Antivirus scan for e91d7b109cdd9fefea70771b815aafa43c26f41852f2e8ded80146cbc28abdc1 at 2018-12-24 15:37:46 UTC

Antivirus	Result	Update
Acronis	malware	20181224
Ad-Aware	Trojan.GenericKD.40747564	20181224
AegisLab	Virus.Win32.Generic.n!c	20181224
AhnLab-V3	Trojan/Win32.Emotet.R243856	20181223
ALYac	Trojan.Agent.Emotet	20181224
Arcabit	Trojan.Generic.D26DC22C	20181224
Avast	Win32:BankerX-gen [Trj]	20181224
AVG	Win32:BankerX-gen [Trj]	20181224
Avira (no cloud)	HEUR/AGEN.1018103	20181224
BitDefender	Trojan.GenericKD.40747564	20181224
Bkav	HW32.Packed.	20181224
Comodo	Malware@#37nxhisll6gk7	20181224
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20181022
Cybereason	malicious.53973b	20180225
Cylance	Unsafe	20181224
Cyren	W32/Trojan.UGLQ-1190	20181224
Emsisoft	Trojan.GenericKD.40747564 (B)	20181224
Endgame	malicious (high confidence)	20181108
ESET-NOD32	a variant of Win32/Kryptik.GMWQ	20181224
F-Secure	Trojan.GenericKD.40747564	20181224
Fortinet	W32/GenKryptik.CQRJ!tr	20181224
GData	Trojan.GenericKD.40747564	20181224
Ikarus	Trojan-Banker.Emotet	20181224
Sophos ML	heuristic	20181128
K7AntiVirus	Trojan ( 00540ea21 )	20181224
K7GW	Trojan ( 00540ea21 )	20181224
Kaspersky	HEUR:Trojan.Win32.Generic	20181224
Malwarebytes	Trojan.Emotet	20181224
MAX	malware (ai score=80)	20181224
McAfee	Emotet-FKM!0E1D3EA53973	20181224
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc	20181224
Microsoft	Trojan:Win32/Emotet.AC!bit	20181224
eScan	Trojan.GenericKD.40747564	20181224
NANO-Antivirus	Virus.Win32.Gen.ccmw	20181224
Palo Alto Networks (Known Signatures)	generic.ml	20181224
Panda	Trj/GdSda.A	20181224
Qihoo-360	Win32/Trojan.Multi.c78	20181224
Rising	Trojan.Kryptik!1.B4D6 (CLOUD)	20181224
SentinelOne (Static ML)	static engine - malicious	20181223
Sophos AV	Mal/EncPk-ANY	20181224
Symantec	ML.Attribute.HighConfidence	20181224
Tencent	Win32.Trojan-banker.Emotet.Fsf	20181224
Trapmine	malicious.moderate.ml.score	20181205
TrendMicro	TrojanSpy.Win32.EMOTET.SMDS.hp	20181224
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.SMDS.hp	20181224
VBA32	BScope.Malware-Cryptor.Emotet	20181222
Webroot	W32.Trojan.Emotet	20181224
ZoneAlarm by Check Point	HEUR:Trojan.Win32.Generic	20181224
Alibaba		20180921
Antiy-AVL		20181223
Avast-Mobile		20181224
Babable		20180918
Baidu		20181207
CAT-QuickHeal		20181224
ClamAV		20181224
CMC		20181223
DrWeb		20181224
eGambit		20181224
F-Prot		20181224
Jiangmin		20181224
Kingsoft		20181224
SUPERAntiSpyware		20181220
Symantec Mobile Insight		20181215
TACHYON		20181224
TheHacker		20181220
Trustlook		20181224
VIPRE		20181224
ViRobot		20181224
Yandex		20181223
Zillya		20181222
Zoner		20181224

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Internal name sims

Description Poomare

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1996-06-16 22:07:08

Entry Point 0x000039D0

Number of sections 6

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

DATA 4096 11584 12288 6.24 3c7f21b43b1df7d090fcccdc8a64d8c2

.rdata 16384 2542 4096 3.44 cc9c1fbb22db8471823685b3545e3194

.data 20480 9428 4096 1.64 2dd0d7a5437f2728d1e68ed708879784

CODE 32768 98559 102400 7.88 b32c78ea15ea44c0a2c2f3b99b1c3848

.rsrc 135168 1864 4096 1.73 ed55b8312871d33ac8a75d8dfe32f9d5

.data 139264 344 4096 0.85 f31e621ad0d38726222d7669cd751689

PE imports

Number of PE resources by type

RT_STRING 3

RT_VERSION 1

Number of PE resources by language

NORWEGIAN BOKMAL 4

PE resources

043682eb90c932a3cc5509e78b522fe3f84bf8096075270a4eebc2b2bdd973a4 ASCII text

09e9e22cc3cf9d21653f18d5accc5053b87ad2076303cb4ffc94e39988e5c97c ASCII text

6bae1a786b8e28868979473eed80244f6c0752cb0858e6f3cdd5e3d2a001d4bd data

cd1984df43d496bc1cbe563defbc6e33357f2bff36c7fdae379339c09e6e9a1d ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Sun Jun 16 22:07:08 1996 17284 36 Bytes

12 (12) Sun Nov 11 01:30:39 2018 17408 20 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

15.0

ImageVersion

1.1

FileVersionNumber

1.6.0.0

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

Poomare

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Unicode

Microsoft Corporation. All r

EntryPoint

0x39d0

MIMEType

application/octet-stream

TimeStamp

1996:06:16 15:07:08-07:00

FileType

Win32 EXE

PEType

PE32

InternalName

sims

SubsystemVersion

5.0

OSVersion

6.0

FileOS

Windows NT 32-bit

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Micr

TVersion

1.0

CodeSize

12288

FileSubtype

ProductVersionNumber

1.6.0.0

InitializedDataSize

126976

FileTypeExtension

exe

ObjectFileType

Executable application

File identification

MD5 0e1d3ea53973bf52a5e9adb03ed7b187

SHA1 df713fd100c7f597f2bf03fd8cd43d6ba4b8c53f

SHA256 e91d7b109cdd9fefea70771b815aafa43c26f41852f2e8ded80146cbc28abdc1

ssdeep

1536:mnXj/5N0KFUJPT8cxHwc5mDJyxbyZ8l7RUnKpt8luKnfU7aR2gpLicDj8J87xeP9:8bUdTjB5mSyc9ntgnfe3IN3MMW+ur

authentihash a5ee2af5a4150deadb83c93c88ab1a6fd03d7e898a7b86d6498b4166692994c9

imphash 3bb213118c092c509366fb6fd2d97ce1

File size 132.0 KB ( 135168 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (34.2%) Win32 Executable (generic) (23.4%) Win16/32 Executable Delphi generic (10.7%) OS/2 Executable (generic) (10.5%) Generic Win/DOS Executable (10.4%)

VirusTotal metadata

First submission 2018-11-11 01:37:10 UTC ( 3 months, 1 week ago )

Last submission 2018-11-11 01:37:10 UTC ( 3 months, 1 week ago )

File names