× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9f131261ca3f71a692ab39d23e0dcef3694a2a7b8f3fc7595e013bcb38f519f
File name: s5L4mY26YJNxWtC.exe
Detection ratio: 30 / 66
Analysis date: 2018-08-16 07:09:24 UTC ( 6 months ago ) View latest
Antivirus Result Update
ALYac Trojan.Agent.Emotet 20180816
Avast FileRepMalware 20180816
AVG FileRepMalware 20180816
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180816
BitDefender Trojan.GenericKD.40403958 20180816
Comodo CloudScanner.Trojan.Gen 20180816
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180816
Emsisoft Trojan.GenericKD.40403958 (B) 20180816
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJWM 20180816
Fortinet W32/GenKryptik.CHTY!tr 20180816
GData Win32.Trojan-Spy.Emotet.XEZ0IR 20180816
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 004e08351 ) 20180816
K7GW Trojan ( 004e08351 ) 20180816
Kaspersky Trojan-Banker.Win32.Emotet.bavm 20180816
Malwarebytes Trojan.Emotet 20180816
McAfee RDN/Generic.grp 20180816
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.ch 20180816
Microsoft Trojan:Win32/Emotet.AC!bit 20180816
Palo Alto Networks (Known Signatures) generic.ml 20180816
Qihoo-360 HEUR/QVM20.1.3595.Malware.Gen 20180816
Rising Trojan.Cloxer!8.F54F (CLOUD) 20180816
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180816
TrendMicro-HouseCall Suspicious_GEN.F47V0816 20180816
VBA32 BScope.TrojanBanker.Emotet 20180815
Webroot W32.Trojan.Emotet 20180816
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bavm 20180816
Ad-Aware 20180816
AegisLab 20180816
AhnLab-V3 20180816
Antiy-AVL 20180816
Arcabit 20180816
Avast-Mobile 20180816
Avira (no cloud) 20180816
AVware 20180816
Babable 20180725
Bkav 20180816
CAT-QuickHeal 20180814
ClamAV 20180816
CMC 20180812
Cybereason 20180225
Cyren 20180816
DrWeb 20180816
eGambit 20180816
F-Prot 20180816
F-Secure 20180816
Ikarus 20180815
Jiangmin 20180816
Kingsoft 20180816
MAX 20180816
eScan 20180816
NANO-Antivirus 20180816
Panda 20180815
Sophos AV 20180816
SUPERAntiSpyware 20180816
Symantec Mobile Insight 20180814
TACHYON 20180816
Tencent 20180816
TheHacker 20180815
TrendMicro 20180816
Trustlook 20180816
VIPRE 20180816
ViRobot 20180816
Yandex 20180815
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hrelklewlkhr.

Description Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-16 00:15:58
Entry Point 0x00022CC6
Number of sections 5
PE sections
PE imports
InitializeSid
GetSecurityDescriptorControl
GetClusterResourceNetworkName
GetTextCharsetInfo
GetMetaFileA
GetMiterLimit
GetArcDirection
GetClipRgn
GetCharacterPlacementW
GetCurrentPositionEx
GetBkColor
FrameRgn
GetSystemPaletteUse
GetDIBits
GetFontLanguageInfo
GetPixel
GetUserDefaultUILanguage
EnumResourceNamesW
lstrlenA
GetLongPathNameW
GetTimeZoneInformation
GetPrivateProfileStringA
FindNextVolumeW
GetModuleHandleA
LoadResource
LocalFree
EraseTape
GetProfileSectionW
VirtualFree
FlsGetValue
GetStringTypeExA
FlsFree
GetThreadContext
GetProfileIntA
FatalAppExitA
RasSetAutodialParamA
ExtractIconExA
FreeContextBuffer
LoadKeyboardLayoutA
GetUserObjectInformationW
GetProcessDefaultLayout
GetForegroundWindow
LoadIconA
DestroyIcon
GetTopWindow
InsertMenuItemW
LookupIconIdFromDirectory
GetQueueStatus
GetClientRect
MonitorFromWindow
GetScrollPos
GetWindowModuleFileNameW
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMessagePos
MessageBoxIndirectW
GetMenuDefaultItem
GetPropA
GetMenuBarInfo
GetUrlCacheEntryInfoA
DeletePrinterDriverW
GetPrinterDriverDirectoryA
GetColorProfileElement
strncmp
CoWaitForMultipleHandles
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
28160

EntryPoint
0x22cc6

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:08:16 02:15:58+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Win32

LegalCopyright
hrelklewlkhr.

MachineType
Intel 386 or later, and compatibles

CodeSize
147456

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 fe7626a97651e76baed4c2952cd7601a
SHA1 37e284eb0f181b47ad23e2fd24fe8ec8acc238ab
SHA256 e9f131261ca3f71a692ab39d23e0dcef3694a2a7b8f3fc7595e013bcb38f519f
ssdeep
3072:Yynw2ZkajHQbdKCEP39zo8/qe/FGrVB7WN:KYkq08p9Jt9Gr

authentihash f6c6152f9ae0ba016664b7cdf2fefa0d057378ce03f49d2677f159a2b4789443
imphash 8425b3423430769d228e28d162faa594
File size 172.5 KB ( 176640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-16 00:21:51 UTC ( 6 months ago )
Last submission 2018-08-23 11:37:47 UTC ( 5 months, 3 weeks ago )
File names 18.exe
s5L4mY26YJNxWtC.exe
95173.exe
6.exe
40776741.exe
70.exe
0.exe
81.exe
9.exe
032987.exe
7876999.exe
7637322.exe
32957088.EXE
1411.exe
32040696.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!