Antivirus scan for efc25ea05a50c84ddd554ef4a2098ca1468e9137efb3044245878aab27a2a004 at 2018-06-15 00:21:27 UTC

Antivirus	Result	Update
Ad-Aware	Trojan.GenericKD.30968276	20180614
AegisLab	Uds.Dangerousobject.Multi!c	20180614
AhnLab-V3	Trojan/Win32.Emotet.R230137	20180614
ALYac	Trojan.GenericKD.30968276	20180614
Arcabit	Trojan.Generic.D1D889D4	20180614
Avast	Win32:Malware-gen	20180615
AVG	Win32:Malware-gen	20180615
Avira (no cloud)	TR/Crypt.ZPACK.AG	20180615
AVware	Trojan.Win32.Generic!BT	20180615
Babable	Malware.HighConfidence	20180406
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9999	20180614
BitDefender	Trojan.GenericKD.30968276	20180615
CAT-QuickHeal	Trojan.Drixed.100454	20180614
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20180530
Cybereason	malicious.b06889	20180225
Cylance	Unsafe	20180615
Cyren	W32/Emotet.BZ.gen!Eldorado	20180615
Emsisoft	Trojan.Emotet (A)	20180614
Endgame	malicious (high confidence)	20180612
ESET-NOD32	a variant of Win32/Kryptik.GHSP	20180614
F-Prot	W32/Emotet.BZ.gen!Eldorado	20180614
F-Secure	Trojan.GenericKD.30968276	20180614
Fortinet	W32/Kryptik.GHSP!tr	20180614
GData	Win32.Trojan-Spy.Emotet.RI	20180614
Ikarus	Trojan-Banker.Emotet	20180614
Sophos ML	heuristic	20180601
K7AntiVirus	Trojan ( 005345c11 )	20180614
K7GW	Trojan ( 005345c11 )	20180615
Kaspersky	Trojan.Win32.Dovs.opz	20180614
Malwarebytes	Trojan.Downloader	20180614
MAX	malware (ai score=94)	20180615
McAfee	Emotet-FHK!31210E67FE3B	20180615
McAfee-GW-Edition	BehavesLike.Win32.Emotet.ch	20180614
Microsoft	Trojan:Win32/Cloxer.D!cl	20180614
eScan	Trojan.GenericKD.30968276	20180615
NANO-Antivirus	Trojan.Win32.Dovs.fealzj	20180614
Palo Alto Networks (Known Signatures)	generic.ml	20180615
Panda	Trj/Genetic.gen	20180614
Qihoo-360	Win32/Trojan.Multi.fd5	20180615
SentinelOne (Static ML)	static engine - malicious	20180225
Sophos AV	Mal/EncPk-ANR	20180615
Symantec	Trojan.Emotet	20180614
TrendMicro	TSPY_HPEMOTET.SMAL8	20180615
TrendMicro-HouseCall	TSPY_HPEMOTET.SMAL8	20180615
VBA32	Malware-Cryptor.Limpopo	20180614
Webroot	W32.Trojan.Emotet	20180615
ZoneAlarm by Check Point	Trojan.Win32.Dovs.opz	20180614
Alibaba		20180614
Antiy-AVL		20180615
Avast-Mobile		20180614
Bkav		20180614
ClamAV		20180614
CMC		20180614
Comodo		20180614
DrWeb		20180614
eGambit		20180615
Jiangmin		20180615
Kingsoft		20180615
Rising		20180615
SUPERAntiSpyware		20180614
Symantec Mobile Insight		20180614
TACHYON		20180614
Tencent		20180615
TheHacker		20180613
TotalDefense		20180614
Trustlook		20180615
VIPRE		20180615
ViRobot		20180614
Yandex		20180614
Zillya		20180614
Zoner		20180614

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2014-06-17 17:53:43

Entry Point 0x00001422

Number of sections 5

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 9318 12288 5.29 9b7b4a843b4da4e21821c6c44d1c2203

.rdata 16384 12950 16384 6.09 12ed39968b0c187f899a25daababb662

.pdata 32768 66852 65536 7.46 7cdf993e87e078f2b8c750bbb7d4975a

.rsrc 102400 16848 20480 4.28 7c13e85ab3eaeeef8d00c3a41dfcfaf5

.reloc 122880 388 4096 0.92 304586b2ad06c7274c714f3b8c9f601e

PE imports

Number of PE resources by type

RT_BITMAP 3

RT_STRING 3

Number of PE resources by language

NEUTRAL 5

NEUTRAL DEFAULT 1

PE resources

3cec6fb833450f167c1ab631b5e15a71681e13e610c2c9f8a74fa5d2c5bab78c ASCII text

460532c82070521b09213c1e85cde0ef99fcb0a7a55075b8e1851ea712f00f7b data

6dc80580045e1e6c518b118b202ad12650002321821217bc498952a2b159f1e0 data

86972be5229ebdcab788bb5ec77234a62f7a591aeb34e1e6f25b1f95bab43f34 ASCII text

aa9cb8eca27bd3fc69b9e1f60c9729e4291aa74cc717a7368ffaa15d394bd617 data

cb58180d2d4b0b405daaa4e957d56946a041601ae9084a5c00b69cb9b2d53f76 data

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Wed Jun 13 16:30:39 2018 28224 40 Bytes

12 (12) Wed Jun 13 16:30:39 2018 28348 20 Bytes

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

2014:06:17 10:53:43-07:00

FileType

Win32 EXE

PEType

PE32

CodeSize

24576

LinkerVersion

12.0

ImageFileCharacteristics

Executable, 32-bit

EntryPoint

0x1422

InitializedDataSize

SubsystemVersion

5.0

ImageVersion

0.0

OSVersion

5.1

UninitializedDataSize

53248

File identification

MD5 31210e67fe3b715120b931709fafa6cf

SHA1 91fa24fb06889f9924d5002099841f763f1dfce0

SHA256 efc25ea05a50c84ddd554ef4a2098ca1468e9137efb3044245878aab27a2a004

ssdeep

3072:9BCSVPsmYL5bBo9XXdbmg8PpPD5jmrULp:hPsmYLVByt

authentihash c22943c261a58796533b03987439d7c1893c48af5a612a37241e9ddd13786309

imphash 6197d1aae1487756180bec70e04f745a

File size 120.0 KB ( 122880 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-06-13 10:40:16 UTC ( 8 months, 1 week ago )

Last submission 2018-06-20 05:01:52 UTC ( 8 months ago )

File names

output.113434456.txt
31091139.exe
31091139.exe
46373749.exe
46373749.exe

SHA256:	efc25ea05a50c84ddd554ef4a2098ca1468e9137efb3044245878aab27a2a004
File name:	efc25ea05a50c84ddd554ef4a2098ca1468e9137efb3044245878aab27a2a004
Detection ratio:	47 / 68
Analysis date:	2018-06-15 00:21:27 UTC ( 8 months, 1 week ago ) View latest

Ciphered bundle