× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa38baeea0e3c71a9a51cb822f5c871215487fe7379ce7592ede4915d7d3a295
File name: b514e6a1154a8487c838b0a34a729642
Detection ratio: 47 / 71
Analysis date: 2019-01-18 11:18:02 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190117
Ad-Aware Trojan.Autoruns.GenericKDS.40946930 20190118
AhnLab-V3 Trojan/Win32.FCN.R251902 20190118
ALYac Trojan.Agent.Emotet 20190118
Arcabit Trojan.Autoruns.GenericS.D270CCF2 20190118
Avast Win32:MalwareX-gen [Trj] 20190118
AVG Win32:MalwareX-gen [Trj] 20190118
BitDefender Trojan.Autoruns.GenericKDS.40946930 20190118
Bkav HW32.Packed. 20190118
ClamAV Win.Malware.Emotet-6817631-0 20190118
Comodo Malware@#15w83e13tbj5m 20190118
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190118
Cyren W32/Trojan.GAGE-6815 20190118
DrWeb Trojan.EmotetENT.347 20190118
Emsisoft Trojan.Autoruns.GenericKDS.40946930 (B) 20190118
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOQZ 20190118
F-Prot W32/Emotet.ME.gen!Eldorado 20190118
F-Secure Trojan.Autoruns.GenericKDS.40946930 20190118
Fortinet Malicious_Behavior.SB 20190118
GData Trojan.Autoruns.GenericKDS.40946930 20190118
Ikarus Trojan-Banker.Emotet 20190118
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545a131 ) 20190118
K7GW Trojan ( 00545a131 ) 20190118
Kaspersky Trojan-Banker.Win32.Emotet.bztr 20190118
Malwarebytes Trojan.Emotet 20190118
McAfee RDN/Generic.dx 20190118
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20190118
Microsoft Trojan:Win32/Emotet.M 20190118
eScan Trojan.Autoruns.GenericKDS.40946930 20190118
Palo Alto Networks (Known Signatures) generic.ml 20190118
Panda Trj/RnkBend.A 20190117
Qihoo-360 HEUR/QVM20.1.91A5.Malware.Gen 20190118
Rising Trojan.Emotet!8.B95 (CLOUD) 20190118
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-AOI 20190118
Symantec Trojan.Gen.2 20190118
Tencent Win32.Trojan-banker.Emotet.Pcsa 20190118
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.EMOTET.THOAAFAI 20190118
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THOAAFAI 20190118
VBA32 BScope.Trojan.Refinka 20190118
ViRobot Trojan.Win32.Z.Emotet.151552.AT 20190118
Webroot W32.Trojan.Emotet 20190118
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bztr 20190118
AegisLab 20190118
Alibaba 20180921
Antiy-AVL 20190118
Avast-Mobile 20190118
Avira (no cloud) 20190118
Babable 20180918
Baidu 20190118
CAT-QuickHeal 20190118
CMC 20190118
Cybereason 20190109
eGambit 20190118
Jiangmin 20190118
Kingsoft 20190118
MAX 20190118
NANO-Antivirus 20190118
SUPERAntiSpyware 20190116
TACHYON 20190118
TheHacker 20190115
TotalDefense 20190118
Trustlook 20190118
VIPRE 20190118
Yandex 20190118
Zillya 20190118
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Co

Product Microsoft® Windows® O
Internal name fast
File version 6.1.7
Description WMI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-09 09:45:28
Entry Point 0x000039D0
Number of sections 10
PE sections
PE imports
PaintRgn
SetBitmapDimensionEx
GetLastError
TlsFree
ReadFile
GlobalAlloc
GetTickCount
IsProcessInJob
GetSystemTimeAsFileTime
GetCommandLineA
CancelSynchronousIo
GetTapeStatus
VarCyFromI1
I_RpcServerSetAddressChangeFn
GetCursorPos
GetFocus
BeginDeferWindowPos
GetKeyboardType
GetMenuItemRect
InternetOpenUrlW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KANNADA DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.33.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WMI

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x39d0

MIMEType
application/octet-stream

LegalCopyright
Microsoft Co

FileVersion
6.1.7

TimeStamp
1994:07:09 11:45:28+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
fast

ProductVersion
6.1.7

SubsystemVersion
6.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporati

CodeSize
12288

ProductName
Microsoft Windows O

ProductVersionNumber
1.0.33.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b514e6a1154a8487c838b0a34a729642
SHA1 8efadd8df54d25544d75a7b423c8f65a14a63fad
SHA256 fa38baeea0e3c71a9a51cb822f5c871215487fe7379ce7592ede4915d7d3a295
ssdeep
3072:4wWgWEZM0mV4I7uX/mpZbI4/ENASQI7L95IwFexjC31jlV:tlWcM06UX/mTbrgzrIwM4j

authentihash 3294f82436f840daeebdb05bebc39c8bc54c47c7908b3e035a9b1e5db75b949c
imphash 35f681ea610e81bed0eb8019c12d2b1a
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-15 18:59:46 UTC ( 1 month ago )
Last submission 2019-01-16 23:25:48 UTC ( 1 month ago )
File names IExe_Cky6Nl7wg_OTXAG.exe
fast
8t5w_8v.exe
emotet_e2_fa38baeea0e3c71a9a51cb822f5c871215487fe7379ce7592ede4915d7d3a295_2019-01-15__190001.exe_
Omb4VLJbXJEqJklpj.exe
nTthrg_s.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!