× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa164b7fc86004033cc97ca808497cd0df61a5b4d2840df7f30d0511c70f9e30
File name: emotet_e1_fa164b7fc86004033cc97ca808497cd0df61a5b4d2840df7f30d051...
Detection ratio: 36 / 64
Analysis date: 2019-03-21 01:55:40 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190321
Ad-Aware Trojan.Emotet.VM 20190321
AegisLab Hacktool.Win32.Krap.lKMc 20190321
AhnLab-V3 Trojan/Win32.Emotet.R259609 20190320
Arcabit Trojan.Emotet.VM 20190321
Avast Win32:DangerousSig [Trj] 20190320
AVG Win32:DangerousSig [Trj] 20190320
BitDefender Trojan.Emotet.VM 20190321
ClamAV Win.Malware.Emotet-6900425-0 20190320
Cyren W32/Trojan.CHBS-2137 20190321
Emsisoft Trojan.Emotet (A) 20190321
Endgame malicious (high confidence) 20190321
ESET-NOD32 a variant of Win32/Kryptik.EVLC 20190320
Fortinet W32/Kryptik.GQEV!tr 20190321
GData Trojan.Emotet.VM 20190321
Ikarus Trojan-Banker.Emotet 20190320
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 004eb3561 ) 20190320
K7GW Trojan ( 004eb3561 ) 20190320
Kaspersky Trojan-Banker.Win32.Emotet.cqbp 20190321
Malwarebytes Trojan.Emotet 20190321
MAX malware (ai score=84) 20190321
McAfee Emotet-FMI!5A8AAFE583D7 20190321
McAfee-GW-Edition Emotet-FMI!5A8AAFE583D7 20190320
Microsoft Trojan:Win32/Emotet.LK!ml 20190320
eScan Trojan.Emotet.VM 20190321
Palo Alto Networks (Known Signatures) generic.ml 20190321
Panda Trj/GdSda.A 20190320
Qihoo-360 HEUR/QVM20.1.FAC7.Malware.Gen 20190321
Rising Trojan.Kryptik!8.8 (CLOUD) 20190321
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Emotet-Q 20190320
Trapmine suspicious.low.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMTH 20190321
VBA32 BScope.Malware-Cryptor.Emotet 20190320
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cqbp 20190321
Alibaba 20190306
Antiy-AVL 20190321
Avast-Mobile 20190320
Avira (no cloud) 20190320
Babable 20180918
Baidu 20190318
Bkav 20190320
CAT-QuickHeal 20190320
CMC 20190320
Comodo 20190321
Cybereason 20190109
DrWeb 20190321
eGambit 20190321
F-Secure 20190320
Jiangmin 20190321
Kingsoft 20190321
NANO-Antivirus 20190321
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190321
Tencent 20190321
TheHacker 20190320
TotalDefense 20190318
Trustlook 20190321
VIPRE 20190320
ViRobot 20190320
Yandex 20190320
Zillya 20190320
Zoner 20190321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name OneClickMaintenance.exe
Internal name OneClickMaintenance.exe
File version 5, 0, 0, 6
Description OneClickMaintenance
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:53 AM 3/24/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-20 07:53:15
Entry Point 0x000011D0
Number of sections 4
PE sections
Overlays
MD5 6bea69281c4d3f60b0182a68733bde3f
File type data
Offset 357888
Size 3336
Entropy 7.35
PE imports
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegEnumKeyW
RegFlushKey
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
FlatSB_SetScrollInfo
ImageList_SetImageCount
Ord(17)
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_Create
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
ImageList_Read
ImageList_Copy
ImageList_EndDrag
GetSaveFileNameW
GetOpenFileNameW
SetDIBits
GdiFixUpHandle
PlayEnhMetaFileRecord
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
GetObjectType
GdiGetBatchLimit
CopyEnhMetaFileW
GetTextExtentPoint32A
SetPixel
EndDoc
IntersectClipRect
AngleArc
GetTextFaceA
CopyEnhMetaFileA
GetTextExtentPointW
GdiEntry16
CreatePalette
CreateDIBitmap
GdiEntry10
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
SetBkColor
SetWinMetaFileBits
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateRectRgnIndirect
EnumFontsA
GetBitmapBits
GdiGetPageHandle
GetBrushOrgEx
ExcludeClipRect
CLIPOBJ_ppoGetPath
GdiGetDevmodeForPage
SetBkMode
BitBlt
CreateFontA
GetOutlineTextMetricsA
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
GetFontData
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
CreatePolyPolygonRgn
SetPixelV
DeleteObject
CreatePenIndirect
GetTextFaceAliasW
PatBlt
CreatePen
GetMetaRgn
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
XFORMOBJ_iGetXform
GetEnhMetaFileDescriptionW
SetEnhMetaFileBits
SetPaletteEntries
SetDIBitsToDevice
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
AddFontResourceExA
SelectClipRgn
RoundRect
GdiGetCodePage
GetWinMetaFileBits
RealizePalette
GetEnhMetaFileHeader
SetWindowOrgEx
EudcLoadLinkW
GetTextExtentPoint32W
StartDocA
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
EngGradientFill
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
CreateBitmap
CreateDIBSection
GdiSetBatchLimit
SetTextColor
ExtFloodFill
GetCurrentObject
EngAcquireSemaphore
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
ExtTextOutW
CreateCompatibleDC
PolyBezierTo
CreateFontW
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
GetEnhMetaFilePixelFormat
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
EnumResourceLanguagesA
WaitForSingleObject
HeapDestroy
CreateTimerQueue
GetFileAttributesW
DuplicateHandle
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetCurrentDirectoryW
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
GetEnvironmentStrings
SetErrorMode
FreeEnvironmentStringsW
GetStringTypeExW
lstrcatW
GetLocaleInfoW
SetStdHandle
FindResourceExA
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
CompareFileTime
GetThreadPriority
GetCurrentThread
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
EnumCalendarInfoW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetStringTypeExA
OutputDebugStringA
lstrcpynW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InterlockedDecrement
GlobalFindAtomW
