× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f21714a444dca3fab640a1bfebc2bb1cbe16798ddb2d361a8cc30710561485e3
File name: emotet_exe_e2_f21714a444dca3fab640a1bfebc2bb1cbe16798ddb2d361a8cc...
Detection ratio: 32 / 70
Analysis date: 2019-04-15 23:21:01 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190415
AegisLab Trojan.Win32.Emotet.L!c 20190415
Alibaba Trojan:Win32/Kryptik.79a98ec4 20190402
Avast Win32:Malware-gen 20190415
AVG Win32:Malware-gen 20190415
Avira (no cloud) TR/Crypt.XPACK.Gen 20190416
ClamAV Win.Packed.Rundll-6907441-0 20190415
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.9f89ea 20190403
Cylance Unsafe 20190416
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.FGZT 20190416
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190416
FireEye Generic.mg.07838e40d56f6a4d 20190415
Fortinet W32/Lockscreen.LOA!tr 20190416
Sophos ML heuristic 20190313
Kaspersky UDS:DangerousObject.Multi.Generic 20190416
McAfee Trojan-FQMJ!07838E40D56F 20190415
McAfee-GW-Edition Trojan-FQMJ!07838E40D56F 20190415
Microsoft Trojan:Win32/Emotet.PA!MTB 20190416
Palo Alto Networks (Known Signatures) generic.ml 20190416
Panda Trj/GdSda.A 20190415
Qihoo-360 HEUR/QVM20.1.8CEF.Malware.Gen 20190416
Rising Trojan.GenKryptik!8.AA55 (RDM+:cmRtazoLDaCw2lCXw4LeNRxF75wa) 20190415
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Emotet-Q 20190415
Symantec Packed.Generic.459 20190415
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTHF 20190415
VBA32 BScope.Malware-Cryptor.Emotet 20190415
Webroot W32.Trojan.Emotet 20190416
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190415
Ad-Aware 20190415
AhnLab-V3 20190415
ALYac 20190415
Antiy-AVL 20190415
Arcabit 20190415
Avast-Mobile 20190415
Babable 20180918
Baidu 20190318
BitDefender 20190415
Bkav 20190412
CAT-QuickHeal 20190415
CMC 20190321
Comodo 20190415
Cyren 20190415
DrWeb 20190415
eGambit 20190416
Emsisoft 20190415
F-Prot 20190416
GData 20190416
Jiangmin 20190416
K7AntiVirus 20190415
K7GW 20190416
Kingsoft 20190416
Malwarebytes 20190416
MAX 20190416
eScan 20190416
NANO-Antivirus 20190415
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190415
Tencent 20190416
TheHacker 20190411
TotalDefense 20190413
TrendMicro 20190417
Trustlook 20190416
ViRobot 20190415
Yandex 20190415
Zillya 20190415
Zoner 20190416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:59 AM 5/3/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-15 18:00:04
Entry Point 0x00012B70
Number of sections 4
PE sections
Overlays
MD5 0faa1ed3b0984e4ebefa2d0f10e3ccec
File type data
Offset 87552
Size 3384
Entropy 7.33
PE imports
RegQueryValueExA
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
SetThreadLocale
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
VirtualAllocEx
lstrlenA
GetModuleFileNameW
GetVersionExW
SetEvent
HeapAlloc
GetThreadLocale
GetVersionExA
DeleteCriticalSection
GetStartupInfoA
GetWindowsDirectoryW
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
WaitForMultipleObjects
GetProcessHeap
GetComputerNameW
CreateMutexA
SetFilePointer
RaiseException
WideCharToMultiByte
LoadLibraryW
MoveFileExW
GetModuleHandleA
InterlockedExchange
WriteFile
CloseHandle
lstrcmpW
HeapReAlloc
GetProcAddress
SetThreadExecutionState
SetFileAttributesA
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
lstrcpyA
CreateProcessW
CreateEventA
Sleep
FormatMessageA
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragFinish
SHGetSpecialFolderLocation
ShellExecuteExW
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW
FindExecutableW
RedrawWindow
ChangeDisplaySettingsW
SetDlgItemTextA
EnumDesktopsA
