× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7c9c9c5d6a499bda1ff2dcc223cf85eadab44ac708124aaf5e5ad400527be8d
File name: tWqgMJ.exe
Detection ratio: 40 / 65
Analysis date: 2018-09-21 04:08:36 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40500176 20180921
AhnLab-V3 Trojan/Win32.Emotet.R237667 20180921
ALYac Trojan.GenericKD.40500176 20180921
Avast Win32:BankerX-gen [Trj] 20180921
AVG Win32:BankerX-gen [Trj] 20180921
AVware Trojan.Win32.Generic!BT 20180921
BitDefender Trojan.GenericKD.40500176 20180921
Bkav HW32.Packed. 20180919
CAT-QuickHeal Trojan.Emotet.X4 20180918
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cyren W32/Trojan.VSWN-5849 20180921
Emsisoft Trojan.GenericKD.40500176 (B) 20180921
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Emotet.BR 20180921
F-Secure Trojan.GenericKD.40500176 20180921
Fortinet W32/GenKryptik.CLLY!tr 20180921
GData Trojan.GenericKD.40500176 20180921
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053cb321 ) 20180920
K7GW Trojan ( 0053cb321 ) 20180920
Kaspersky Trojan-Banker.Win32.Emotet.beaq 20180921
Malwarebytes Trojan.Emotet 20180921
MAX malware (ai score=100) 20180921
McAfee Emotet-FJG!0C332C033009 20180921
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20180921
eScan Trojan.GenericKD.40500176 20180921
Palo Alto Networks (Known Signatures) generic.ml 20180921
Panda Trj/Genetic.gen 20180920
Qihoo-360 HEUR/QVM20.1.F947.Malware.Gen 20180921
Rising Trojan.Azden!8.F0E3 (CLOUD) 20180921
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANY 20180921
Symantec Trojan.Gen.2 20180921
Tencent Win32.Trojan-banker.Emotet.Frv 20180921
TrendMicro TSPY_EMOTET.THIBOAH 20180921
VBA32 BScope.Trojan.Emotet 20180920
VIPRE Trojan.Win32.Generic!BT 20180921
ViRobot Trojan.Win32.Z.Emotet.118784.H 20180920
Webroot W32.Trojan.Emotet 20180921
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.beaq 20180921
AegisLab 20180921
Alibaba 20180912
Antiy-AVL 20180920
Arcabit 20180921
Avast-Mobile 20180920
Avira (no cloud) 20180920
Babable 20180918
Baidu 20180914
ClamAV 20180921
CMC 20180920
Comodo 20180921
Cybereason 20180225
DrWeb 20180921
eGambit 20180921
F-Prot 20180921
Jiangmin 20180921
Kingsoft 20180921
Microsoft 20180921
NANO-Antivirus 20180921
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180921
TheHacker 20180920
TotalDefense 20180920
Trustlook 20180921
Yandex 20180920
Zillya 20180920
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name coin.lib
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description German_IBM Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 23:02:19
Entry Point 0x00017A6B
Number of sections 5
PE sections
PE imports
RegDisablePredefinedCacheEx
RemoveUsersFromEncryptedFile
CryptCreateHash
AVIStreamReadFormat
JetCloseTable
GetFileSize
GetModuleHandleA
GetCommandLineW
GetProcessHandleCount
PowerRestoreDefaultPowerSchemes
IsCharLowerW
PhysicalToLogicalPoint
ScrollDC
GetRawInputDeviceInfoW
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
gWLKEHJWEKLJL@K@!L

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x17a6b

MIMEType
application/octet-stream

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:09:19 16:02:19-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
coin.lib

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
98304

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0c332c0330092cb8282bbf72313ea908
SHA1 ab14f8e603cd0204d829d535f33a06938eed2cbb
SHA256 f7c9c9c5d6a499bda1ff2dcc223cf85eadab44ac708124aaf5e5ad400527be8d
ssdeep
3072:AipHAGSzfcqt68iLLaFmtuWwGN0UDTeh/B:Aip7KfcwiXmPqyN

authentihash 4e208e0297dfced3083948cd14251aa3368713b9ec815fabbc3e3d30183f9220
imphash faa763a81208b937bf98fe5ee4a3b574
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-19 16:07:01 UTC ( 5 months ago )
Last submission 2018-11-15 23:09:47 UTC ( 3 months ago )
File names coin.lib
0c332c0330092cb8282bbf72313ea908
tWqgMJ.exe
ihunshlp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!