× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffab6f00ae0b89e7132eedfb692e79713500104a4a52d98bed08bb9915eecff5
File name: ffab6f00ae0b89e7132eedfb692e79713500104a4a52d98bed08bb9915eecff5
Detection ratio: 47 / 71
Analysis date: 2019-02-02 07:14:20 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.Agent.DOOH 20190202
ALYac Trojan.Agent.Emotet 20190202
Arcabit Trojan.Agent.DOOH 20190202
Avast Win32:BankerX-gen [Trj] 20190202
AVG Win32:BankerX-gen [Trj] 20190202
Avira (no cloud) TR/AD.Emotet.uqvgb 20190202
BitDefender Trojan.Agent.DOOH 20190202
Bkav HW32.Packed. 20190201
Comodo Malware@#rkh0egmyskzr 20190202
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190202
Cyren W32/Trojan.GJSS-2955 20190202
DrWeb Trojan.EmotetENT.370 20190202
eGambit Unsafe.AI_Score_75% 20190202
Emsisoft Trojan.Emotet (A) 20190202
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20190202
F-Secure Trojan.Agent.DOOH 20190202
Fortinet W32/GenKryptik.CXUC!tr 20190201
GData Trojan.Agent.DOOH 20190202
Ikarus Trojan-Banker.Emotet 20190201
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190202
K7GW Riskware ( 0040eff71 ) 20190202
Kaspersky Trojan-Banker.Win32.Emotet.ccgj 20190202
Malwarebytes Trojan.Emotet 20190202
MAX malware (ai score=100) 20190202
McAfee RDN/Generic.dx 20190202
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20190201
Microsoft Trojan:Win32/Emotet.DZ 20190202
eScan Trojan.Agent.DOOH 20190202
Palo Alto Networks (Known Signatures) generic.ml 20190202
Panda Trj/Genetic.gen 20190201
Qihoo-360 HEUR/QVM20.1.D983.Malware.Gen 20190202
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190202
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Troj/Emotet-AXA 20190202
Symantec Trojan.Emotet 20190202
Tencent Win32.Trojan-banker.Emotet.Sxxt 20190202
Trapmine malicious.high.ml.score 20190123
TrendMicro TrojanSpy.Win32.EMOTET.THABIAI 20190202
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.THABIAI 20190202
VBA32 BScope.TrojanBanker.Emotet 20190201
VIPRE Trojan.Win32.Generic!BT 20190202
Webroot W32.Trojan.Emotet 20190202
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.ccgj 20190202
AegisLab 20190202
AhnLab-V3 20190201
Alibaba 20180921
Antiy-AVL 20190202
Avast-Mobile 20190201
Babable 20180918
Baidu 20190202
CAT-QuickHeal 20190201
ClamAV 20190201
CMC 20190201
Cybereason 20190109
F-Prot 20190202
Jiangmin 20190202
Kingsoft 20190202
NANO-Antivirus 20190202
SUPERAntiSpyware 20190130
TACHYON 20190202
TheHacker 20190131
TotalDefense 20190202
Trustlook 20190202
ViRobot 20190201
Yandex 20190201
Zillya 20190201
Zoner 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995 Microsoft Corporation

Product Microsoft Picstore
Original name amstoune.exe
Internal name amstoune
File version 2.2
Description picstore
Comments Built-in compression
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-01-09 08:08:07
Entry Point 0x0000278A
Number of sections 6
PE sections
PE imports
BuildImpersonateTrusteeW
RegSaveKeyW
RegConnectRegistryW
IsTokenRestricted
CreateDiscardableBitmap
GetFontUnicodeRanges
PathToRegion
ImmSetOpenStatus
FlushProcessWriteBuffers
GetThreadLocale
GetLocaleInfoA
FindFirstFileA
GetCommandLineW
ClearCommBreak
Sleep
CloseHandle
DeleteAtom
GetTapePosition
GetUserGeoID
GetStartupInfoW
RpcFreeAuthorizationContext
GetForegroundWindow
PeekMessageW
DrawTextExW
CharUpperW
VkKeyScanExA
GetWindowWord
SCardConnectW
StringFromGUID2
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
MAORI DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

Comments
Built-in compression

LinkerVersion
0.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
2.0.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
picstore

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x278a

OriginalFileName
amstoune.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995 Microsoft Corporation

FileVersion
2.2

TimeStamp
2003:01:09 09:08:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
amstoune

ProductVersion
2.2

UninitializedDataSize
102400

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Picstore

ProductVersionNumber
2.0.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c845468424871fb9d1c9ab5043fe47d1
SHA1 b521fe7ff72e68165ff767d7dfa868e105d5de8b
SHA256 ffab6f00ae0b89e7132eedfb692e79713500104a4a52d98bed08bb9915eecff5
ssdeep
3072:sBSVx0dRkqXYNHKCrUfje+XF+/RX4CQAr/psO6k:lVx0dRkqX2SjeoCQAr/6O6

authentihash 26fecada9f103c92617ed8a5ae372f462cd86fd1ce6b77bd7e1bc939a7a8de64
imphash 6c26bae6590e11bc3091a7c4763dff0b
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-28 13:40:36 UTC ( 3 months, 3 weeks ago )
Last submission 2019-01-28 23:51:40 UTC ( 3 months, 2 weeks ago )
File names MhRePj4NFoUhPzxg_24.exe
TMFmUJzC_zgmXnDI.exe
amstoune.exe
TP7uDzagol0oo.exe
jklXCb3PTtyOqeLb.exe
reswuuidgen.exe
NEdZwW.exe
Xm4MpxRt.exe
Sq6YVAd_Z96fdPtDZ.exe
6NNEZxp18DR7Ktk_cOkBh.exe
MdQX0.exe
wbU8BP5_VPnl.exe
emotet_e2_ffab6f00ae0b89e7132eedfb692e79713500104a4a52d98bed08bb9915eecff5_2019-01-28__132001.exe_
cWhfMyIPEtTtS.exe
8rx7Z9wk77Tt6.exe
amstoune
QL1MxiZmcWs_TGE.exe
gge5xLPZDlOdK_ena.exe
8y2uklIIc.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!