× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9409b8b773b89035f9e8075b0e72ceabc934d17835c5622cb45da20bb2cb644
File name: output.113512580.txt
Detection ratio: 48 / 64
Analysis date: 2018-07-05 18:04:26 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31018737 20180705
AegisLab Packer.Generic!c 20180705
AhnLab-V3 Trojan/Win32.Emotet.R230691 20180705
ALYac Trojan.Agent.Emotet 20180705
Antiy-AVL Trojan/Win32.TSGeneric 20180705
Arcabit Trojan.Generic.D1D94EF1 20180705
Avast FileRepMalware 20180705
AVG FileRepMalware 20180705
Avira (no cloud) TR/AD.Emotet.jktrb 20180705
AVware Trojan.Win32.Generic!BT 20180705
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180705
BitDefender Trojan.GenericKD.31018737 20180705
CAT-QuickHeal TrojanBanker.Emotet 20180705
Comodo Heur.Packed.Unknown 20180705
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.0c5bca 20180225
Cyren W32/Kryptik.FU.gen!Eldorado 20180705
Emsisoft Trojan.Emotet (A) 20180705
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Emotet.BK 20180705
F-Prot W32/Kryptik.FU.gen!Eldorado 20180705
F-Secure Trojan.GenericKD.31018737 20180705
Fortinet W32/Kryptik.GHTB!tr 20180705
GData Trojan.GenericKD.31018737 20180705
Ikarus Trojan-Banker.Emotet 20180705
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005337711 ) 20180705
K7GW Trojan ( 005337711 ) 20180705
Kaspersky Trojan-Banker.Win32.Emotet.atxv 20180705
Malwarebytes Trojan.Emotet 20180705
McAfee GenericRXGA-FA!EB7B9880C5BC 20180705
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180705
Microsoft Trojan:Win32/Emotet.AC!bit 20180705
eScan Trojan.GenericKD.31018737 20180705
NANO-Antivirus Trojan.Win32.Emotet.ferozb 20180705
Palo Alto Networks (Known Signatures) generic.ml 20180705
Panda Trj/Genetic.gen 20180705
Qihoo-360 HEUR/QVM20.1.1F68.Malware.Gen 20180705
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Emotet-SN 20180705
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180705
Symantec Packed.Generic.517 20180705
TotalDefense Win32/FakeMS.WOCR 20180705
VBA32 BScope.TrojanBanker.Emotet 20180705
VIPRE Trojan.Win32.Generic!BT 20180705
Webroot W32.Trojan.Emotet 20180705
Zillya Trojan.Emotet.Win32.2915 20180705
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.atxv 20180705
Avast-Mobile 20180705
Babable 20180406
Bkav 20180705
ClamAV 20180705
CMC 20180705
DrWeb 20180705
eGambit 20180705
Jiangmin 20180705
Kingsoft 20180705
MAX 20180705
TACHYON 20180705
Tencent 20180705
TheHacker 20180628
Trustlook 20180705
ViRobot 20180705
Yandex 20180705
Zoner 20180704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Mic
File version 6.1.7601
Description TLS / SSL Secur
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2035-07-30 21:36:11
Entry Point 0x00001C9B
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorLength
CryptCreateHash
GetTextCharsetInfo
DeleteDC
GetBoundsRect
GetPath
FrameRgn
SetPixelV
BeginPath
lstrlenA
SetThreadUILanguage
DebugBreak
FreeConsole
LZSeek
EqualRect
InternetConfirmZoneCrossing
CryptCATAdminCalcHashFromFileHandle
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.6.27867

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
TLS / SSL Secur

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
122880

EntryPoint
0x1c9b

MIMEType
application/octet-stream

FileVersion
6.1.7601

TimeStamp
2035:07:30 14:36:11-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7601

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
12288

ProductName
Mic

ProductVersionNumber
1.9.6.27867

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eb7b9880c5bca3e54858a9f328468ded
SHA1 f584affae1250cc172b7c4d255bc741e65da1587
SHA256 f9409b8b773b89035f9e8075b0e72ceabc934d17835c5622cb45da20bb2cb644
ssdeep
1536:/xGwBj6girRA51ezsqHqpiPNR780sB6mimlS8dJB:fBrv51dBa4Mfq5T

authentihash e9dc57f17dfba8bcd18ece6e845fcca9a58b692ce6e9c5c2e8f9a063fa4427db
imphash 8f922e04ad4952c704cbf11255b685be
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-27 10:13:53 UTC ( 7 months, 3 weeks ago )
Last submission 2018-07-01 18:35:58 UTC ( 7 months, 3 weeks ago )
File names 425093038.exe
0511469131.exe
187019707132.exe
payload_1.exe
output.113512580.txt
29674377.exe
795812483.exe
76702666241.exe
199544033763.exe
500882335555.exe
312410435.exe
07837135689.exe
323706190.exe
153499768561.exe
output.113512521.txt
63693363465.exe
93896792251.exe
163825179614.exe
55492125.exe
8624177961.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs