× Cookies đã bị vô hiệu! Trang này yêu cầu kích hoạt cookies để có thể làm việc bình thường
SHA256: 183daa79b73bf5a07410ba48a412dec71b8b1d7cdc01a691650d11b74ff1f9f9
Tên tập tin: 183daa79b73bf5a07410ba48a412dec71b8b1d7cdc01a691650d11b74ff1f9f9
Tỷ lệ phát hiện: 39 / 65
Ngày phân tích: 2019-03-15 17:39:37 UTC ( 2 tháng, 1 tuần trước )
Chương trình Kết quả Cập nhật
Acronis suspicious 20190313
Ad-Aware Gen:Variant.Razy.476340 20190315
AegisLab Trojan.Win32.Emotet.4!c 20190315
ALYac Gen:Variant.Razy.476340 20190315
Arcabit Trojan.Razy.D744B4 20190315
Avast Win32:BankerX-gen [Trj] 20190315
AVG Win32:BankerX-gen [Trj] 20190315
Avira (no cloud) TR/Crypt.Agent.kjxbp 20190315
BitDefender Gen:Variant.Razy.476340 20190315
Comodo Malware@#39f7sg0xjl86b 20190315
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.4fd2a6 20190109
DrWeb Trojan.DownLoader27.33753 20190315
Emsisoft Gen:Variant.Razy.476340 (B) 20190315
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.CBF 20190315
F-Secure Trojan.TR/Crypt.Agent.kjxbp 20190315
Fortinet W32/Kryptik.CBF!tr 20190315
GData Gen:Variant.Razy.476340 20190315
Ikarus Trojan-Banker.Emotet 20190315
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 005020241 ) 20190315
K7GW Trojan ( 005020241 ) 20190315
Kaspersky Trojan-Banker.Win32.Emotet.cntx 20190315
MAX malware (ai score=85) 20190315
McAfee Emotet-FMI!B21BEB14FD2A 20190315
McAfee-GW-Edition Artemis!Trojan 20190315
Microsoft Trojan:Win32/Emotet.AC!bit 20190315
eScan Gen:Variant.Razy.476340 20190315
NANO-Antivirus Trojan.Win32.Kryptik.foagdg 20190315
Palo Alto Networks (Known Signatures) generic.ml 20190315
Panda Trj/GdSda.A 20190315
Rising Trojan.Kryptik!8.8 (CLOUD) 20190315
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Mal/Emotet-Q 20190315
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMAL08 20190315
VBA32 BScope.Malware-Cryptor.Emotet 20190315
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.cntx 20190315
AhnLab-V3 20190315
Alibaba 20190306
Antiy-AVL 20190315
Avast-Mobile 20190315
Babable 20180918
Baidu 20190306
Bkav 20190314
CAT-QuickHeal 20190315
ClamAV 20190315
CMC 20190315
Cyren 20190315
eGambit 20190315
Jiangmin 20190315
Kingsoft 20190315
Malwarebytes 20190315
Qihoo-360 20190315
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190315
Tencent 20190315
TheHacker 20190315
TotalDefense 20190315
Trustlook 20190315
ViRobot 20190315
Yandex 20190315
Zillya 20190315
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product HTML Help
Original name HH.exe
Internal name HH 1.41
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft® HTML Help Executable
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:39 PM 3/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-14 15:38:54
Entry Point 0x00001A70
Number of sections 4
PE sections
Overlays
MD5 5e751bfde5ec03290a36e981c9e7f268
File type data
Offset 183296
Size 3336
Entropy 7.34
PE imports
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
OutputDebugStringW
GlobalCompact
GetStringTypeExW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetProfileStringW
GlobalReAlloc
FindNextFileW
ResetEvent
lstrcmpW
FindFirstFileExW
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
OpenEventW
CreateProcessW
VirtualAlloc
GetOEMCP
SHCreateDirectoryExA
SHGetPathFromIDListW
StrCmpNIA
SendDlgItemMessageA
CharNextExA
DdeCreateStringHandleA
MessageBoxW
EnableMenuItem
DispatchMessageA
FlashWindow
TranslateAccelerator
CreateIconFromResource
PeekMessageA
CreateDialogParamA
GetTopWindow
GetMessageTime
InvalidateRgn
GetSystemMenu
GetDCEx
DestroyWindow
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
MUI 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
59904

ImageVersion
0.0

ProductName
HTML Help

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
HH.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:14 16:38:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HH 1.41

ProductVersion
6.1.7600.16385

FileDescription
Microsoft HTML Help Executable

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
122368

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1a70

ObjectFileType
Executable application

File identification
MD5 b21beb14fd2a60bdf858c7f87a5729cf
SHA1 9fcf70b3a87949792c1db75283f79a66046248d6
SHA256 183daa79b73bf5a07410ba48a412dec71b8b1d7cdc01a691650d11b74ff1f9f9
ssdeep
3072:iImQgNtmlphxLDTMcbHjqgm3BS8DVMkyXBe1nWUyz:iImQg/gp3TPDrm3Bp8Re18

authentihash 2d2fd755e9c0f014e766305500ccc1468884698f3ed1db674b3a777b91115a3e
imphash 0c471beabe9d998491c5bc408d64e393
File size 182.3 KB ( 186632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-14 15:46:50 UTC ( 2 tháng, 1 tuần trước )
Last submission 2019-03-14 15:46:50 UTC ( 2 tháng, 1 tuần trước )
Tên tập tin HH.exe
HH 1.41
Chưa có ý kiến nào. Chưa có thành viên nào trong Cộng đồng VirusTotal bình luận về đối tượng này, hãy trở thành người đầu tiên đưa ra ý kiến!

Đưa ra ý kiến của bạn...

?
Gửi ý kiến

Bạn chưa đăng nhập.Chỉ có người dùng đã đăng ký mới có thể viết ý kiến, hãy đăng nhập và bắt đầu!

Chưa có đánh giá. Chưa có thành viên nào đánh giá về đối tượng này, hãy trở thành người đầu tiên đánh giá nó!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs