× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e91d7b109cdd9fefea70771b815aafa43c26f41852f2e8ded80146cbc28abdc1
File name: e91d7b109cdd9fefea70771b815aafa43c26f41852f2e8ded80146cbc28abdc1
Detection ratio: 48 / 70
Analysis date: 2018-12-24 15:37:46 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.GenericKD.40747564 20181224
AegisLab Virus.Win32.Generic.n!c 20181224
AhnLab-V3 Trojan/Win32.Emotet.R243856 20181223
ALYac Trojan.Agent.Emotet 20181224
Arcabit Trojan.Generic.D26DC22C 20181224
Avast Win32:BankerX-gen [Trj] 20181224
AVG Win32:BankerX-gen [Trj] 20181224
Avira (no cloud) HEUR/AGEN.1018103 20181224
BitDefender Trojan.GenericKD.40747564 20181224
Bkav HW32.Packed. 20181224
Comodo Malware@#37nxhisll6gk7 20181224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.53973b 20180225
Cylance Unsafe 20181224
Cyren W32/Trojan.UGLQ-1190 20181224
Emsisoft Trojan.GenericKD.40747564 (B) 20181224
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMWQ 20181224
F-Secure Trojan.GenericKD.40747564 20181224
Fortinet W32/GenKryptik.CQRJ!tr 20181224
GData Trojan.GenericKD.40747564 20181224
Ikarus Trojan-Banker.Emotet 20181224
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00540ea21 ) 20181224
K7GW Trojan ( 00540ea21 ) 20181224
Kaspersky HEUR:Trojan.Win32.Generic 20181224
Malwarebytes Trojan.Emotet 20181224
MAX malware (ai score=80) 20181224
McAfee Emotet-FKM!0E1D3EA53973 20181224
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181224
Microsoft Trojan:Win32/Emotet.AC!bit 20181224
eScan Trojan.GenericKD.40747564 20181224
NANO-Antivirus Virus.Win32.Gen.ccmw 20181224
Palo Alto Networks (Known Signatures) generic.ml 20181224
Panda Trj/GdSda.A 20181224
Qihoo-360 Win32/Trojan.Multi.c78 20181224
Rising Trojan.Kryptik!1.B4D6 (CLOUD) 20181224
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANY 20181224
Symantec ML.Attribute.HighConfidence 20181224
Tencent Win32.Trojan-banker.Emotet.Fsf 20181224
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.SMDS.hp 20181224
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMDS.hp 20181224
VBA32 BScope.Malware-Cryptor.Emotet 20181222
Webroot W32.Trojan.Emotet 20181224
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181224
Alibaba 20180921
Antiy-AVL 20181223
Avast-Mobile 20181224
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181224
ClamAV 20181224
CMC 20181223
DrWeb 20181224
eGambit 20181224
F-Prot 20181224
Jiangmin 20181224
Kingsoft 20181224
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
TheHacker 20181220
Trustlook 20181224
VIPRE 20181224
ViRobot 20181224
Yandex 20181223
Zillya 20181222
Zoner 20181224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name sims
Description Poomare
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 22:07:08
Entry Point 0x000039D0
Number of sections 6
PE sections
PE imports
RegGetKeySecurity
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetDeviceCaps
SwapBuffers
Chord
SetColorSpace
CloseMetaFile
Arc
EndPath
GetFontLanguageInfo
GetIfTable
GetLastError
FindCloseChangeNotification
GetTimeZoneInformation
SetConsoleCP
GetCommandLineW
GetEnvironmentVariableW
GetConsoleDisplayMode
GetSystemTimeAsFileTime
GetSystemTimes
SetCurrentConsoleFontEx
GetProcessIdOfThread
VerifyScripts
GetCurrentThreadId
GetLogicalProcessorInformation
NdrUserMarshalBufferSize
SetupDiOpenClassRegKey
StrCmpLogicalW
SHSetValueA
StrRChrIW
GetCursorPos
GetCaretBlinkTime
DdeUninitialize
GetCursorInfo
ShowOwnedPopups
IsGUIThread
MoveWindow
DeferWindowPos
GetClientRect
GetAncestor
InternetAutodialHangup
InternetConfirmZoneCrossing
iswlower
CoDisconnectContext
OleFlushClipboard
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
15.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Poomare

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x39d0

MIMEType
application/octet-stream

TimeStamp
1996:06:16 15:07:08-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
sims

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0e1d3ea53973bf52a5e9adb03ed7b187
SHA1 df713fd100c7f597f2bf03fd8cd43d6ba4b8c53f
SHA256 e91d7b109cdd9fefea70771b815aafa43c26f41852f2e8ded80146cbc28abdc1
ssdeep
1536:mnXj/5N0KFUJPT8cxHwc5mDJyxbyZ8l7RUnKpt8luKnfU7aR2gpLicDj8J87xeP9:8bUdTjB5mSyc9ntgnfe3IN3MMW+ur

authentihash a5ee2af5a4150deadb83c93c88ab1a6fd03d7e898a7b86d6498b4166692994c9
imphash 3bb213118c092c509366fb6fd2d97ce1
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-11 01:37:10 UTC ( 3 months, 1 week ago )
Last submission 2018-11-11 01:37:10 UTC ( 3 months, 1 week ago )
File names sims
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!