WriteProcessMemory
UpdateResourceW
FileTimeToDosDateTime
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
SetConsoleOutputCP
LoadLibraryA
QueryPerformanceFrequency
GlobalAddAtomW
EnumResourceLanguagesW
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
DeleteTimerQueueTimer
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
FormatMessageA
EnumDateFormatsW
GetModuleHandleA
GlobalMemoryStatus
InterlockedExchangeAdd
CreateThread
GetSystemDefaultUILanguage
MoveFileExW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
FlushFileBuffers
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
ExitThread
HeapCreate
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
EnumResourceNamesW
VirtualQuery
GetConsoleMode
VirtualQueryEx
FileTimeToLocalFileTime
SetEndOfFile
FlushViewOfFile
GetVersion
InterlockedIncrement
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
EnumResourceTypesW
lstrcmpiA
EndUpdateResourceW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
RtlUnwind
FreeLibrary
CopyFileW
GlobalSize
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
CreateDirectoryA
DeleteFileA
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
GetCPInfo
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetProfileStringW
CompareStringW
lstrcpyW
BeginUpdateResourceW
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
CreateDirectoryW
lstrcpyA
CreateEventW
EnumResourceNamesA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetUserDefaultLCID
CreateFileMappingW
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
LoadResource
GetLastError
LocalReAlloc
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetConsoleAliasesLengthW
LCMapStringA
EnumSystemLocalesW
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
GetAtomNameA
SwitchToThread
SizeofResource
GetUserDefaultLangID
VirtualFreeEx
GetCurrentProcessId
CopyFileExA
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
EnumResourceTypesA
HeapSize
SetThreadAffinityMask
InterlockedCompareExchange
WritePrivateProfileStringW
SuspendThread
RaiseException
CompareStringA
MapViewOfFile
TlsFree
SetFilePointer
GetFullPathNameW
ReadFile
ReadConsoleOutputCharacterW
GlobalFlags
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GetModuleHandleW
GetCurrentThreadId
FreeResource
GetCPInfoExW
GetFileAttributesExW
FindResourceA
FindResourceExW
GetLongPathNameW
CreateProcessA
SetCommConfig
GetLocalTime
IsValidCodePage
UnmapViewOfFile
DragQueryFileW
SHBrowseForFolderW
SHBindToParent
SHChangeNotify
Shell_NotifyIconW
ExtractAssociatedIconExA
SHBrowseForFolderA
SHQueryRecycleBinA
Shell_NotifyIcon
Ord(18)
SHLoadNonloadedIconOverlayIdentifiers
Ord(24)
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHGetPathFromIDListW
ExtractIconEx
SHCreateDirectoryExA
ShellExecuteExW
SHEmptyRecycleBinA
SHGetFileInfoW
SHFileOperationW
WOWShellExecute
SHGetMalloc
SHGetIconOverlayIndexW
DragQueryFile
SHFormatDrive
DragAcceptFiles
SHGetDesktopFolder
Ord(153)
SHGetSpecialFolderPathA
ShellExecuteExA
SHCreateProcessAsUserW
Ord(680)
ShellAboutW
Ord(25)
SHGetDataFromIDListW
DragFinish
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderLocation
Ord(16)
SHGetDataFromIDListA
SHGetPathFromIDList
SHGetFolderPathA
CommandLineToArgvW
DoEnvironmentSubstW
StrCmpNIW
StrStrIW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
CountClipboardFormats
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefWindowProcW
GetDlgItemTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
LoadImageW
TrackPopupMenu
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
EnumClipboardFormats
MsgWaitForMultipleObjects
ScrollWindow
DrawTextW
CopyImage
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
DefMDIChildProcW
IsCharAlphaW
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
CharUpperW
PeekMessageA
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
SetClipboardData
GetIconInfo
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
GetDCEx
IsDialogMessageW
FillRect
EnumThreadWindows
MonitorFromPoint
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
OpenClipboard
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
EmptyClipboard
SystemParametersInfoW
OffsetRect
SetFocus
GetScrollPos
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CharPrevW
GetClipboardData
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
EndDialog
CreateDialogParamW
DrawTextExW
WaitMessage
CreatePopupMenu
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
CreateIconIndirect
ScreenToClient
SetKeyboardState
CreateIcon
GetKeyboardState
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
GetKeyboardLayout
LoadCursorW
GetSystemMenu
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
ExitWindowsEx
GetMenuStringW
GetAsyncKeyState
CharLowerBuffW
IntersectRect
GetScrollInfo
GetTopWindow
HideCaret
FindWindowW
GetCapture
BeginPaint
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
LoadIconW
DialogBoxParamW
LoadKeyboardLayoutW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
SendMessageTimeoutW
MessageBoxIndirectW
MsgWaitForMultipleObjectsEx
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
wvsprintfW
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
wsprintfW
DefFrameProcW
IsWindowVisible
SetCursorPos
IsCharAlphaNumericW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
CheckMenuItem
UnhookWindowsHookEx
SetCursor
CoInitializeEx
OleUninitialize
CoUninitialize
IsEqualGUID
OleInitialize
RevokeDragDrop
ReleaseStgMedium
CLSIDFromString
RegisterDragDrop
CoCreateInstance
DoDragDrop
StringFromCLSID
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 21
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.6

