× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f22fbb36b169f9aba7b16c579428f3ec083c0a6e83e29df3be8e6ce4ef511669
File name: LBzD0FL.exe
Detection ratio: 31 / 67
Analysis date: 2018-07-20 23:37:59 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180720
Avast Win32:Malware-gen 20180721
AVG Win32:Malware-gen 20180721
AVware Trojan.Win32.Generic!BT 20180721
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.5a6e6e 20180225
Cylance Unsafe 20180721
Emsisoft Trojan.Emotet (A) 20180720
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GJBH 20180720
Fortinet Malicious_Behavior.SB 20180720
Ikarus Win32.Outbreak 20180720
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.ayqw 20180720
Malwarebytes Spyware.Emotet 20180720
McAfee Emotet-FHS!D8011598F596 20180720
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180720
Microsoft Trojan:Win32/Emotet.AN 20180720
Palo Alto Networks (Known Signatures) generic.ml 20180721
Qihoo-360 HEUR/QVM20.1.A12F.Malware.Gen 20180721
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazrCBnx6SuY2hsBCnC6Bcchh) 20180720
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180720
Symantec Packed.Generic.517 20180720
TrendMicro TROJ_GEN.USGK18 20180720
TrendMicro-HouseCall TROJ_GEN.USGK18 20180720
VBA32 BScope.TrojanBanker.Emotet 20180720
VIPRE Trojan.Win32.Generic!BT 20180720
Webroot W32.Trojan.Emotet 20180721
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ayqw 20180720
Ad-Aware 20180720
AhnLab-V3 20180720
Alibaba 20180713
ALYac 20180720
Antiy-AVL 20180720
Arcabit 20180721
Avast-Mobile 20180720
Avira (no cloud) 20180721
Babable 20180406
BitDefender 20180721
Bkav 20180719
CAT-QuickHeal 20180720
ClamAV 20180720
CMC 20180720
Comodo 20180720
Cyren 20180720
DrWeb 20180720
eGambit 20180721
F-Prot 20180720
F-Secure 20180720
Jiangmin 20180720
K7AntiVirus 20180720
K7GW 20180720
Kingsoft 20180721
MAX 20180721
eScan 20180720
NANO-Antivirus 20180720
Panda 20180720
SUPERAntiSpyware 20180720
TACHYON 20180719
Tencent 20180721
TheHacker 20180720
TotalDefense 20180720
Trustlook 20180721
ViRobot 20180720
Yandex 20180720
Zillya 20180720
Zoner 20180720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name icardagt.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 03:20:06
Entry Point 0x00001B36
Number of sections 6
PE sections
PE imports
StrokePath
GetThreadIOPendingFlag
lstrlenA
SetComputerNameW
DeleteAtom
FlsGetValue
FlsFree
SleepEx
SysFreeString
VarCyCmp
StrCmpNIA
DdeDisconnectList
DrawIconEx
IsCharAlphaA
GetClipboardOwner
GetPrinterDriverDirectoryW
RegisterMediaTypes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Scription
Windows CardSpace Us

InitializedDataSize
31744

ImageVersion
0.0

FileVersionNumber
36.1.2223.432

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

NETFramework
ing S

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.1

EntryPoint
0x1b36

MIMEType
application/octet-stream

Name
icardagt.exe

TimeStamp
2017:02:22 19:20:06-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
icardagt.exe

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
135680

FileSubtype
0

ProductVersionNumber
16.1.4235.11

FileTypeExtension
exe

ObjectFileType
Dynamic link library

InalFilename
wfw.fwf

File identification
MD5 d8011598f59607a69bf987a232ef5a71
SHA1 9451ccd5a6e6ec2da966b8197adddef90a47bb2e
SHA256 f22fbb36b169f9aba7b16c579428f3ec083c0a6e83e29df3be8e6ce4ef511669
ssdeep
1536:qUd9Z0SvcgRD8Ekpq1rLKXaaj7mmSyp/TF3fsOR0/AXES0SCKNOrCfKHDq8HiabF:qc9WY8lqgXh4yXjzESnkufKHDZCaCb

authentihash cd825b5bdf555b85c782eeabbd2eb63af5eef4a6e4a59041fcabde2a772703e2
imphash fe4f6ea8fea0bc366f45841f72f8aeae
File size 158.0 KB ( 161792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-20 12:05:32 UTC ( 7 months, 1 week ago )
Last submission 2018-08-08 22:21:44 UTC ( 6 months, 2 weeks ago )
File names output.113664320.txt
42436.exe
icardagt.exe
output.113680274.txt
93379929.exe
13584.exe
8.exe
LBzD0FL.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!