× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e71c833861b26b83471c9a3b33c0af6ed7f6151b2888f1ce39dafec309e916f2
File name: TsT2xpvLmbYZqsn7Dcc.exe
Detection ratio: 26 / 69
Analysis date: 2018-10-03 05:00:39 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31250983 20181003
Avast FileRepMalware 20181003
AVG FileRepMalware 20181003
Bkav HW32.Packed. 20181002
CMC Trojan.Win32.Obfuscated.en!O 20181002
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.e021cb 20180225
Cylance Unsafe 20181003
Emsisoft Trojan.Emotet (A) 20181003
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLGV 20181003
GData Win32.Trojan-Spy.Emotet.I8BQWT 20181003
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bfyo 20181003
McAfee RDN/Generic.hbg 20181003
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181003
Microsoft Trojan:Win32/Azden.B!cl 20181003
eScan Trojan.Autoruns.GenericKDS.31250983 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181003
Panda Trj/Genetic.gen 20181002
Qihoo-360 HEUR/QVM20.1.4481.Malware.Gen 20181003
SentinelOne (Static ML) static engine - malicious 20180926
Symantec Packed.Generic.517 20181003
TrendMicro TROJ_GEN.USJ218 20181003
TrendMicro-HouseCall TROJ_GEN.USJ218 20181003
Webroot W32.Trojan.Emotet 20181003
AegisLab 20181003
AhnLab-V3 20181002
Alibaba 20180921
ALYac 20181003
Antiy-AVL 20181003
Arcabit 20181003
Avast-Mobile 20181002
Avira (no cloud) 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181003
CAT-QuickHeal 20181001
ClamAV 20181002
Comodo 20181003
Cyren 20181003
DrWeb 20181003
eGambit 20181003
F-Prot 20181003
F-Secure 20181003
Fortinet 20181003
Ikarus 20181002
Jiangmin 20181003
K7AntiVirus 20181002
K7GW 20181001
Kingsoft 20181003
Malwarebytes 20181003
MAX 20181003
NANO-Antivirus 20181003
Rising 20181003
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181002
Trustlook 20181003
VBA32 20181002
VIPRE 20181003
ViRobot 20181002
Yandex 20180927
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20181002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Micros
Internal name DDODiag
File version 6.1.7601.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-02 21:02:36
Entry Point 0x00005484
Number of sections 4
PE sections
PE imports
AccessCheckAndAuditAlarmW
CryptImportKey
CertCreateCTLContext
SetMiterLimit
GetDCOrgEx
EnumFontFamiliesExA
MaskBlt
GdiSetBatchLimit
GetNetworkParams
GetInterfaceInfo
GetStdHandle
SystemTimeToFileTime
GetBinaryTypeW
lstrcmpiA
GetFileSize
GetModuleHandleA
lstrcatA
GetDefaultCommConfigW
FindFirstFileExA
GetDateFormatW
CloseHandle
IsBadHugeReadPtr
WaitForMultipleObjects
IsThreadAFiber
SetMailslotInfo
GetLocalTime
MprConfigInterfaceCreate
NetLocalGroupDelMembers
SafeArrayRedim
glMultMatrixf
RpcMgmtInqComTimeout
RpcBindingSetAuthInfoExA
SetupQueryInfOriginalFileInformationW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceAlias
SetupDiDeleteDeviceInfo
SHRegSetUSValueW
StrCatBuffW
GetCursorPos
GetLastInputInfo
DefFrameProcW
FlashWindow
SetMenu
GetUpdateRgn
LoadCursorW
IsCharLowerW
CreateDesktopW
RealGetWindowClassA
InternetSetStatusCallbackW
InternetSetOptionA
ReadPrinter
AddFormW
WTHelperCertIsSelfSigned
CryptCATStoreFromHandle
FindCertsByIssuer
Ord(29)
fgetc
memset
wcstod
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:02 14:02:36-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x5484

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4294967295

File identification
MD5 9ca4825e021cbedb3c70fdc5995efe4f
SHA1 680780a949c8e99d8711fcd6a2b41c6dd0c18fa1
SHA256 e71c833861b26b83471c9a3b33c0af6ed7f6151b2888f1ce39dafec309e916f2
ssdeep
1536:pZYIyYgB7VWAKIMISE6VyTqnJuF8oAYr5UYIFAy04QnhHMMZv19gDciH:pZEHCIXSD4q4F8HY0FAL/hH9mL

authentihash 0097f7a7e658fc87a8a929e87d57e1f38f2427795b8f515e91a9e05bb719be2e
imphash cd48fb497d0f791f9ee286a53640b52d
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-02 21:04:51 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-03 20:05:08 UTC ( 4 months, 2 weeks ago )
File names 7858528.EXE
TsT2xpvLmbYZqsn7Dcc.exe
cRMGgaZjltI6.exe
DDODiag
TGQkZ1WLcK9.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!