× Cookies sú vypnuté! Aby táto stránka vyžaduje mať zapnuté cookies aby fungovala správne.
SHA256: 984ea2138f303b0991837927e48192f54765e7609c7d678e17369eeeaf2639e3
Názov súboru: emotet_e1_984ea2138f303b0991837927e48192f54765e7609c7d678e17369ee...
Pomer detekcie: 25 / 65
Dátum analýzy: 2019-03-08 21:40:10 UTC ( pred 2 mesiace, 2 týždne )
Antivírus Výsledok Aktualizovať
Acronis suspicious 20190222
Ad-Aware Trojan.Agent.DRAR 20190308
AegisLab Hacktool.Win32.Krap.lKMc 20190308
Avast Win32:BankerX-gen [Trj] 20190308
AVG Win32:BankerX-gen [Trj] 20190308
BitDefender Trojan.Agent.DRAR 20190308
ClamAV Win.Malware.Score-6881439-0 20190308
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
eGambit Unsafe.AI_Score_71% 20190308
Emsisoft Trojan.Agent.DRAR (B) 20190308
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.AZX 20190308
GData Trojan.Agent.DRAR 20190308
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190308
MAX malware (ai score=86) 20190308
Microsoft Trojan:Win32/Fuery.C!cl 20190307
eScan Trojan.Agent.DRAR 20190308
Palo Alto Networks (Known Signatures) generic.ml 20190308
Qihoo-360 HEUR/QVM20.1.B6C1.Malware.Gen 20190308
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazqGojyJctkVTIM19N/SPRnM) 20190308
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.high.ml.score 20190301
VBA32 BScope.Malware-Cryptor.Emotet 20190307
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190308
AhnLab-V3 20190308
Alibaba 20190306
ALYac 20190308
Antiy-AVL 20190308
Arcabit 20190308
Avast-Mobile 20190308
Avira (no cloud) 20190308
Babable 20180918
Baidu 20190306
Bkav 20190308
CAT-QuickHeal 20190308
CMC 20190308
Comodo 20190308
Cybereason 20190109
Cyren 20190308
DrWeb 20190308
F-Prot 20190308
F-Secure 20190308
Fortinet 20190308
Ikarus 20190308
Jiangmin 20190308
K7AntiVirus 20190308
K7GW 20190308
Kingsoft 20190308
Malwarebytes 20190308
McAfee 20190308
McAfee-GW-Edition 20190308
NANO-Antivirus 20190308
Panda 20190308
Sophos AV 20190308
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190308
TheHacker 20190308
TotalDefense 20190308
TrendMicro-HouseCall 20190308
Trustlook 20190308
ViRobot 20190308
Yandex 20190308
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Comments @CompanyName
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:40 PM 3/8/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-08 17:43:56
Entry Point 0x00026D40
Number of sections 4
PE sections
Overlays
MD5 2f860bdd45eef9b4bc41c27ab95c3aac
File type data
Offset 286208
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
GdiIsPlayMetafileDC
PlayEnhMetaFileRecord
EngFindResource
CreateHalftonePalette
GdiSetLastError
GdiDeleteSpoolFileHandle
GdiGetSpoolMessage
GetDeviceGammaRamp
GetMetaFileBitsEx
GetTextAlign
GetWorldTransform
EngQueryLocalTime
GetCharWidthI
XFORMOBJ_iGetXform
CreateMetaFileW
CreateEnhMetaFileW
GetTransform
GdiGetPageCount
GetDCOrgEx
SetBoundsRect
StretchDIBits
GetBkColor
DeleteObject
GetCharWidth32W
GetGlyphIndicesW
CreateSolidBrush
GetKerningPairsA
GetKerningPairs
AbortDoc
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetCommandLineW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleCursorInfo
OpenFileMappingA
_llseek
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
InitAtomTable
LoadResource
TlsGetValue
QueryDosDeviceW
OutputDebugStringA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
FlushViewOfFile
FillConsoleOutputCharacterW
QueryPerformanceFrequency
FatalAppExitW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
SetCalendarInfoA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
lstrcpyW
ExpandEnvironmentStringsW
CreateTimerQueueTimer
WriteProfileSectionA
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
GetModuleFileNameA
GetEnvironmentStrings
CompareFileTime
LockResource
lstrlenW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
CloseHandle
GetVersion
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
DrawTextW
SetRectEmpty
EnableScrollBar
CopyRect
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
DispatchMessageA
EndPaint
SetDlgItemInt
IntersectRect
PeekMessageA
DrawIcon
GetMessageTime
SetActiveWindow
GetDC
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
TranslateMessage
CharUpperW
UnregisterClassW
GetClassInfoW
GetMenuItemInfoW
DefWindowProcW
GetDlgItemTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
ClientToScreen
GetTopWindow
GetWindowTextW
SetDlgItemTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
GetActiveWindow
CopyImage
PtInRect
GetMessageA
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
MapVirtualKeyExW
GetMessageW
ShowWindow
GetQueueStatus
DrawFrameControl
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
DefMDIChildProcW
GetCursorPos
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
SetParent
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetDlgItemInt
SetClipboardData
ToUnicodeEx
GetIconInfo
GetMenuItemRect
RegisterClassW
ScrollWindow
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
WindowFromPoint
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
GetSubMenu
SetTimer
GetKeyboardLayout
FillRect
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
OpenClipboard
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
DrawEdge
SetCapture
BeginPaint
OffsetRect
SetFocus
GetScrollPos
CopyIcon
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
LoadBitmapW
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetMenuDefaultItem
PostMessageA
ReleaseCapture
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
GetKeyNameTextW
GetScrollInfo
WaitMessage
SetWindowTextA
ShowCaret
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
SendInput
ScreenToClient
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
CheckDlgButton
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
NotifyWinEvent
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
EndDialog
ModifyMenuW
HideCaret
FindWindowW
GetCapture
CreatePopupMenu
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
SendMessageW
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
wsprintfW
DefFrameProcW
IsWindowVisible
WinHelpW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
DestroyWindow
TranslateMDISysAccel
GetClientRect
ValidateRect
IsRectEmpty
IsMenu
GetFocus
BeginDeferWindowPos
EnableWindow
CloseClipboard
CheckMenuItem
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_BITMAP 11
RT_VERSION 8
RT_RCDATA 7
RT_ICON 6
MAD 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 9
PORTUGUESE 1
GERMAN 1
ENGLISH UK 1
PORTUGUESE BRAZILIAN 1
FRENCH 1
SPANISH 1
SPANISH MEXICAN 1
PE resources
ExifTool file metadata
CharacterSet
Unicode

