× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 51f49d3aed2e6379d01b1e3c8b3c2b31928761f5c15089d3137e85a80cc128c7
Bestandsnaam: 51f49d3aed2e6379d01b1e3c8b3c2b31928761f5c15089d3137e85a80cc128c7
Detectieverhouding: 18 / 70
Datum van analyse: 2019-02-24 13:07:33 UTC (2 maanden, 4 weken geleden) Laatste weergeven
Virusscanner Resultaat Versie
Acronis suspicious 20190222
Bkav HW32.Packed. 20190222
CAT-QuickHeal Trojan.Emotet.X4 20190224
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.79684e 20190109
Cylance Unsafe 20190224
eGambit Unsafe.AI_Score_95% 20190224
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQCA 20190224
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005485311 ) 20190224
K7GW Trojan ( 005485311 ) 20190224
McAfee GenericRXHA-OU!1AAD82C689F7 20190224
Qihoo-360 HEUR/QVM20.1.713F.Malware.Gen 20190224
Rising Malware.Heuristic.MLite(100%) (AI-LITE:2dI9YFono8BpHwhlYbRwkg) 20190224
SentinelOne (Static ML) static engine - malicious 20190203
Symantec Packed.Generic.517 20190223
Trapmine malicious.high.ml.score 20190123
Ad-Aware 20190224
AegisLab 20190224
AhnLab-V3 20190224
Alibaba 20180921
Antiy-AVL 20190224
Arcabit 20190224
Avast 20190224
Avast-Mobile 20190224
AVG 20190224
Avira (no cloud) 20190224
Babable 20180918
Baidu 20190215
BitDefender 20190224
ClamAV 20190223
CMC 20190224
Comodo 20190224
Cyren 20190224
DrWeb 20190224
Emsisoft 20190224
F-Prot 20190224
F-Secure 20190224
Fortinet 20190224
GData 20190224
Ikarus 20190224
Jiangmin 20190224
Kaspersky 20190224
Kingsoft 20190224
Malwarebytes 20190224
MAX 20190224
McAfee-GW-Edition 20190224
Microsoft 20190224
eScan 20190224
NANO-Antivirus 20190224
Palo Alto Networks (Known Signatures) 20190224
Panda 20190224
Sophos AV 20190224
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190224
Tencent 20190224
TheHacker 20190217
TotalDefense 20190224
TrendMicro 20190224
TrendMicro-HouseCall 20190224
Trustlook 20190224
VBA32 20190222
VIPRE 20190223
ViRobot 20190224
Webroot 20190224
Yandex 20190222
Zillya 20190222
ZoneAlarm by Check Point 20190224
Zoner 20190224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997, 1998

Product PocketMirror
Original name VDMDBG
Internal name VDMDBG
File version 6.1.
Description ABMIRROR DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-24 13:00:18
Entry Point 0x00003EB2
Number of sections 4
PE sections
PE imports
IsValidAcl
ImpersonateSelf
GetSecurityDescriptorLength
LookupAccountNameW
CertFindCertificateInStore
RestoreDC
GetMapMode
GetWorldTransform
EndDoc
GetStretchBltMode
GetBkColor
DeleteMetaFile
GetLastError
FreeConsole
ApplicationRecoveryInProgress
lstrcmpiA
GetConsoleCursorInfo
GetDriveTypeA
VirtualProtect
GetModuleFileNameA
LocalAlloc
GetPrivateProfileIntA
GetOverlappedResult
GetModuleHandleA
FindNextFileW
IsProcessorFeaturePresent
GetThreadTimes
IsValidLocale
FindFirstFileExW
GetModuleHandleW
GetBinaryTypeA
GetOEMCP
FindResourceW
GetConsoleWindow
VirtualQueryEx
GetFileAttributesExA
SleepEx
VarTokenizeFormatString
GetRecordInfoFromGuids
GetUserNameExA
EnumWindows
ModifyMenuA
LoadCursorA
IsWindowUnicode
FindWindowW
DdeKeepStringHandle
GetClassWord
GetMessageExtraInfo
UnpackDDElParam
GetMenuCheckMarkDimensions
InsertMenuW
LogicalToPhysicalPoint
GetWindowTextA
GetLastInputInfo
GetSysColor
LockSetForegroundWindow
DeleteMenu
InternetInitializeAutoProxyDll
FindNextUrlCacheEntryExA
GetPrinterDriverW
fputc
toupper
GetRunningObjectTable
OleCreateStaticFromData
CreateGenericComposite
Number of PE resources by type
RT_STRING 14
RT_DIALOG 7
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ABMIRROR DLL

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
184320

EntryPoint
0x3eb2

OriginalFileName
VDMDBG

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997, 1998

FileVersion
6.1.

TimeStamp
2019:02:24 14:00:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VDMDBG

ProductVersion
6.1.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Chapura, Inc.

CodeSize
28672

ProductName
PocketMirror

ProductVersionNumber
2.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1aad82c689f72ceaa3544276092bda72
SHA1 c4c212779684e2b0697cd9afcc89188997b025f0
SHA256 51f49d3aed2e6379d01b1e3c8b3c2b31928761f5c15089d3137e85a80cc128c7
ssdeep
6144:vYzrRbiuPizhwmAe6IcHhAv8homjnbDbjp:vYnChx68lmjb

authentihash c4b5969b87dfcf18ed011add4312f30d35e31022b56d8fe59f4f51e5294ea76f
imphash f8808dea9b17d3a66c4c501de4d9e95d
Bestandsgrootte 204.0 KB ( 208896 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-24 13:07:33 UTC (2 maanden, 4 weken geleden)
Last submission 2019-02-26 03:34:48 UTC (2 maanden, 3 weken geleden)
Bestandsnamen emotet_e1_51f49d3aed2e6379d01b1e3c8b3c2b31928761f5c15089d3137e85a80cc128c7_2019-02-24__131001.exe_
VDMDBG
aw2Qsb6A0FDwbj0J.exe
Advanced heuristic and reputation engines
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!