× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb014062bc50a7ff980df1f5fccc34684f9872ef8be5d1c1a97df5d96ade2db8
File name: DgkgAI6aVmu.exe
Detection ratio: 48 / 72
Analysis date: 2019-01-21 19:38:56 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.40960357 20190121
AhnLab-V3 Malware/Gen.Generic.C2949058 20190121
ALYac Trojan.GenericKD.40960357 20190121
Arcabit Trojan.Generic.D2710165 20190121
Avast Win32:BankerX-gen [Trj] 20190121
AVG Win32:BankerX-gen [Trj] 20190121
BitDefender Trojan.GenericKD.40960357 20190121
Bkav HW32.Packed. 20190121
CAT-QuickHeal Trojan.Emotet 20190121
ClamAV Win.Trojan.Emotet-6823016-0 20190121
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190121
Cyren W32/GenBl.D1EA1DB9!Olympus 20190121
eGambit Unsafe.AI_Score_86% 20190121
Emsisoft Trojan.GenericKD.40960357 (B) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOUO 20190121
F-Secure Trojan.GenericKD.40960357 20190121
Fortinet W32/GenKryptik.CWZP!tr 20190121
GData Trojan.GenericKD.40960357 20190121
Ikarus Trojan.Win32.Krypt 20190121
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545f821 ) 20190121
K7GW Trojan ( 00545f821 ) 20190121
Kaspersky Trojan-Banker.Win32.Emotet.card 20190121
Malwarebytes Trojan.Emotet 20190121
MAX malware (ai score=81) 20190121
McAfee Emotet-FLI!D1EA1DB9DA24 20190121
McAfee-GW-Edition BehavesLike.Win32.VirRansom.ch 20190121
Microsoft Trojan:Win32/Emotet.AC!bit 20190121
eScan Trojan.GenericKD.40960357 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Trj/CI.A 20190121
Qihoo-360 HEUR/QVM20.1.A7B1.Malware.Gen 20190121
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190121
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/EncPk-AOI 20190121
Symantec Trojan.Gen.2 20190121
Tencent Win32.Trojan-banker.Emotet.Wsac 20190121
Trapmine malicious.high.ml.score 20190102
TrendMicro TROJ_GEN.F0C2C00AK19 20190121
TrendMicro-HouseCall TROJ_GEN.F0C2C00AK19 20190121
VBA32 BScope.Malware-Cryptor.Emotet 20190121
VIPRE Trojan.Win32.Generic!BT 20190121
ViRobot Trojan.Win32.Emotet.151552.F 20190121
Webroot W32.Trojan.Emotet 20190121
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.card 20190121
AegisLab 20190121
Alibaba 20180921
Antiy-AVL 20190121
Avast-Mobile 20190120
Avira (no cloud) 20190121
AVware 20180925
Babable 20180917
Baidu 20190120
CMC 20190121
Comodo 20190121
Cybereason 20190109
DrWeb 20190121
F-Prot 20190121
Jiangmin 20190121
Kingsoft 20190121
NANO-Antivirus 20190121
SUPERAntiSpyware 20190116
TACHYON 20190120
TheHacker 20190118
TotalDefense 20190121
Trustlook 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-09 09:45:28
Entry Point 0x00003B70
Number of sections 10
PE sections
PE imports
IsValidAcl
GetNativeSystemInfo
AttachConsole
GetPriorityClass
GetThreadId
HeapCreate
CreateFileW
GetCommandLineW
SetConsoleTextAttribute
GetCurrentThreadId
SetConsoleScreenBufferSize
GetAsyncKeyState
GetListBoxInfo
IsDlgButtonChecked
MoveWindow
CreateIconIndirect
GetWindowInfo
IsDialogMessageA
SCardListReaderGroupsW
Number of PE resources by type
RT_DIALOG 7
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1994:07:09 11:45:28+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3b70

InitializedDataSize
143360

SubsystemVersion
6.1

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 d1ea1db9da2410ea07881db60290232b
SHA1 d62ff4c1f80da5a21beccbd81772b4a72d237830
SHA256 eb014062bc50a7ff980df1f5fccc34684f9872ef8be5d1c1a97df5d96ade2db8
ssdeep
3072:umZP16B72m/10QPH4cs3yKuqnp8gOF+4C:umZP472m/1l4pyKuqn

authentihash 3b0ef5bc74b9cc9581ab1d10aa67092c917bb2e193edc596d6bc59a252de0cbd
imphash 6569b6b68d4b06d8f7a4abb4da5eb62a
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-19 15:48:11 UTC ( 4 months ago )
Last submission 2019-01-20 15:52:21 UTC ( 4 months ago )
File names 929.exe
DgkgAI6aVmu.exe
639.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!