UninitializedDataSize
0

Tag01000340
D

Comments
@CompanyName

InitializedDataSize
127488

ImageVersion
0.0

FileVersionNumber
14.0.1000.340

LanguageCode
German

FileFlagsMask
0x0017

EUpBrowserCleaner
<FileVersion

EUpUtilities2014
@ProductVersion

LinkerVersion
9.0

FileOS
Windows NT 32-bit

EntryPoint
0x26d40

EUpSoftware
VFileDescription

MIMEType
application/octet-stream

TimeStamp
2019:03:08 18:43:56+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

EUpUtilities
LProductName

Subsystem
Windows GUI

YrightAVGNetherlandsBV2011
LLegalTrademarks

MachineType
Intel 386 or later, and compatibles

CodeSize
157696

FileSubtype
0

ProductVersionNumber
14.0.1000.340

FileTypeExtension
exe

ObjectFileType
Unknown

ImageFileCharacteristics
No relocs, Executable, 32-bit

File identification
MD5 1f07a4a5367ac4c14a015730a81b2be6
SHA1 8403b881154abf5e54cec032f682157736d614cd
SHA256 984ea2138f303b0991837927e48192f54765e7609c7d678e17369eeeaf2639e3
ssdeep
3072:v9Nb2lLlUiyeg/MbyqggcqaNv3+UrfllhM+8P3pjC4QFSEgd5WD1k4sqYa7m7/Kg:v9wDUi91ggOV31TtM+8CV1k5a7pfLU

authentihash 8b0c0ce8d3efde07f2a853dcf4d48c3a736395869786099656139f215cbac045
imphash e64956ece28bf048b41195030485b50d
Veľkosť súboru 282.8 KB ( 289544 bytes )
Typ súboru Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-08 20:53:53 UTC ( pred 2 mesiace, 2 týždne )
Last submission 2019-03-08 21:40:10 UTC ( pred 2 mesiace, 2 týždne )
Názov súborov: emotet_e1_984ea2138f303b0991837927e48192f54765e7609c7d678e17369eeeaf2639e3_2019-03-08__205503.exe_
Žiadne komentáre. Žiaden člen VirusTotal komunity sa ešte nevyjadril. Buď prvý, kto sa vyjadrí!

Zanechať komentár...

?
Pridať komentár

Nie ste prihlásený. Iba registrovaný užívatelia môžu písať komentáre, príhlásiť sa a niečo zmeniť!

Žiadne hlasy. Nikto ešte nehlasoval. Buďte prvý kto tak urobí!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections