× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4dd2df9d3fe56610118526cd8b46e052a34a46549f0d055726ee64ed2cc1afc
File name: 9a1927a35db52606c62e96926fb6eeb3
Detection ratio: 42 / 67
Analysis date: 2018-10-15 18:27:30 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31251525 20181015
AhnLab-V3 Trojan/Win32.Emotet.R234758 20181015
Arcabit Trojan.Autoruns.GenericS.D1DCDC45 20181015
Avast Win32:BankerX-gen [Trj] 20181015
AVG Win32:BankerX-gen [Trj] 20181015
BitDefender Trojan.Autoruns.GenericKDS.31251525 20181015
Bkav HW32.Packed. 20181014
ClamAV Win.Trojan.Emotet-6699550-0 20181015
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.3cf96e 20180225
Cylance Unsafe 20181015
DrWeb Trojan.EmotetENT.283 20181015
Emsisoft Trojan.Emotet (A) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLIH 20181015
F-Secure Trojan.Autoruns.GenericKDS.31251525 20181015
Fortinet W32/Kryptik.GLHZ!tr 20181015
GData Trojan.Autoruns.GenericKDS.31251525 20181015
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Emotet.dcu 20181015
K7AntiVirus Trojan ( 0053e2251 ) 20181015
K7GW Trojan ( 0053e2251 ) 20181015
Kaspersky Trojan-Banker.Win32.Emotet.bhvj 20181015
Malwarebytes Trojan.Emotet 20181015
MAX malware (ai score=85) 20181015
McAfee Emotet-FHK!9A1927A35DB5 20181015
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181015
Microsoft Trojan:Win32/Emotet!rfn 20181015
eScan Trojan.Autoruns.GenericKDS.31251525 20181015
NANO-Antivirus Trojan.Win32.Emotet.firsjm 20181015
Panda Trj/Emotet.C 20181015
Qihoo-360 HEUR/QVM20.1.8BCD.Malware.Gen 20181015
Rising Trojan.Emotet!8.B95 (TFE:3:tLhe09sGFVT) 20181015
Sophos AV Mal/EncPk-ANY 20181015
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181015
Symantec Trojan.Emotet 20181015
Tencent Win32.Trojan-banker.Emotet.Hssf 20181015
TrendMicro TROJ_GEN.R004C0CJF18 20181015
TrendMicro-HouseCall TROJ_GEN.R004C0CJF18 20181015
VBA32 BScope.Trojan.Azden 20181015
VIPRE Trojan.Win32.Generic!BT 20181015
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bhvj 20181015
AegisLab 20181015
Alibaba 20180921
Antiy-AVL 20181015
Avast-Mobile 20181015
Avira (no cloud) 20181015
Babable 20180918
Baidu 20181015
CAT-QuickHeal 20181013
CMC 20181015
Comodo 20181015
Cyren 20181015
eGambit 20181015
F-Prot 20181015
Ikarus 20181015
Kingsoft 20181015
Palo Alto Networks (Known Signatures) 20181015
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TACHYON 20181015
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181015
ViRobot 20181015
Webroot 20181015
Yandex 20181015
Zillya 20181015
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-11-01 05:05:43
Entry Point 0x00001516
Number of sections 7
PE sections
Overlays
MD5 b6397767012f2dd45e6a02bae2fed256
File type ASCII text
Offset 139264
Size 3038
Entropy 4.94
PE imports
GetTokenInformation
CryptVerifySignatureW
CryptEnumProvidersW
QueryServiceConfigW
SetServiceBits
CryptCreateHash
AccessCheckAndAuditAlarmA
LogonUserW
ClusterRegDeleteValue
OpenClusterResource
CertNameToStrA
CryptMemAlloc
JetIndexRecordCount
GetCharWidthFloatA
GetColorAdjustment
CreateEnhMetaFileW
GetTextCharset
PolyPolygon
IsBadHugeWritePtr
GetTimeZoneInformation
GetNamedPipeServerProcessId
GetConsoleWindow
ClosePrivateNamespace
DebugBreak
GetVolumeNameForVolumeMountPointW
GetProcessVersion
GetCommandLineA
DeleteFileA
Sleep
FindFirstFileNameW
MprConfigServerConnect
MprConfigInterfaceEnum
CreateErrorInfo
SysStringLen
VariantInit
GetCurrentPowerPolicies
RasEnumEntriesW
RpcMgmtEpEltInqBegin
RpcErrorEndEnumeration
I_RpcMapWin32Status
SetupOpenFileQueue
PathStripToRootW
StrToIntExW
StrChrNW
StrCmpNW
SHStrDupA
IsWindowEnabled
GetSubMenu
GetClipboardOwner
PackDDElParam
WindowFromPhysicalPoint
GetMenuContextHelpId
GetUpdateRgn
CopyAcceleratorTableW
DestroyAcceleratorTable
UnregisterClassW
MessageBoxA
ScrollDC
ChangeWindowMessageFilter
GetWindow
SetForegroundWindow
LoadKeyboardLayoutA
SetLayeredWindowAttributes
WindowFromDC
SetWindowRgn
InvalidateRect
midiInMessage
waveInPrepareHeader
CryptCATCDFEnumAttributes
isdigit
qsort
wcstod
strcspn
HDC_UserFree
CLIPFORMAT_UserFree
PdhGetLogFileSize
Number of PE resources by type
RT_STRING 13
RT_BITMAP 11
Number of PE resources by language
NEUTRAL 17
CHINESE TRADITIONAL 6
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1993:11:01 06:05:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1516

InitializedDataSize
122880

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9a1927a35db52606c62e96926fb6eeb3
SHA1 7e98a163cf96e4bf2eed7ef43c2a703d03e844ab
SHA256 f4dd2df9d3fe56610118526cd8b46e052a34a46549f0d055726ee64ed2cc1afc
ssdeep
3072:gcXmxg7xd5308OVQXhUPwkp3psfE5v+d8u0e5pRRNUkOopSPhK96fjyw/4Zg67P5:c67XziQP3D8hqwQ

authentihash a586d98a5fa05122c656b60fb6bb0e9946e593f83bb4157d140a015235d9891a
imphash 6a84f5b083c279bd2ba49308f3b0628a
File size 139.0 KB ( 142302 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-15 18:27:30 UTC ( 4 months ago )
Last submission 2018-10-15 18:27:30 UTC ( 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!