× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: ed96c1d12554779cdef56ebd87ac4390815c006cb7771608297377cabc3a8023
File name: ed96c1d12554779cdef56ebd87ac4390815c006cb7771608297377cabc3a8023
Detection ratio: 23 / 69
Analysis date: 2018-09-30 05:46:58 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40544786 20180930
AVG FileRepMalware 20180930
Bkav HW32.Packed. 20180928
CAT-QuickHeal Trojan.Emotet.X4 20180929
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.c3b8ad 20180225
Cylance Unsafe 20180930
Emsisoft Trojan.GenericKD.40544786 (B) 20180930
Endgame malicious (high confidence) 20180730
GData Win32.Trojan-Spy.Emotet.DGXUY4 20180930
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bfps 20180930
McAfee Artemis!BED3D35C3B8A 20180930
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180930
Microsoft Trojan:Win32/Fuerboos.A!cl 20180930
eScan Trojan.GenericKD.40544786 20180930
Palo Alto Networks (Known Signatures) generic.ml 20180930
Qihoo-360 Win32/Trojan.c84 20180930
Rising Trojan.Emotet!8.B95 (CLOUD) 20180930
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ML.Attribute.HighConfidence 20180929
VBA32 Malware-Cryptor.Limpopo 20180928
Webroot W32.Trojan.Emotet 20180930
AegisLab 20180930
AhnLab-V3 20180929
Alibaba 20180921
ALYac 20180930
Antiy-AVL 20180930
Arcabit 20180930
Avast 20180930
Avast-Mobile 20180928
Avira (no cloud) 20180929
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20180930
ClamAV 20180930
CMC 20180930
Comodo 20180930
Cyren 20180930
DrWeb 20180930
eGambit 20180930
ESET-NOD32 20180930
F-Prot 20180930
F-Secure 20180930
Fortinet 20180930
Ikarus 20180929
Jiangmin 20180930
K7AntiVirus 20180930
K7GW 20180929
Kingsoft 20180930
Malwarebytes 20180930
MAX 20180930
NANO-Antivirus 20180930
Panda 20180929
Sophos AV 20180930
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180930
Tencent 20180930
TheHacker 20180927
TotalDefense 20180930
TrendMicro 20180930
TrendMicro-HouseCall 20180930
Trustlook 20180930
VIPRE 20180930
ViRobot 20180929
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp.

Product 3D Windows Controls
Internal name CTL3D32
File version 2.31.000
Description Ctl3D 3D Windows Controls
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-30 05:45:20
Entry Point 0x00018392
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
QueryUsersOnEncryptedFile
[+] CRYPT32.dll
CryptStringToBinaryA
[+] GDI32.dll
StrokePath
GetTextExtentExPointI
GetSystemPaletteEntries
[+] KERNEL32.dll
HeapCompact
GetModuleHandleA
FlushFileBuffers
GetSystemDefaultLCID
GetSystemTimes
GetCommandLineA
SetFileBandwidthReservation
[+] OLEAUT32.dll
SysAllocStringByteLen
[+] USER32.dll
ToUnicodeEx
DdeQueryConvInfo
BeginDeferWindowPos
GetProcessWindowStation
GetScrollPos
[+] WININET.dll
GetUrlCacheEntryInfoExA
[+] WINSPOOL.DRV
OpenPrinterW
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.31.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ctl3D 3D Windows Controls

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
1454080

EntryPoint
0x18392

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
2.31.000

TimeStamp
2018:09:30 07:45:20+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CTL3D32

ProductVersion
2,31,0,0

SubsystemVersion
5.0

OSVersion
5.2

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
99840

ProductName
3D Windows Controls

ProductVersionNumber
2.31.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 bed3d35c3b8adecca48a3b16d6c7a6fe
SHA1 4cfcb04350e198faab9a07a50ea54bfbe0831403
SHA256 ed96c1d12554779cdef56ebd87ac4390815c006cb7771608297377cabc3a8023
ssdeep
3072:V36Xtv0E4Xsxt7tncG/jdjZKYznEyzgb0aP4:EXB0LcxFz3LzvzSF

authentihash 3e65d42e102797e70210374cfeb57531d86876d2e2b33ac611667db69d092651
imphash 3d27a4c12dabbfc0ba36cd8acf8e3f45
File size 104.0 KB ( 106496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-29 22:48:45 UTC ( 4 months, 3 weeks ago )
Last submission 2018-10-04 08:12:11 UTC ( 4 months, 2 weeks ago )
File names i2ySTY.exe
CTL3D32
16640400.exe
CdF3sNAQKABj.exe
Advanced heuristic and reputation engines
F-Secure Deepguard Suspicious:W32/Malware!Online
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy