× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec7824f0cea0c5e64a9c2146c055c063b6b597455a93206899a610992b5a8cda
File name: 8mgRcaIgA.exe
Detection ratio: 35 / 70
Analysis date: 2018-12-29 10:33:56 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40882594 20181229
Arcabit Trojan.Generic.D26FD1A2 20181229
Avast Win32:MalwareX-gen [Trj] 20181229
AVG Win32:MalwareX-gen [Trj] 20181229
BitDefender Trojan.GenericKD.40882594 20181229
Bkav HW32.Packed. 20181227
Comodo Malware@#33uq1majz5ju4 20181229
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.f9c72c 20180225
Cylance Unsafe 20181229
Cyren W32/Trojan.CWWT-2966 20181229
eGambit Unsafe.AI_Score_82% 20181229
Emsisoft Trojan.GenericKD.40882594 (B) 20181229
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVHT 20181229
F-Secure Trojan.GenericKD.40882594 20181229
GData Win32.Trojan-Spy.Emotet.IOMIHR 20181229
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181229
K7GW Riskware ( 0040eff71 ) 20181229
Kaspersky Trojan-Banker.Win32.Emotet.bxem 20181229
Malwarebytes Trojan.Emotet 20181229
McAfee Emotet-FID!52A4D2715359 20181229
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20181229
Microsoft Trojan:Win32/Emotet.AC!bit 20181229
eScan Trojan.GenericKD.40882594 20181229
Palo Alto Networks (Known Signatures) generic.ml 20181229
Qihoo-360 Win32/Trojan.5a7 20181229
Rising Trojan.Fuery!8.EAFB (CLOUD) 20181229
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20181229
Symantec Trojan.Emotet 20181228
Trapmine malicious.high.ml.score 20181205
Webroot W32.Trojan.Emotet 20181229
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bxem 20181229
Acronis 20181227
AegisLab 20181229
AhnLab-V3 20181228
Alibaba 20180921
ALYac 20181229
Antiy-AVL 20181229
Avast-Mobile 20181228
Avira (no cloud) 20181228
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181228
ClamAV 20181229
CMC 20181228
DrWeb 20181229
F-Prot 20181229
Fortinet 20181229
Ikarus 20181228
Jiangmin 20181229
Kingsoft 20181229
MAX 20181229
NANO-Antivirus 20181229
Panda 20181228
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181229
Tencent 20181229
TheHacker 20181225
TotalDefense 20181229
TrendMicro 20181229
TrendMicro-HouseCall 20181229
Trustlook 20181229
VBA32 20181229
ViRobot 20181228
Yandex 20181227
Zillya 20181228
Zoner 20181229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-14 22:00:48
Entry Point 0x00002A60
Number of sections 9
PE sections
PE imports
PlayMetaFile
CancelIoEx
ReadFile
GetCommandLineW
DeleteTimerQueue
GetLocalTime
CloseHandle
GetCursorPos
DestroyIcon
GetActiveWindow
GetLastActivePopup
SetRectEmpty
GetWindowInfo
GetShellWindow
GetWindow
SetWindowPos
SCardForgetCardTypeW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
MALTESE DEFAULT 1
PE resources
Debug information
ExifTool file metadata
CodeSize
8192

UninitializedDataSize
114688

LinkerVersion
15.0

ImageVersion
0.0

FileVersionNumber
5.1.2600.2180

LanguageCode
Unknown ()

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

InitializedDataSize
0

EntryPoint
0x2a60

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
5.1.2600.2180

TimeStamp
2002:07:15 00:00:48+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
5.1.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 52a4d271535987c6443e9778147881ab
SHA1 a4c3454f9c72c5e3f177a52fc6a6ec7a5f5904bf
SHA256 ec7824f0cea0c5e64a9c2146c055c063b6b597455a93206899a610992b5a8cda
ssdeep
3072:sWkCVWwrPVK1D4QxWzLkRY+UrH84cE/5O:snkWwrPc1D4Q0ngxUrH8Y5

authentihash 9ebb6daca3dbb50ac034639aa7e4c48d196f19b36fc917cc94528fb761ee92be
imphash 0554e435ef5f12492181d9b74415cea2
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-28 12:03:33 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-28 12:03:33 UTC ( 1 month, 3 weeks ago )
File names 8mgRcaIgA.exe
rolecyrl.exe
e3cebf8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!