× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd30f89a8f7024edbd07fe24613f3f3db1326e4ba3eed963f4f06c320d3a4dd3
File name: emotet_e1_fd30f89a8f7024edbd07fe24613f3f3db1326e4ba3eed963f4f06c3...
Detection ratio: 49 / 69
Analysis date: 2019-03-13 12:36:32 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.Ranapama.AEY 20190313
AegisLab Trojan.Win32.Emotet.4!c 20190313
AhnLab-V3 Trojan/Win32.Emotet.C3083600 20190313
ALYac Trojan.Ranapama.AEY 20190313
Arcabit Trojan.Ranapama.AEY 20190313
Avast Win32:BankerX-gen [Trj] 20190313
AVG Win32:BankerX-gen [Trj] 20190313
Avira (no cloud) TR/Crypt.Agent.gtwfm 20190313
BitDefender Trojan.Ranapama.AEY 20190313
ClamAV Win.Malware.Emotet-6887994-0 20190313
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.3a466c 20190109
Cylance Unsafe 20190313
Cyren W32/Trojan.ZYNB-3411 20190313
DrWeb Trojan.Siggen8.14293 20190313
Emsisoft Trojan.Ranapama.AEY (B) 20190313
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CRJZ 20190313
F-Secure Trojan.TR/Crypt.Agent.gtwfm 20190313
Fortinet W32/Kryptik.CQLG!tr 20190313
GData Trojan.Ranapama.AEY 20190313
Ikarus Trojan-Banker.Emotet 20190313
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Emotet.hjp 20190313
K7AntiVirus Trojan ( 0049be1f1 ) 20190313
K7GW Trojan ( 0049be1f1 ) 20190313
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen 20190313
MAX malware (ai score=100) 20190313
McAfee GenericRXHC-WN!732351B50295 20190313
McAfee-GW-Edition Artemis!Trojan 20190313
Microsoft Trojan:Win32/Skeeyah.A!rfn 20190313
eScan Trojan.Ranapama.AEY 20190313
NANO-Antivirus Trojan.Win32.Kryptik.fnxsvd 20190313
Palo Alto Networks (Known Signatures) generic.ml 20190313
Panda Trj/GdSda.A 20190312
Qihoo-360 HEUR/QVM20.1.BEEB.Malware.Gen 20190313
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazodAJ9Gxdq/CceCQsDb/rdr) 20190313
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190313
Symantec ML.Attribute.HighConfidence 20190311
Tencent Win32.Trojan.Falsesign.Aenr 20190313
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.EMOTET.THCABAI 20190313
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THCABAI 20190313
VBA32 BScope.Malware-Cryptor.Emotet 20190313
VIPRE Trojan.Win32.Generic!BT 20190313
Webroot W32.Trojan.Emotet 20190313
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.Emotet.gen 20190313
Alibaba 20190306
Antiy-AVL 20190313
Avast-Mobile 20190313
Babable 20180918
Baidu 20190306
Bkav 20190313
CAT-QuickHeal 20190312
CMC 20190313
Comodo 20190313
eGambit 20190313
F-Prot 20190313
Kingsoft 20190313
Malwarebytes 20190313
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190313
TheHacker 20190308
Trustlook 20190313
ViRobot 20190313
Yandex 20190312
Zoner 20190313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:31 PM 3/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-09 20:20:04
Entry Point 0x00001770
Number of sections 4
PE sections
Overlays
MD5 59ce62531cdb3580297d49a157eea67e
File type data
Offset 265728
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegQueryValueExA
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
SaferRecordEventLogEntry
SaferComputeTokenFromLevel
RegQueryValueExW
RegOpenKeyA
RegOpenKeyExW
GetSecurityDescriptorOwner
RegOpenKeyW
RegOpenKeyExA
RegQueryValueW
SaferCloseLevel
GetFileSecurityW
CreateProcessAsUserW
RevertToSelf
RegSetValueExW
FreeSid
SaferIdentifyLevel
ImpersonateLoggedOnUser
AbortDoc
CreateSolidBrush
DeleteObject
CreateHalftonePalette
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleCursorInfo
OpenFileMappingA
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
InitAtomTable
LoadResource
TlsGetValue
QueryDosDeviceW
OutputDebugStringA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
FlushViewOfFile
FillConsoleOutputCharacterW
QueryPerformanceFrequency
FatalAppExitW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
SetCalendarInfoA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
lstrcpyW
ExpandEnvironmentStringsW
CreateTimerQueueTimer
WriteProfileSectionA
RemoveDirectoryA
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
lstrlenW
GetEnvironmentStrings
CompareFileTime
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
CloseHandle
GetVersion
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
DrawTextW
SetRectEmpty
EnableScrollBar
CopyRect
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
DispatchMessageA
EndPaint
SetDlgItemInt
IntersectRect
PeekMessageA
GetMessageTime
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
TranslateMessage
CharUpperW
UnregisterClassW
GetClassInfoW
DefMDIChildProcW
GetDlgItemTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetMenuItemID
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
MapVirtualKeyExW
GetMessageW
ShowWindow
GetQueueStatus
DrawFrameControl
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
GetCursorPos
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
CopyImage
SetParent
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetDlgItemInt
SetClipboardData
ToUnicodeEx
GetIconInfo
GetMenuItemRect
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
GetSubMenu
OpenClipboard
GetKeyboardLayout
FillRect
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
GetMessageA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
ShowCaret
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
LoadBitmapW
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
PostMessageA
DrawIcon
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
WaitMessage
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
CharUpperBuffW
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ScreenToClient
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
CheckDlgButton
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
NotifyWinEvent
SetFocus
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
EndDialog
ModifyMenuW
HideCaret
FindWindowW
GetCapture
CreatePopupMenu
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetTopWindow
wsprintfW
DefFrameProcW
IsWindowVisible
WinHelpW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
TranslateMDISysAccel
GetClientRect
ValidateRect
IsRectEmpty
IsMenu
GetFocus
BeginDeferWindowPos
CreateMenu
InsertMenuItemW
CloseClipboard
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
CZECH DEFAULT 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:03:09 21:20:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
157184

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1770

InitializedDataSize
107520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 732351b502957e28e85a110ce98c00db
SHA1 705475b3a466cc8c036213dc8e86b29d220951ba
SHA256 fd30f89a8f7024edbd07fe24613f3f3db1326e4ba3eed963f4f06c320d3a4dd3
ssdeep
6144:Ya0m9wDUi91ggOTMTtM/faJiiAf5uDv888888888888W888888888885L:pMB1gPMTtM/faJibfq888888888888W8

authentihash 564e191af2cd7e37876ed87b72eee2b7aa2da88a823a8d88c0ca1c2bc8c6fef4
imphash 4e881621082522baa4f1e7ea3d8c8f1c
File size 262.8 KB ( 269064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-10 05:24:15 UTC ( 1 month, 1 week ago )
Last submission 2019-03-12 02:20:39 UTC ( 1 month, 1 week ago )
File names emotet_e1_fd30f89a8f7024edbd07fe24613f3f3db1326e4ba3eed963f4f06c320d3a4dd3_2019-03-09__233003.exe_
c9k2ptdgxm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
TCP connections