SetWindowRgn
UnregisterHotKey
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
SetSystemCursor
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
DdeDisconnect
IsWindow
EndPaint
DdeGetData
CopyRect
DdeCreateStringHandleW
GetMessageTime
VkKeyScanW
SetMenuItemInfoW
GetDC
GetAsyncKeyState
MapDialogRect
SendMessageW
EndMenu
DefFrameProcA
UnregisterClassW
GetClientRect
DdeInitializeW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
LoadImageW
keybd_event
DdeQueryStringW
GetActiveWindow
RegisterHotKey
GetUpdateRgn
EnumDesktopsW
GetWindowTextW
CharLowerBuffA
GetWindowTextLengthW
MsgWaitForMultipleObjects
DdeFreeStringHandle
EnumPropsExA
GetMenuItemID
DdeQueryStringA
DestroyWindow
DrawEdge
ShowCursor
GetParent
UpdateWindow
DdeCmpStringHandles
SetClassLongW
GetMessageW
ShowWindow
DrawFrameControl
GetDesktopWindow
CharToOemBuffA
ValidateRgn
PeekMessageW
EnableWindow
GetClipboardFormatNameW
GetSystemMenu
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
InternalGetWindowText
GetIconInfo
SetParent
RegisterClassW
ScrollWindow
CharLowerA
IsZoomed
GetWindowPlacement
DdeConnect
WindowFromPoint
DrawMenuBar
EnableMenuItem
TabbedTextOutA
DrawFocusRect
CreateMenu
DdeClientTransaction
IsDialogMessageW
FillRect
CreateAcceleratorTableW
WaitForInputIdle
DeferWindowPos
GetDialogBaseUnits
EnumPropsW
CreateWindowExW
GetWindowLongW
GetCursorPos
OpenClipboard
GetDoubleClickTime
AppendMenuW
MapWindowPoints
ClientToScreen
BeginPaint
OffsetRect
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CharPrevW
CheckMenuRadioItem
GetClipboardData
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
PostMessageW
CreateDialogParamW
CreateWindowStationA
CreatePopupMenu
CheckMenuItem
ChildWindowFromPointEx
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
CallWindowProcW
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
TileChildWindows
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
EnumDisplaySettingsW
FindWindowExW
DispatchMessageW
InsertMenuW
FlashWindow
SetForegroundWindow
SetFocus
GetMenuItemInfoW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
GetScrollInfo
HideCaret
GetMessagePos
CreateIconIndirect
GetCapture
SetWindowLongW
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
SetMenu
LoadIconW
MoveWindow
DdePostAdvise
ChangeMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SetClassWord
DestroyIcon
wsprintfW
IsWindowVisible
DdeNameService
SetCursorPos
SystemParametersInfoW
UnionRect
SetRect
InvalidateRect
CharNextW
DdeCreateDataHandle
GetClassNameW
TranslateAcceleratorA
DefDlgProcA
ModifyMenuW
ValidateRect
IsRectEmpty
IsCharUpperW
GetFocus
InsertMenuItemW
CloseClipboard
DdeGetLastError
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
SPANISH MODERN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:04:15 20:00:04+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x12b70

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 07838e40d56f6a4d380b9447c6d9bfce
SHA1 258065c9f89ea715237e75bec6a554d604e98cfa
SHA256 f21714a444dca3fab640a1bfebc2bb1cbe16798ddb2d361a8cc30710561485e3
ssdeep
1536:1K8E/YeSR/Y5d2PvLY9PIR5ryiO5g7jWX8OnYNah3r9qRIpTKUwd9mqxHKq9:88ENSRg5KrR52iOG7jWXlnYNav5KLdIQ

authentihash 4ea4d200c0d11be06997a0b78cb3341e9dd85207d00155d4065ae09cd37439cb
imphash 8a298ae3407bef29f2c6b48b034c9df4
File size 88.8 KB ( 90936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-15 18:05:32 UTC ( 1 month ago )
Last submission 2019-04-15 23:21:01 UTC ( 1 month ago )
File names emotet_exe_e2_f21714a444dca3fab640a1bfebc2bb1cbe16798ddb2d361a8cc30710561485e3_2019-04-15__180503.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections