× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5f4e7b656f8cfcdef2fa2fb56c9e3825c8b10047408c6020fdf86261c06b067
File name: ca37acc88bf04df5eb9154c448f5d456
Detection ratio: 51 / 69
Analysis date: 2018-12-15 14:11:11 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKD.31402830 20181215
AhnLab-V3 Trojan/Win32.Emotet.R248220 20181214
ALYac Trojan.Agent.Emotet 20181215
Arcabit Trojan.Autoruns.Generic.D1DF2B4E 20181215
Avast Win32:MalwareX-gen [Trj] 20181215
AVG Win32:MalwareX-gen [Trj] 20181215
BitDefender Trojan.Autoruns.GenericKD.31402830 20181215
CAT-QuickHeal Trojan.Fuerboos 20181215
Comodo Malware@#28kodcrvz91qf 20181215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.a6bb43 20180225
Cylance Unsafe 20181215
Cyren W32/Emotet.KT.gen!Eldorado 20181215
DrWeb Trojan.DownLoader27.18661 20181215
eGambit Unsafe.AI_Score_50% 20181215
Emsisoft Trojan.Autoruns.GenericKD.31402830 (B) 20181215
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNJY 20181215
F-Prot W32/Emotet.KT.gen!Eldorado 20181215
F-Secure Trojan.Autoruns.GenericKD.31402830 20181215
Fortinet W32/Kryptik.GNJY!tr 20181215
GData Trojan.Autoruns.GenericKD.31402830 20181215
Ikarus Trojan-Banker.Emotet 20181215
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.eop 20181215
K7AntiVirus Trojan ( 005434d81 ) 20181215
K7GW Trojan ( 005434d81 ) 20181215
Kaspersky Trojan-Banker.Win32.Emotet.buni 20181215
Malwarebytes Trojan.Emotet.Generic 20181215
MAX malware (ai score=100) 20181215
McAfee Emotet-FID!CA37ACC88BF0 20181215
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20181215
Microsoft Trojan:Win32/Emotet.BF 20181215
eScan Trojan.Autoruns.GenericKD.31402830 20181215
NANO-Antivirus Trojan.Win32.Emotet.flauyi 20181215
Palo Alto Networks (Known Signatures) generic.ml 20181215
Panda Trj/Emotet.C 20181215
Qihoo-360 Win32/Trojan.23b 20181215
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181215
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181215
Symantec Trojan.Emotet 20181215
TACHYON Banker/W32.Emotet.135168.BI 20181214
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.EMOTET.THABAOAH 20181215
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABAOAH 20181215
VBA32 BScope.Trojan.Emotet 20181214
ViRobot Trojan.Win32.Agent.135168.FI 20181214
Webroot W32.Trojan.Emotet 20181215
Yandex Trojan.PWS.Emotet! 20181214
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.buni 20181215
AegisLab 20181214
Alibaba 20180921
Antiy-AVL 20181215
Avast-Mobile 20181215
Avira (no cloud) 20181215
Babable 20180918
Baidu 20181207
Bkav 20181214
ClamAV 20181215
CMC 20181215
Kingsoft 20181215
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
Tencent 20181215
TheHacker 20181213
TotalDefense 20181215
Trustlook 20181215
Zillya 20181213
Zoner 20181215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description SBY
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-11-19 14:53:40
Entry Point 0x00002FD0
Number of sections 8
PE sections
PE imports
GetSecurityDescriptorGroup
ClusterRegEnumValue
ImmSetCompositionFontW
GetProcessId
GlobalAddAtomA
GetCurrentProcess
SwitchToThread
lstrcmpiA
GetCommandLineW
SetConsoleHistoryInfo
GetConsoleProcessList
GetDynamicTimeZoneInformation
VirtualAlloc
GetStdHandle
RasGetProjectionInfoW
PathIsFileSpecA
GetAsyncKeyState
EmptyClipboard
GetMenuItemRect
GetWindowThreadProcessId
GetScrollPos
PrivacySetZonePreferenceW
SCardListCardsW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
TELUGU DEFAULT 1
ARABIC EGYPT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SBY

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x2fd0

MIMEType
application/octet-stream

TimeStamp
1995:11:19 15:53:40+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TVersion
0.9

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ca37acc88bf04df5eb9154c448f5d456
SHA1 82183fda6bb4332ca3d0942dc48ed8e34c16c21a
SHA256 f5f4e7b656f8cfcdef2fa2fb56c9e3825c8b10047408c6020fdf86261c06b067
ssdeep
3072:fzwWQnKBeJfkwyn6XDu5Zga4Ca7EMxmn:bvbemn6Xi51ag2

authentihash bc0a230f1c75e99b1d181b31c6b08506f729ac4907bb854f5583c39de4b8b488
imphash 9ee812ed60da9c9e9e3092e14a038dba
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-09 17:54:22 UTC ( 2 months, 2 weeks ago )
Last submission 2019-01-04 08:52:02 UTC ( 1 month, 2 weeks ago )
File names mnuballoon.exe
91.exe
impreadme(31).gxe
462.exe
output.114736675.txt
symbolmsra.exe
6202.exe
TQC1a9ZztJ.exe
ca37acc88bf04df5eb9154c448f5d456
8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!