× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb87999c9294373f0b8c1cd6d94ec5d946b3e3e0c01c174cadc0473fd395018f
File name: z5lAsQednEbhmSRpZwHs.exe
Detection ratio: 38 / 66
Analysis date: 2018-05-14 09:29:47 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30781770 20180514
AegisLab Ml.Attribute.Gen!c 20180514
ALYac Trojan.GenericKD.30781770 20180514
Antiy-AVL Trojan/Win32.TSGeneric 20180514
Arcabit Trojan.Generic.D1D5B14A 20180514
Avast Win32:Malware-gen 20180514
AVG Win32:Malware-gen 20180514
Avira (no cloud) TR/Crypt.ZPACK.bkuje 20180513
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180511
BitDefender Trojan.GenericKD.30781770 20180514
ClamAV Win.Trojan.Emotet-6541548-0 20180514
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180514
Cyren W32/Trojan.JGWU-6177 20180514
eGambit Unsafe.AI_Score_99% 20180514
Emsisoft Trojan.GenericKD.30781770 (B) 20180514
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGRA 20180514
F-Secure Trojan.GenericKD.30781770 20180514
GData Trojan.GenericKD.30781770 20180514
Ikarus Trojan.Crypt 20180514
Sophos ML heuristic 20180503
Kaspersky Trojan-Banker.Win32.Emotet.ankx 20180514
MAX malware (ai score=94) 20180514
McAfee Artemis!57C84D95FE34 20180514
McAfee-GW-Edition BehavesLike.Win32.Ransom.ch 20180514
Microsoft Trojan:Win32/Occamy.C 20180514
eScan Trojan.GenericKD.30781770 20180514
Palo Alto Networks (Known Signatures) generic.ml 20180514
Panda Trj/GdSda.A 20180513
Qihoo-360 HEUR/QVM20.1.1F31.Malware.Gen 20180514
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180514
Symantec Trojan.Gen.6 20180514
Tencent Win32.Trojan-banker.Emotet.Sxym 20180514
TrendMicro-HouseCall TROJ_GEN.R011H0CEE18 20180514
Webroot W32.Trojan.Emotet 20180514
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ankx 20180514
AhnLab-V3 20180513
Alibaba 20180514
Avast-Mobile 20180514
AVware 20180428
Babable 20180406
Bkav 20180514
CAT-QuickHeal 20180514
CMC 20180514
Comodo 20180514
Cybereason None
F-Prot 20180514
Fortinet 20180514
Jiangmin 20180514
K7AntiVirus 20180514
K7GW 20180514
Kingsoft 20180514
Malwarebytes 20180514
NANO-Antivirus 20180514
nProtect 20180514
Rising 20180514
SUPERAntiSpyware 20180514
Symantec Mobile Insight 20180511
TheHacker 20180509
TotalDefense 20180514
TrendMicro 20180514
Trustlook 20180514
VBA32 20180511
VIPRE 20180514
ViRobot 20180514
Yandex 20180513
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-13 07:20:15
Entry Point 0x00001243
Number of sections 4
PE sections
PE imports
PageSetupDlgW
JetIndexRecordCount
RemoveFontResourceExW
GetMiterLimit
SetPriorityClass
GetPriorityClass
ReleaseMutex
GetSystemPowerStatus
EnumResourceLanguagesA
GetOverlappedResult
GetCalendarInfoW
ConvertDefaultLocale
SetThreadPriorityBoost
GetCommandLineA
GetConsoleHistoryInfo
GetNumberFormatW
WriteConsoleW
SetupDiClassGuidsFromNameW
SetupDiOpenDeviceInterfaceRegKey
GetLastActivePopup
SetScrollPos
GetFocus
IsWindowVisible
IsChild
ScheduleJob
Number of PE resources by type
RT_STRING 10
RT_BITMAP 3
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:13 09:20:15+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1243

InitializedDataSize
122880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 57c84d95fe34906d66c681084c464da9
SHA1 66652a06e5c9b6918dbd741c8ca0087510703eeb
SHA256 fb87999c9294373f0b8c1cd6d94ec5d946b3e3e0c01c174cadc0473fd395018f
ssdeep
1536:oej0U99KCd/eOunnBTeB1jb3FRzKokv8u3Ik6M68oIyYmfEMZo69tMEBJgd:oej0UXK4mdnBTWx3nJu3Is1lrIC8BM

authentihash 60759bd124b92fad4fb78a8c573b87c094183c8de56137a72bd758c672e87fba
imphash 8e61e86c64e057f16fcd73ea4c42cdc8
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-12 22:24:35 UTC ( 9 months, 1 week ago )
Last submission 2018-05-26 17:47:57 UTC ( 8 months, 4 weeks ago )
File names z5lAsQednEbhmSRpZwHs.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!