× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: c1969d179c61141f8e42bb37d20a278c06060d4f7ece648385d681d95757c6d0
Bestandsnaam: cffa5435c773932a8ef271a762ce7cfb.vir
Detectieverhouding: 55 / 68
Datum van analyse: 2018-07-23 08:53:32 UTC (3 weken, 6 dagen geleden)
Virusscanner Resultaat Versie
Ad-Aware Trojan.GenericKD.12461206 20180723
AegisLab Ml.Attribute.Gen!c 20180723
AhnLab-V3 Win-Trojan/Emotet2.Exp 20180723
ALYac Trojan.Agent.Emotet 20180723
Antiy-AVL Trojan/Win32.Dovs 20180723
Arcabit Trojan.Generic.DBE2496 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) HEUR/AGEN.1021256 20180723
AVware Trojan.Win32.Generic!BT 20180723
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180723
BitDefender Trojan.GenericKD.12461206 20180723
CAT-QuickHeal Udsdangerousobject.Multi 20180723
ClamAV Win.Trojan.Emotet-6342268-0 20180723
CMC Trojan.Win32.Dovs!O 20180723
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.5c7739 20180225
Cylance Unsafe 20180723
Cyren W32/Trojan.KVNX-3995 20180723
Emsisoft Trojan.GenericKD.12461206 (B) 20180723
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Emotet.AW 20180723
F-Secure Trojan.GenericKD.12461206 20180723
Fortinet W32/Emotet.AW!tr 20180723
GData Win32.Trojan-Spy.Emotet.DI 20180723
Ikarus Trojan.Win32.Krypt 20180723
Sophos ML heuristic 20180717
Jiangmin Trojan.Dovs.bp 20180723
K7AntiVirus Trojan ( 00518c2e1 ) 20180723
K7GW Trojan ( 00518c2e1 ) 20180723
Kaspersky HEUR:Trojan.Win32.Generic 20180723
Malwarebytes Trojan.Banker 20180723
MAX malware (ai score=100) 20180723
McAfee Emotet-FCJ!CFFA5435C773 20180723
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180723
Microsoft Trojan:Win32/Emotet.O!bit 20180723
eScan Trojan.GenericKD.12461206 20180723
NANO-Antivirus Trojan.Win32.Dovs.etldql 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/Genetic.gen 20180722
Qihoo-360 HEUR/QVM20.1.851F.Malware.Gen 20180723
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180723
Symantec Trojan.Emotet 20180723
TACHYON Trojan/W32.Dovs.102400.B 20180723
Tencent Win32.Trojan.Dovs.Tete 20180723
TrendMicro TSPY_EMOTET.SMD10 20180723
TrendMicro-HouseCall TSPY_EMOTET.SMD10 20180723
VBA32 BScope.Trojan.Emotet 20180720
VIPRE Trojan.Win32.Generic!BT 20180723
ViRobot Trojan.Win32.S.Agent.102400.CMS 20180723
Webroot W32.Trojan.Emotet 20180723
Yandex Trojan.Dovs! 20180720
Zillya Trojan.Dovs.Win32.397 20180720
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
Bkav 20180719
Comodo 20180723
DrWeb 20180723
eGambit 20180723
F-Prot 20180723
Kingsoft 20180723
Rising 20180723
SUPERAntiSpyware 20180722
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-06 21:11:22
Entry Point 0x00001920
Number of sections 3
PE sections
PE imports
OpenSCManagerW
PageSetupDlgW
ImmGetCompositionFontA
InterlockedExchange
ConvertFiberToThread
EndUpdateResourceA
LoadModule
LocalAlloc
GetLastError
GetConsoleCP
FreeLibrary
DeleteTimerQueueEx
LocalFree
TlsAlloc
GetSystemDirectoryA
LoadLibraryA
FlushViewOfFile
GetProcAddress
RaiseException
VarI4FromBool
VarI4FromR4
SetupOpenMasterInf
SetupCloseInfFile
SHGetFileInfoA
memset
PdhGetRawCounterValue
HlinkNavigateMoniker
GetComponentIDFromCLSSPEC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:06 22:11:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.23

EntryPoint
0x1920

InitializedDataSize
86016

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cffa5435c773932a8ef271a762ce7cfb
SHA1 33adb7ab01e0907cec09d226e038f0df8311821b
SHA256 c1969d179c61141f8e42bb37d20a278c06060d4f7ece648385d681d95757c6d0
ssdeep
1536:vci60p37jevgz7AYvHnwIi2FzOFVFKXgGq16bc4YlbQR5:Ui6s37jeoz7A+Hw7Wq4Xg+4tbQR

authentihash 03f1c314df59be5d9b31e23f0f6b40f39c53fe872c89433b7689e5352d851d92
imphash e90254a67d588a81d8387d9d39f8cd19
Bestandsgrootte 100.0 KB ( 102400 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-06 22:16:47 UTC (10 maanden, 2 weken geleden)
Last submission 2018-07-23 08:53:32 UTC (3 weken, 6 dagen geleden)
Bestandsnamen xJuYTQGilRYhNIh.exe
output.112317950.txt
YANE.exe
cffa5435c773932a8ef271a762ce7cfb.vir
29944280.exe
yUI.exe
output.112320631.txt
19196288.exe
CYWLSiihXT.exe
cffa5435c773932a8ef271a762ce7cfb.vir
VirusShare_cffa5435c773932a8ef271a762ce7cfb
defragcrypt.exe
jW8ZLtojUa9PPaeZjmW.exe
RaZICnxFuZjw.exe
FO.exe
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications