× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea46dcb1aea0a1463a3fd54baa324c28e448235848c061b373ce453f934d40cb
File name: r34t4g33.exe
Detection ratio: 8 / 55
Analysis date: 2016-03-18 10:09:54 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen 20160318
Avast Win32:Malware-gen 20160318
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160317
Kaspersky UDS:DangerousObject.Multi.Generic 20160317
McAfee Trojan-FIBI!74AFA7F3D846 20160318
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160318
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160318
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160318
Ad-Aware 20160318
Yandex 20160316
AhnLab-V3 20160317
Alibaba 20160318
ALYac 20160318
Antiy-AVL 20160318
Arcabit 20160318
AVG 20160318
AVware 20160318
Baidu-International 20160317
BitDefender 20160318
Bkav 20160317
ByteHero 20160318
CAT-QuickHeal 20160318
ClamAV 20160317
CMC 20160316
Comodo 20160318
Cyren 20160318
DrWeb 20160318
Emsisoft 20160318
ESET-NOD32 20160318
F-Prot 20160318
F-Secure 20160318
Fortinet 20160318
GData 20160318
Ikarus 20160318
Jiangmin 20160318
K7AntiVirus 20160318
K7GW 20160318
Malwarebytes 20160318
Microsoft 20160318
eScan 20160318
NANO-Antivirus 20160318
nProtect 20160317
Panda 20160317
Sophos AV 20160318
SUPERAntiSpyware 20160318
Symantec 20160318
Tencent 20160318
TheHacker 20160315
TrendMicro 20160318
TrendMicro-HouseCall 20160318
VBA32 20160317
VIPRE 20160318
ViRobot 20160318
Zillya 20160317
Zoner 20160318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name emt7ren.dll
Internal name emt7ren.dll
File version 5.1.2625.5512 (xpsp.080413-0852)
Description Media
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-18 09:22:52
Entry Point 0x0000105F
Number of sections 8
PE sections
PE imports
GetProcAddress
GetModuleHandleW
isdigit
isprint
_chkstk
sin
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2605.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x105f

OriginalFileName
emt7ren.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2625.5512 (xpsp.080413-0852)

TimeStamp
2016:03:18 10:22:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
emt7ren.dll

ProductVersion
5.1.2625.5512

FileDescription
Media

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
50176

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2605.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

PCAP parents
File identification
MD5 74afa7f3d84647672f0f4b4eec01676e
SHA1 26319909aa2cee4ef748e1d2a0bb8b3ac4312388
SHA256 ea46dcb1aea0a1463a3fd54baa324c28e448235848c061b373ce453f934d40cb
ssdeep
3072:N5mqKIsB0keAoYPOHEfVJEfGpSuusCeeTERpykCbZxb:HmqB7k58wFpSXM2ERpykgZx

authentihash c7ec9c933b415635bb78d3c13e7e768979bcbb36c5b2a349029013847b7dc376
imphash ba466650915b9571c4c951bb260fa94d
File size 176.5 KB ( 180736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-18 09:14:50 UTC ( 1 year, 8 months ago )
Last submission 2016-12-15 18:38:03 UTC ( 11 months, 1 week ago )
File names emt7ren.dll
r34t4g33.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications