× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eca21b8839544a6b2bd5498a1ecdf067f5af2da1fc294c02fc0aebf6464cfef3
Detection ratio: 29 / 62
Analysis date: 2018-03-13 19:05:49 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40176988 20180313
AegisLab Filerepmalware.Gen!c 20180313
AhnLab-V3 Trojan/Win32.Emotet.R222414 20180313
ALYac Trojan.GenericKD.40176988 20180313
Arcabit Trojan.Generic.D2650D5C 20180313
Avast Win32:Malware-gen 20180313
AVG Win32:Malware-gen 20180313
Avira (no cloud) TR/Crypt.ZPACK.orekd 20180313
CAT-QuickHeal Trojan.Multi 20180313
ClamAV Win.Trojan.Emotet-6471015-0 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180313
Cyren W32/Trojan.BCNU-0725 20180313
Emsisoft Trojan.GenericKD.40176988 (B) 20180313
Endgame malicious (high confidence) 20180308
ESET-NOD32 Win32/Emotet.AZ 20180313
F-Secure Trojan.GenericKD.40176988 20180313
Fortinet W32/Kryptik.GDRZ!tr 20180313
Ikarus Trojan-Banker.Emotet 20180313
Kaspersky Trojan-Banker.Win32.Emotet.aasn 20180313
MAX malware (ai score=98) 20180313
McAfee RDN/Generic.grp 20180313
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20180313
Palo Alto Networks (Known Signatures) generic.ml 20180313
Panda Trj/Genetic.gen 20180313
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180313
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Emotet 20180313
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.aasn 20180313
Alibaba 20180313
Avast-Mobile 20180313
AVware 20180313
Bkav 20180313
CMC 20180313
Comodo 20180313
Cybereason None
DrWeb 20180313
eGambit 20180313
F-Prot 20180313
GData 20180313
Sophos ML 20180121
Jiangmin 20180313
K7AntiVirus 20180313
K7GW 20180313
Kingsoft 20180313
Microsoft 20180313
eScan 20180313
NANO-Antivirus 20180313
nProtect 20180313
Qihoo-360 20180313
Sophos AV 20180313
SUPERAntiSpyware 20180313
Tencent 20180313
TheHacker 20180311
TotalDefense 20180313
TrendMicro 20180313
TrendMicro-HouseCall 20180313
Trustlook 20180313
VBA32 20180313
ViRobot 20180313
Webroot 20180313
WhiteArmor 20180223
Yandex 20180313
Zillya 20180313
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-12 10:42:00
Entry Point 0x00005000
Number of sections 9
PE sections
PE imports
SetSecurityDescriptorDacl
RegCreateKeyExA
CreateFontIndirectA
CreateHalftonePalette
GetProfileStringW
GetCurrentProcess
IsWow64Process
ReleaseMutex
LocalAlloc
GetLastError
CreateDirectoryExA
GetFileBandwidthReservation
HeapDestroy
GetUserPreferredUILanguages
CloseHandle
GetTickCount
LocalFree
CreateMutexW
PrepareTape
WaitForMultipleObjects
GetVersion
acmFormatSuggest
RpcMgmtWaitServerListen
RpcServerUnregisterIf
SetupAddToSourceListW
PathRemoveArgsW
GetForegroundWindow
GetCursorInfo
ShowOwnedPopups
CallNextHookEx
LockWindowUpdate
GetCursor
RealChildWindowFromPoint
DestroyCursor
AddClipboardFormatListener
DrawTextW
SetScrollPos
OpenClipboard
SCardConnectA
DisassociateColorProfileFromDeviceW
OleCreateFromFile
OleCreateFromData
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_RCDATA 2
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:12 11:42:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
14.5

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x5000

InitializedDataSize
122880

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 719a78d5cf1dee54767e9e1589ebd993
SHA1 1a68ac76ff301185b9ba1dd95f04b59f747db40d
SHA256 eca21b8839544a6b2bd5498a1ecdf067f5af2da1fc294c02fc0aebf6464cfef3
ssdeep
3072:yIHpknDWY0ZnzwxAVQoneFlKmrKnrrvDyhO9/:dHCD/0FzwxCXicrjWhO9

authentihash e4b509c6e9d5bccaa8d762b14bb10aa9dc9796d732f79ea69d506fb8f66ef495
imphash 278e36ca743d59608fd2d0eed40c7638
File size 133.5 KB ( 136704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-12 10:53:09 UTC ( 7 months, 2 weeks ago )
Last submission 2018-07-16 07:21:39 UTC ( 3 months, 1 week ago )
File names hostevt.exe
Z1CeZ20g3Is.exe
49965.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!