× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f25cc6bc359a6771b7d0d29744aeeb3a60c7d3f19d59e338519e63732a4538bb
File name: emotet_e2_f25cc6bc359a6771b7d0d29744aeeb3a60c7d3f19d59e338519e637...
Detection ratio: 37 / 70
Analysis date: 2019-01-17 02:10:14 UTC ( 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.FCN.R251902 20190116
ALYac Trojan.Agent.Emotet 20190116
Avast Win32:MalwareX-gen [Trj] 20190116
AVG Win32:MalwareX-gen [Trj] 20190116
Bkav HW32.Packed. 20190116
Comodo Malware@#3jg7a5j6v48ys 20190116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190116
Cyren W32/Trojan.JQHD-4486 20190116
DrWeb Trojan.EmotetENT.347 20190116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOQZ 20190116
F-Prot W32/Emotet.ME.gen!Eldorado 20190116
Fortinet Malicious_Behavior.SB 20190116
GData Win32.Trojan-Spy.Emotet.T5OX0E 20190116
Ikarus Trojan-Banker.Emotet 20190116
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005459fb1 ) 20190116
K7GW Trojan ( 005459fb1 ) 20190116
Kaspersky Trojan-Banker.Win32.Emotet.bzut 20190116
Malwarebytes Trojan.Emotet 20190116
McAfee RDN/Generic.grp 20190116
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190116
Microsoft Trojan:Win32/Emotet.M 20190116
Palo Alto Networks (Known Signatures) generic.ml 20190116
Qihoo-360 Win32/Trojan.e34 20190116
Rising Trojan.Kryptik!8.8 (CLOUD) 20190116
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190116
Symantec Trojan.Emotet 20190116
Tencent Win32.Trojan-banker.Emotet.Pkhd 20190116
Trapmine malicious.high.ml.score 20190102
TrendMicro TrojanSpy.Win32.EMOTET.THOAAFAI 20190116
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAFAI 20190116
VBA32 BScope.Trojan.Refinka 20190116
Webroot W32.Trojan.Emotet 20190116
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bzut 20190116
Ad-Aware 20190116
AegisLab 20190116
Alibaba 20180921
Antiy-AVL 20190116
Arcabit 20190116
Avast-Mobile 20190116
Avira (no cloud) 20190116
AVware 20180925
Babable 20180917
Baidu 20190116
BitDefender 20190116
CAT-QuickHeal 20190116
ClamAV 20190116
CMC 20190116
Cybereason 20190109
eGambit 20190116
Emsisoft 20190116
F-Secure 20190116
Jiangmin 20190116
Kingsoft 20190116
MAX 20190116
eScan 20190116
NANO-Antivirus 20190116
Panda 20190116
SUPERAntiSpyware 20190116
TACHYON 20190116
TheHacker 20190114
TotalDefense 20190116
Trustlook 20190116
ViRobot 20190116
Yandex 20190116
Zillya 20190116
Zoner 20190116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Co

Product Microsoft® Windows® O
Internal name fast
File version 6.1.7
Description WMI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-09 09:45:28
Entry Point 0x00003A00
Number of sections 10
PE sections
PE imports
PaintRgn
SetBitmapDimensionEx
GetLastError
TlsFree
ReadFile
GlobalAlloc
GetTickCount
IsProcessInJob
GetSystemTimeAsFileTime
GetCommandLineA
CancelSynchronousIo
GetTapeStatus
VarCyFromI1
I_RpcServerSetAddressChangeFn
GetCursorPos
GetMenuItemRect
BeginDeferWindowPos
GetKeyboardType
GetFocus
InternetOpenUrlW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KANNADA DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WMI

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x3a00

MIMEType
application/octet-stream

LegalCopyright
Microsoft Co

FileVersion
6.1.7

TimeStamp
1994:07:09 02:45:28-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
fast

ProductVersion
6.1.7

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
12288

ProductName
Microsoft Windows O

ProductVersionNumber
1.0.33.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 bce9b5ae888f0c34337353703fbc34ea
SHA1 4a23ea2637e24a10acc9e50a16ded651c74e0b48
SHA256 f25cc6bc359a6771b7d0d29744aeeb3a60c7d3f19d59e338519e63732a4538bb
ssdeep
3072:Q9aPRJ6iLd8bFbEBOoJZaJzkrQ1YiUFMrp8AXqFAWQEbo1LV:+aPRJ6iLaJE4oaJz8Q1V8AaF

authentihash da0bff1b1736f4a5c261b5fab8b37c5cda1033fc819802d2f4c70b8c69123212
imphash 3f18320f320de5ce9f6c748999ab9eba
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-15 21:08:24 UTC ( 1 month ago )
Last submission 2019-01-16 04:14:16 UTC ( 1 month ago )
File names iUOH_wBW6P_rvS.exe
tpfZ8uU_agdEtN.exe
tRkmaD_bRcAgBZW_Rx6zKD3sh.exe
12uJ_MJlLXpDT_C.exe
GaZT_pus7LKE.exe
9lSiF_5_P.exe
fast
185.exe
ngxV_xqBf_vEvo9u1Yf.exe
emotet_e2_f25cc6bc359a6771b7d0d29744aeeb3a60c7d3f19d59e338519e63732a4538bb_2019-01-15__211002.exe_
4wL8CJIT_a9LXu042B_liF0x.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!