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
OneClickMaintenance

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
57344

EntryPoint
0x11d0

OriginalFileName
OneClickMaintenance.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

FileVersion
5, 0, 0, 6

TimeStamp
2019:03:20 08:53:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OneClickMaintenance.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Glarysoft Ltd

CodeSize
299520

ProductName
Glary Utilities

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5a8aafe583d7abe5dfd5130a2cdf9a50
SHA1 a10f95d74dfcbcb4485252956c390be2d85309e7
SHA256 fa164b7fc86004033cc97ca808497cd0df61a5b4d2840df7f30d0511c70f9e30
ssdeep
6144:MBf46wO7HK3Uwo5VUg+fsEjoKnun1Knun1Knun1Knun1Knun1Knun1Knun1KnunP:Yf9oWVK2WOWOWOWOWOWOWOWOWUoPxR6

authentihash adacfa2472e65bc2420eeacacf1562ee38b64b0cba91ddaa0d3b8ec825f5c593
imphash 56e6743e9f8209d69eeba6e760c3270b
File size 352.8 KB ( 361224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-20 07:55:47 UTC ( 1 month ago )
Last submission 2019-03-24 03:53:23 UTC ( 3 weeks, 6 days ago )
File names OneClickMaintenance.exe
emotet_e1_fa164b7fc86004033cc97ca808497cd0df61a5b4d2840df7f30d0511c70f9e30_2019-03-20__080002.exe_
5a8aafe583d7abe5dfd5130a2cdf9a50.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections