20180727
Babable 20180725
BitDefender 20180803
Bkav 20180802
ClamAV 20180803
CMC 20180802
Comodo 20180803
Cyren 20180803
DrWeb 20180803
eGambit 20180803
Emsisoft 20180803
F-Prot 20180803
F-Secure 20180803
Fortinet 20180803
GData 20180803
Ikarus 20180802
Jiangmin 20180802
K7AntiVirus 20180802
K7GW 20180803
Kaspersky 20180802
Kingsoft 20180803
Malwarebytes 20180803
MAX 20180803
McAfee 20180802
eScan 20180802
NANO-Antivirus 20180802
Panda 20180802
SUPERAntiSpyware 20180802
Symantec Mobile Insight 20180801
TACHYON 20180802
Tencent 20180803
TheHacker 20180802
TotalDefense 20180802
TrendMicro 20180802
TrendMicro-HouseCall 20180802
Trustlook 20180803
VIPRE 20180802
ViRobot 20180802
Webroot 20180803
Yandex 20180731
Zillya 20180802
ZoneAlarm by Check Point 20180803
Zoner 20180802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-03 08:32:30
Entry Point 0x00001B67
Number of sections 6
PE sections
PE imports
CryptDeriveKey
RegDisablePredefinedCache
AbortDoc
GetObjectType
LPtoDP
WidenPath
SetThreadLocale
_lclose
AllocateUserPhysicalPages
GetThreadIOPendingFlag
GetCommMask
FindVolumeClose
ChangeTimerQueueTimer
TlsGetValue
FindNextChangeNotification
IsProcessorFeaturePresent
ContinueDebugEvent
FindNLSString
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetThreadLocale
GetMenuPosFromID
Ord(29)
AnimateWindow
GetSystemMetrics
GetActiveWindow
IsZoomed
SetMenuContextHelpId
ChildWindowFromPoint
DdeQueryConvInfo
GetShellWindow
NotifyWinEvent
Number of PE resources by type
RT_STRING 15
RT_BITMAP 14
Number of PE resources by language
NEUTRAL 27
CHINESE TRADITIONAL 1
SPANISH 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:03 10:32:30+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10752

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1b67

InitializedDataSize
276480

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 56dc56120820a3ac851cd3372e43bb9f
SHA1 892f48cc9422b2a0712174b662d04b6504beaee8
SHA256 e6d7930019a05b43e235856b3a43e8b6111f9dee5487447864a9f8ffce3713bf
ssdeep
3072:ErghpwYWNTSSVO0LDePyk9YAXTsHUznptNuCmS1Z42:ErgTDkRRkRwUECmS1

authentihash 6d52822642d8f4e94985e9be6568526105414f038135955eb786b47327477b61
imphash 20d7986823f0dd548709f46b8b7eb796
File size 277.5 KB ( 284160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-03 01:46:21 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-03 01:46:21 UTC ( 6 months, 3 weeks ago )
File names 337.exe
15.exe
31254472.exe
196.exe
6967575.exe
98.exe
2698.exe
52815896.exe
gNGwqTvcKFmAAdIWTRj.exe
8.exe
61073232.exe
41171315.exe
1050.exe
41.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!