× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fec92f3a1feab2468f235ac211262cce0737d7e296130e9e51f839ad1fc476c8
File name: fec92f3a1feab2468f235ac211262cce0737d7e296130e9e51f839ad1fc476c8
Detection ratio: 37 / 64
Analysis date: 2018-07-03 10:12:53 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.hqX@aaPbTlj 20180703
AegisLab Troj.W32.Dovs!c 20180703
AhnLab-V3 Trojan/Win32.Emotet.R231028 20180703
Antiy-AVL Trojan/Win32.Dovs 20180703
Arcabit Trojan.Heur.FU.E10C3E 20180703
Avast FileRepMalware 20180703
AVG FileRepMalware 20180703
Avira (no cloud) TR/Crypt.ZPACK.Gen 20180703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180703
BitDefender Gen:Trojan.Heur.FU.hqX@aaPbTlj 20180703
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.af95a4 20180225
Cyren W32/Trojan.FTBQ-1024 20180703
Emsisoft Gen:Trojan.Heur.FU.hqX@aaPbTlj (B) 20180703
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIII 20180703
Fortinet W32/Emotet.BK!tr 20180703
GData Gen:Trojan.Heur.FU.hqX@aaPbTlj 20180703
Ikarus Trojan.Win32.Crypt 20180703
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Dovs.oye 20180703
MAX malware (ai score=98) 20180703
McAfee Emotet-FHK!D20C4F9AF95A 20180703
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180703
Microsoft Trojan:Win32/Emotet.AC!bit 20180703
eScan Gen:Trojan.Heur.FU.hqX@aaPbTlj 20180703
NANO-Antivirus Trojan.Win32.Dovs.fetapu 20180703
Palo Alto Networks (Known Signatures) generic.ml 20180703
Panda Trj/GdSda.A 20180703
Qihoo-360 Win32/Trojan.d27 20180703
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180703
Symantec Packed.Generic.517 20180703
Tencent Win32.Trojan.Crypt.Wnce 20180703
VBA32 Malware-Cryptor.Limpopo 20180629
ViRobot Trojan.Win32.Z.Emotet.114688.BS 20180703
ZoneAlarm by Check Point Trojan.Win32.Dovs.oye 20180703
ALYac 20180703
Avast-Mobile 20180703
AVware 20180703
Babable 20180406
Bkav 20180703
CAT-QuickHeal 20180703
ClamAV 20180703
CMC 20180703
Comodo 20180703
DrWeb 20180703
eGambit 20180703
F-Prot 20180703
F-Secure 20180703
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180703
Kingsoft 20180703
Malwarebytes 20180703
SUPERAntiSpyware 20180703
TACHYON 20180703
TheHacker 20180628
TotalDefense 20180703
Trustlook 20180703
VIPRE 20180703
Webroot 20180703
Yandex 20180703
Zillya 20180703
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-28 23:57:17
Entry Point 0x000014B1
Number of sections 4
PE sections
Overlays
MD5 2f40c201177440ac5d155c10ce104ade
File type data
Offset 110592
Size 4096
Entropy 0.08
PE imports
RegEnableReflectionKey
WriteEncryptedFileRaw
InitializeSecurityDescriptor
SelectClipPath
CreateDiscardableBitmap
SetRectRgn
DisconnectNamedPipe
SetThreadPreferredUILanguages
SetCurrentConsoleFontEx
SetTimeZoneInformation
LoadLibraryW
ConvertFiberToThread
SetFileApisToOEM
LocalFileTimeToFileTime
FindAtomA
CloseHandle
GetCommandLineA
FindVolumeMountPointClose
CreateConsoleScreenBuffer
FindFirstFileNameW
UnRegisterTypeLib
RasHangUpA
UrlCompareW
GetMenuPosFromID
TileWindows
GetLastInputInfo
LockWorkStation
GetMenuInfo
GetWindowRect
MessageBoxIndirectA
RegisterHotKey
DrawIconEx
LoadCursorFromFileA
GetScrollPos
DlgDirListW
WindowFromPoint
GetWindowModuleFileNameW
SetCursor
SetForegroundWindow
GetDlgItemTextW
CharNextW
GetKeyState
fwrite
fprintf
putc
toupper
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:29 00:57:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x14b1

InitializedDataSize
65536

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d20c4f9af95a4211e3b235580c8ab606
SHA1 3df8a2115e3cbbc592733af5662d41a1ffd3796a
SHA256 fec92f3a1feab2468f235ac211262cce0737d7e296130e9e51f839ad1fc476c8
ssdeep
1536:1QKu3oBWb4bRGsmedi4q7KmYRAodIHmDgfnIP9EjTRUMZNT:G/3eWbZs3dzqsRxKKCA9EPRUMzT

authentihash 537368c77704476e41a38f523a437ea41bd3a80c304f7afb6be86174b262d018
imphash 5927c9a7eaf7bbf790010d7cbe904ad4
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-07-02 20:25:03 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-25 16:08:57 UTC ( 4 months ago )
File names d20c4f9af95a4211e3b235580c8ab606.virus
d20c4f9af95a4211e3b235580c8ab606.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!