× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6ca633f1583494bd0cbbbd939ad9d64db2f72135ec9e650658a55ab106c6389
File name: emotet_e2_f6ca633f1583494bd0cbbbd939ad9d64db2f72135ec9e650658a55a...
Detection ratio: 47 / 67
Analysis date: 2019-03-28 23:40:56 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190327
Ad-Aware Trojan.Agent.DSLD 20190328
AhnLab-V3 Trojan/Win32.Emotet.R260381 20190328
ALYac Trojan.Agent.DSLD 20190328
Arcabit Trojan.Agent.DSLD 20190328
Avast Win32:DangerousSig [Trj] 20190328
AVG Win32:DangerousSig [Trj] 20190328
Avira (no cloud) TR/Crypt.Agent.amdds 20190328
BitDefender Trojan.Agent.DSLD 20190328
ClamAV Win.Malware.Emotet-6911268-0 20190328
Comodo TrojWare.Win32.Emotet.RDF@835x12 20190328
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.e414d2 20190327
Cyren W32/Emotet.RQ.gen!Eldorado 20190328
DrWeb Trojan.Siggen8.20731 20190328
eGambit Unsafe.AI_Score_55% 20190329
Emsisoft Trojan.Agent.DSLD (B) 20190328
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GRFS 20190328
F-Secure Trojan.TR/Crypt.Agent.amdds 20190328
FireEye Generic.mg.af3b1c272d9f40b3 20190328
Fortinet W32/Kryptik.CBF!tr 20190328
GData Trojan.Agent.DSLD 20190328
Ikarus Trojan-Banker.Emotet 20190328
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a7b41 ) 20190328
K7GW Trojan ( 0054a7b41 ) 20190328
Kaspersky Trojan-Banker.Win32.Emotet.csvq 20190328
Malwarebytes Trojan.Emotet 20190328
MAX malware (ai score=83) 20190329
McAfee Emotet-FMI!AF3B1C272D9F 20190328
McAfee-GW-Edition Emotet-FMI!AF3B1C272D9F 20190328
Microsoft Trojan:Win32/Emotet!rfn 20190328
eScan Trojan.Agent.DSLD 20190328
NANO-Antivirus Trojan.Win32.Emotet.fommpj 20190328
Palo Alto Networks (Known Signatures) generic.ml 20190329
Panda Trj/GdSda.A 20190328
Qihoo-360 Win32/Trojan.9ad 20190329
Rising Trojan.Kryptik!8.8 (CLOUD) 20190328
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190328
Tencent Win32.Trojan.Falsesign.Lohv 20190329
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THCBGAI 20190328
VBA32 BScope.Malware-Cryptor.Emotet 20190328
VIPRE Trojan.Win32.Generic!BT 20190328
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.csvq 20190328
AegisLab 20190328
Alibaba 20190306
Antiy-AVL 20190328
Avast-Mobile 20190328
Babable 20180918
Baidu 20190318
Bkav 20190328
CAT-QuickHeal 20190328
CMC 20190321
Jiangmin 20190328
Kingsoft 20190329
SUPERAntiSpyware 20190328
Symantec Mobile Insight 20190325
TACHYON 20190328
TheHacker 20190327
TotalDefense 20190327
Trustlook 20190329
ViRobot 20190328
Yandex 20190328
Zillya 20190328
Zoner 20190329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
C)Advanced PDF Converter, All Rights Reserved

File version Version 5.0
Description TODO: <File description>
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:40 AM 3/29/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-26 19:13:19
Entry Point 0x0001DC90
Number of sections 4
PE sections
Overlays
MD5 eb947c3143a2f4479dd83b4b63467637
File type data
Offset 236032
Size 3336
Entropy 7.33
PE imports
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringA
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionFontA
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
HeapDestroy
SetFileTime
GetFileAttributesW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
WritePrivateProfileStringW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
GlobalFindAtomW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
SetConsoleCtrlHandler
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
UnlockFile
ExitThread
SetEnvironmentVariableA
FindAtomW
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
CreateEventW
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
OpenThread
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
GetComputerNameW
WriteFile
GetFileSizeEx
WTSGetActiveConsoleSessionId
GetTimeFormatA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
GetConsoleCP
FindResourceW
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
HeapSize
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
GetModuleHandleA
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
TerminateProcess
VirtualAlloc
CompareStringA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
ScrollWindowEx
SetDlgItemInt
IntersectRect
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
GetDlgItemTextW
SetScrollPos
CallNextHookEx
GetTopWindow
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
GetActiveWindow
DrawTextW
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
CheckRadioButton
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
GetMenuBarInfo
SetParent
RegisterClassW
ScrollWindow
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
IsIconic
TrackPopupMenuEx
GetSubMenu
GetDCEx
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetMenuItemInfoW
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
GetParent
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
GetScrollRange
SendDlgItemMessageW
PostMessageW
GetScrollInfo
CreatePopupMenu
CheckMenuItem
GetClassLongW
GetLastActivePopup
PtInRect
BeginDeferWindowPos
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
GetMenuStringW
DrawTextExW
EndDialog
ModifyMenuW
GetCapture
ScreenToClient
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
SetMenu
MoveWindow
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
wsprintfW
IsWindowVisible
WinHelpW
UnpackDDElParam
SystemParametersInfoW
UnionRect
SetRect
GetKeyNameTextW
CallWindowProcW
GetClassNameW
GetClientRect
ValidateRect
IsRectEmpty
GetFocus
InsertMenuItemW
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_DIALOG 12
RT_ICON 5
RT_BITMAP 4
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 60
CHINESE SIMPLIFIED 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
115712

ImageVersion
0.0

FileVersionNumber
5.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Version 5.0

TimeStamp
2019:03:26 20:13:19+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.0

FileDescription
TODO: <File description>

OSVersion
5.0

FileOS
Win32

LegalCopyright
C)Advanced PDF Converter, All Rights Reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
119296

FileSubtype
0

ProductVersionNumber
5.0.0.0

EntryPoint
0x1dc90

ObjectFileType
Executable application

File identification
MD5 af3b1c272d9f40b3049a6d972625301a
SHA1 ff3d44ce414d2dba203b44cdf2f7337aea75fc61
SHA256 f6ca633f1583494bd0cbbbd939ad9d64db2f72135ec9e650658a55ab106c6389
ssdeep
3072:boGbF2ny0ViOfTOp3ORLYkGQXOa+8ZpDySU7fqMvVXAEuwkil0WtapmOgC9RPbkI:dMnyK/TTZEhvB0iIpVRPbkZ9rVa

authentihash 8101ac71d0648c5227a9b7db4698535073d69a7f1b45798bda1e15f06d91f965
imphash 8b0dc580501f8c397056bf60d713e31e
File size 233.8 KB ( 239368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-26 19:31:03 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-27 02:47:28 UTC ( 1 month, 3 weeks ago )
File names 660.exe
emotet_e2_f6ca633f1583494bd0cbbbd939ad9d64db2f72135ec9e650658a55ab106c6389_2019-03-26__192008.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs