× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb2c11e411a4bd4e122273d8e08d7f20b956e7cee160be4cf95dd45195ffe3ee
File name: emotet_e1_eb2c11e411a4bd4e122273d8e08d7f20b956e7cee160be4cf95dd45...
Detection ratio: 47 / 69
Analysis date: 2019-02-27 01:18:00 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31717438 20190226
AhnLab-V3 Trojan/Win32.Emotet.R256462 20190226
ALYac Trojan.Agent.Emotet 20190226
Arcabit Trojan.Generic.D1E3F83E 20190226
Avast Win32:BankerX-gen [Trj] 20190226
AVG Win32:BankerX-gen [Trj] 20190226
Avira (no cloud) TR/Kryptik.rqtke 20190226
BitDefender Trojan.GenericKD.31717438 20190226
ClamAV Win.Trojan.Emotet-6867663-0 20190226
Comodo Malware@#2sc6b6megqy1k 20190226
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.53d8c4 20190109
Cylance Unsafe 20190226
Emsisoft Trojan.GenericKD.31717438 (B) 20190226
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQCJ 20190226
Fortinet W32/GenKryptik.BSAD!tr 20190226
GData Trojan.GenericKD.31717438 20190226
Ikarus Trojan-Banker.Emotet 20190226
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0052935a1 ) 20190226
K7GW Trojan ( 0052935a1 ) 20190226
Kaspersky Trojan-Banker.Win32.Emotet.chuw 20190226
Malwarebytes Trojan.Emotet 20190226
MAX malware (ai score=84) 20190226
McAfee RDN/Generic.grp 20190226
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190226
Microsoft Trojan:Win32/Emotet.AC!bit 20190226
eScan Trojan.GenericKD.31717438 20190226
NANO-Antivirus Trojan.Win32.Emotet.fnmcws 20190226
Palo Alto Networks (Known Signatures) generic.ml 20190226
Panda Trj/GdSda.A 20190226
Qihoo-360 Win32/Trojan.870 20190226
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190226
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Emotet-Q 20190226
Symantec Trojan.Gen.2 20190226
Tencent Win32.Trojan-banker.Emotet.Alif 20190226
TrendMicro TROJ_FRS.0NA103BN19 20190226
TrendMicro-HouseCall TROJ_FRS.0NA103BN19 20190226
VBA32 BScope.Malware-Cryptor.Emotet 20190226
VIPRE Trojan.Win32.Generic!BT 20190226
ViRobot Trojan.Win32.Z.Emotet.139264.IW 20190226
Webroot W32.Trojan.Emotet 20190226
Yandex Trojan.PWS.Emotet! 20190226
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.chuw 20190226
AegisLab 20190226
Alibaba 20180921
Antiy-AVL 20190226
Avast-Mobile 20190226
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190225
CMC 20190226
Cyren 20190226
DrWeb 20190226
eGambit 20190226
F-Secure 20190226
Jiangmin 20190226
Kingsoft 20190226
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190226
TheHacker 20190224
TotalDefense 20190226
Trapmine 20190123
Trustlook 20190226
Zillya 20190226
Zoner 20190226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name IEDKCS32.DLL
Internal name IEDKCS32
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft Internet Explorer Customization DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-23 01:42:24
Entry Point 0x00002EC5
Number of sections 5
PE sections
PE imports
EnumServicesStatusA
GetPaletteEntries
GetPixel
GetTextExtentPoint32A
GetObjectW
CreatePipe
FormatMessageW
Module32FirstW
EnterCriticalSection
InitAtomTable
IsValidLocaleName
GetFileTime
GlobalAlloc
GetTimeFormatW
CloseHandle
FindNextVolumeMountPointW
GetVersion
GetCommandLineW
lstrcmpW
SetConsoleOutputCP
VarCyFromR8
VarCyCmpR8
VarCyFromI1
GetPwrCapabilities
EnumWindowStationsA
GetWindowRect
ShowOwnedPopups
EnumThreadWindows
DdeAddData
DdeConnectList
GetDesktopWindow
LockWindowUpdate
GetWindowContextHelpId
CloseClipboard
GetWindowInfo
GetProcessWindowStation
srand
strcmp
Number of PE resources by type
RT_STRING 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
131072

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.0.2900.2180

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Internet Explorer Customization DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x2ec5

OriginalFileName
IEDKCS32.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2019:02:23 02:42:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IEDKCS32

ProductVersion
6.00.2900.2180

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.2900.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e6a1f2953d8c4b142ae41f1b56666b3e
SHA1 3dca194fe82bc18593affaff419f0a4ed5c799ff
SHA256 eb2c11e411a4bd4e122273d8e08d7f20b956e7cee160be4cf95dd45195ffe3ee
ssdeep
3072:CuSIpT69qXMj6ToSmrlAzOomiZQgQ924URkKoaeA:Ct9i5ToVuzciZQb9Jmvo

authentihash ef8ea0746c3c0afea4ac07ca7ec71a5dee3305fdd8a4930fc71263d443e90e94
imphash a489c498fad0741429ae1d110c6f20a5
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-22 17:46:52 UTC ( 2 months ago )
Last submission 2019-02-22 23:48:25 UTC ( 2 months ago )
File names a8ny9jrWC.exe
31dr5g6Rz1Pu.exe
piCTyD6D.exe
n3OuoVCK.exe
IEDKCS32
IEDKCS32.DLL
EUkWalaZ.exe
emotet_e1_eb2c11e411a4bd4e122273d8e08d7f20b956e7cee160be4cf95dd45195ffe3ee_2019-02-22__175003.exe_
withoutwordpad.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!