× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4056268c41101e92cd4f912f30b497415dbc240496a8d0508936e16ce0fa2b4
File name: f4056268c41101e92cd4f912f30b497415dbc240496a8d0508936e16ce0fa2b4
Detection ratio: 44 / 67
Analysis date: 2018-09-16 00:06:57 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40472195 20180913
AhnLab-V3 Trojan/Win32.Fuerboos.R236717 20180915
ALYac Trojan.Agent.Emotet 20180916
Antiy-AVL Trojan[Banker]/Win32.Emotet 20180916
Avast Win32:BankerX-gen [Trj] 20180916
AVG Win32:BankerX-gen [Trj] 20180916
AVware Trojan.Win32.Generic!BT 20180915
BitDefender Trojan.GenericKD.40472195 20180915
CAT-QuickHeal Trojan.Emotet.X4 20180915
ClamAV Win.Trojan.Agent-6681085-0 20180915
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180916
Cyren W32/Trojan.HYJN-4380 20180915
Emsisoft Trojan.Emotet (A) 20180915
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKRF 20180915
F-Secure Trojan.GenericKD.40472195 20180915
Fortinet Malicious_Behavior.SB 20180915
GData Trojan.GenericKD.40472195 20180915
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.cuf 20180915
K7AntiVirus Riskware ( 0040eff71 ) 20180915
K7GW Riskware ( 0040eff71 ) 20180915
Kaspersky Trojan-Banker.Win32.Emotet.bdfi 20180915
Malwarebytes Trojan.MalPack 20180915
MAX malware (ai score=95) 20180916
McAfee Emotet-FIB!74B89836E306 20180915
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gm 20180915
Microsoft Trojan:Win32/Emotet.AC!bit 20180915
eScan Trojan.GenericKD.40472195 20180916
NANO-Antivirus Trojan.Win32.Emotet.fhpchr 20180915
Palo Alto Networks (Known Signatures) generic.ml 20180916
Panda Trj/Emotet.C 20180915
Qihoo-360 HEUR/QVM20.1.C9A5.Malware.Gen 20180916
Rising Trojan.Emotet!8.B95 (CLOUD) 20180915
Sophos AV Mal/EncPk-ANY 20180915
Symantec Trojan.Gen.2 20180915
Tencent Win32.Trojan-banker.Emotet.Aiii 20180916
TrendMicro TSPY_EMOTET.THIACAH 20180915
TrendMicro-HouseCall TSPY_EMOTET.THIACAH 20180915
VBA32 Malware-Cryptor.Limpopo 20180914
VIPRE Trojan.Win32.Generic!BT 20180915
Webroot W32.Trojan.Gen 20180916
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bdfi 20180915
AegisLab 20180915
Alibaba 20180713
Arcabit 20180915
Avast-Mobile 20180915
Avira (no cloud) 20180915
Babable 20180907
Baidu 20180914
Bkav 20180915
CMC 20180915
Comodo 20180916
Cybereason 20180225
DrWeb 20180915
eGambit 20180916
F-Prot 20180915
Kingsoft 20180916
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180915
TheHacker 20180914
TotalDefense 20180915
Trustlook 20180916
ViRobot 20180915
Yandex 20180915
Zillya 20180914
Zoner 20180915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name EoceEqw.dll
File version 6.1.7
Description DirectX Files DL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-11 10:00:27
Entry Point 0x0002401A
Number of sections 7
PE sections
PE imports
RevertToSelf
RegSetKeySecurity
CryptInstallDefaultContext
FrameRgn
EnumFontsA
EndPage
TzSpecificLocalTimeToSystemTime
GetModuleHandleA
VerifyScripts
RemoveVectoredExceptionHandler
GetDefaultCommConfigA
ICCompressorFree
DsBindWithCredA
SafeArrayLock
RasDeleteEntryW
SetupDiBuildClassInfoListExW
SetupGetLineTextA
AssocQueryStringW
StrChrNW
StrChrA
MakeSignature
SetUserObjectInformationW
IsCharLowerW
ModifyMenuA
GetParent
TrackPopupMenuEx
CoGetObject
CoInternetIsFeatureEnabledForUrl
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
DirectX Files DL

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
367104

EntryPoint
0x2401a

MIMEType
application/octet-stream

FileVersion
6.1.7

TimeStamp
2018:09:11 12:00:27+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
EoceEqw.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Roni Enterprice

CodeSize
148992

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 74b89836e306f443b28a9105c3fba9ac
SHA1 7a0fd217fa44e6613d1cc14745736626fc938e05
SHA256 f4056268c41101e92cd4f912f30b497415dbc240496a8d0508936e16ce0fa2b4
ssdeep
6144:VDRsc4eam/1KhAUjD1/T48xZ19MLGX7ewtlaV/8:VDRsc4Lm/1YAUjDjZgqrFlal8

authentihash 26ef728871152364dba9f145d37e107c667b8fd90fb915beba3ab903453ff894
imphash bdc5bfbfabc99ea817bf4b985d1ea10d
File size 499.0 KB ( 510976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-11 03:12:23 UTC ( 5 months, 1 week ago )
Last submission 2018-09-11 03:12:23 UTC ( 5 months, 1 week ago )
File names EoceEqw.dll
18672000.exe
ocgJobyMjIWr.exe
Ka1rAG2PQz.exe
2C5WsbCBUzN.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!