× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8a59392e7210871a2fa08890a4132e1116e82f4f681c4aec006c55bc8adc93d
File name: eLuWHvulRC.exe
Detection ratio: 47 / 71
Analysis date: 2019-01-12 08:56:42 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.40933300 20190112
AegisLab Trojan.Win32.Emotet.4!c 20190112
AhnLab-V3 Trojan/Win32.Emotet.R251399 20190112
ALYac Trojan.Autoruns.GenericKDS.40933300 20190112
Antiy-AVL Trojan[Banker]/Win32.Emotet 20190112
Arcabit Trojan.Autoruns.GenericS.D27097B4 20190112
Avast Win32:BankerX-gen [Trj] 20190112
AVG Win32:BankerX-gen [Trj] 20190112
Avira (no cloud) TR/AD.Emotet.pprwu 20190112
BitDefender Trojan.Autoruns.GenericKDS.40933300 20190112
CAT-QuickHeal Trojan.Emotet.X4 20190111
Comodo Malware@#cazdzvrab36i 20190112
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.f86570 20190109
Cylance Unsafe 20190113
Cyren W32/Trojan.FKGG-1204 20190112
Emsisoft Trojan.Autoruns.GenericKDS.40933300 (B) 20190112
ESET-NOD32 Win32/Emotet.BN 20190112
F-Secure Trojan.Autoruns.GenericKDS.40933300 20190111
Fortinet W32/Emotet.BN!tr 20190112
GData Trojan.Autoruns.GenericKDS.40933300 20190112
Ikarus Trojan.Win32.Emotet 20190112
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0053c4bc1 ) 20190112
K7GW Trojan ( 0053c4bc1 ) 20190112
Kaspersky Trojan-Banker.Win32.Emotet.bysx 20190112
Malwarebytes Trojan.Emotet 20190112
MAX malware (ai score=100) 20190113
McAfee Emotet-FLH!2D9C9727C256 20190112
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20190112
Microsoft Trojan:Win32/Emotet.AC!bit 20190112
eScan Trojan.Autoruns.GenericKDS.40933300 20190112
NANO-Antivirus Virus.Win32.Gen.ccmw 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190113
Panda Trj/GdSda.A 20190112
Qihoo-360 HEUR/QVM20.1.7304.Malware.Gen 20190113
Rising Trojan.Emotet!8.B95 (CLOUD) 20190112
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190112
Symantec Trojan.Emotet 20190112
Tencent Win32.Trojan-banker.Emotet.Hugi 20190113
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAAAI 20190112
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAAAI 20190113
VIPRE Trojan.Win32.Generic!BT 20190112
Webroot W32.Trojan.Emotet 20190113
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bysx 20190112
Acronis 20190111
Alibaba 20180921
Avast-Mobile 20190112
Babable 20180918
Baidu 20190111
Bkav 20190108
ClamAV 20190112
CMC 20190112
DrWeb 20190112
eGambit 20190113
Endgame 20181108
F-Prot 20190112
Jiangmin 20190112
Kingsoft 20190113
SUPERAntiSpyware 20190109
TACHYON 20190112
TheHacker 20190106
TotalDefense 20190112
Trustlook 20190113
VBA32 20190111
ViRobot 20190113
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1995-2003 Ahead Software and its licensors

Product Nero Burning ROM
File version 6, 3, 0, 2
Description Nero Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-10 15:01:23
Entry Point 0x0000586D
Number of sections 4
PE sections
PE imports
GetCurrentHwProfileW
CreateProcessWithLogonW
IsWellKnownSid
GetTextCharsetInfo
CreatePalette
DPtoLP
GetFontUnicodeRanges
GetUserDefaultUILanguage
HeapFree
LoadLibraryW
HeapAlloc
FindNLSString
GlobalUnlock
GetFileAttributesW
GetLocalTime
OpenFile
GetCurrentProcess
EnumSystemLocalesA
Wow64DisableWow64FsRedirection
GetWindowsDirectoryA
GetDateFormatW
MultiByteToWideChar
GetFileInformationByHandle
GetCommandLineA
GlobalLock
FlsFree
GetProcessHeap
CreateFileMappingW
MapViewOfFile
GetTimeFormatW
GetCurrentProcessorNumber
CreateThread
GetModuleFileNameW
SetDefaultCommConfigA
InterlockedExchange
GetCommTimeouts
Wow64RevertWow64FsRedirection
QueryIdleProcessorCycleTime
GetModuleHandleW
GetBinaryTypeA
FormatMessageW
IsWow64Process
FreeLibraryAndExitThread
UnmapViewOfFile
GlobalAlloc
FindResourceA
LZSeek
LZInit
VarCyAdd
BSTR_UserUnmarshal
CM_Get_DevNode_Registry_PropertyA
SetupDiGetINFClassW
StrPBrkW
PathIsFileSpecW
FreeCredentialsHandle
RegisterWindowMessageW
GetForegroundWindow
UpdateWindow
GetMessageW
DefWindowProcW
MoveWindow
RegisterClassExW
PostQuitMessage
SetWinEventHook
MessageBeep
SetWindowPos
SetScrollPos
GetSystemMetrics
SetWindowLongW
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
DialogBoxParamW
GetSystemMenu
PostMessageW
SetActiveWindow
GetDC
CreateDialogParamW
CharNextExA
GetWindowPlacement
SetCursor
IsIconic
InvalidateRect
GetWindowLongA
IsClipboardFormatAvailable
LoadImageW
GetKeyboardLayout
FindWindowW
GetWindowTextW
LoadCursorW
LoadIconW
GetWindowTextLengthW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
DestroyWindow
OpenClipboard
strstr
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
GERMAN 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
6, 3, 0, 2b

SubsystemVersion
5.0

InitializedDataSize
172032

ImageVersion
0.0

ProductName
Nero Burning ROM

FileVersionNumber
6.3.0.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6, 3, 0, 2

TimeStamp
2019:01:10 07:01:23-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6, 3, 0, 2

FileDescription
Nero Library

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1995-2003 Ahead Software and its licensors

MachineType
Intel 386 or later, and compatibles

CompanyName
Ahead Software AG

CodeSize
0

FileSubtype
0

ProductVersionNumber
6.3.0.2

EntryPoint
0x586d

ObjectFileType
Dynamic link library

File identification
MD5 2d9c9727c256a55c5eba2926f51736c4
SHA1 6f1f2b3f86570f46eef352136ec5fb87e84ddf12
SHA256 e8a59392e7210871a2fa08890a4132e1116e82f4f681c4aec006c55bc8adc93d
ssdeep
3072:uxaGpCGwTcAK7nmNsbZH3rpQnyGApicFNwPCU4Z:uQVgd7nbZH3rpgAYcFs

authentihash 8493e5d1aaf6a6c0fcf49a2eed2f6946f1686c7d24e46dbbd9380a904f1c6624
imphash ce140b8e63b4f67d62c3def57cc62f2b
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-10 08:00:47 UTC ( 1 month, 1 week ago )
Last submission 2019-01-19 00:17:12 UTC ( 1 month ago )
File names eLuWHvulRC.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!