× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: faf046e5b8416cb21e819e6065b3673a5a53932771ab64d74213ccb373ac5c4e
File name: faf046e5b8416cb21e819e6065b3673a5a53932771ab64d74213ccb373ac5c4e.exe
Detection ratio: 54 / 68
Analysis date: 2018-01-09 00:52:59 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Emotet.Gen.1 20180108
AegisLab Gen.Variant.Troj!c 20180108
AhnLab-V3 Trojan/Win32.Zbot.R207176 20180108
ALYac Trojan.Agent.Emotet 20180108
Antiy-AVL Trojan/Win32.TSGeneric 20180109
Arcabit Trojan.Emotet.Gen.1 20180109
Avast Win32:Malware-gen 20180109
AVG Win32:Malware-gen 20180109
Avira (no cloud) TR/Crypt.Xpack.hdfma 20180108
AVware Trojan.Win32.Generic!BT 20180103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180108
BitDefender Trojan.Emotet.Gen.1 20180108
CAT-QuickHeal Trojan.Mauvaise.SL1 20180108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180109
Cyren W32/S-0719c323!Eldorado 20180108
DrWeb Trojan.DownLoader25.22528 20180108
Emsisoft Trojan.Emotet.Gen.1 (B) 20180108
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.FVPA 20180108
F-Prot W32/S-0719c323!Eldorado 20180108
F-Secure Trojan.Emotet.Gen.1 20180108
Fortinet W32/Kryptik.FVON!tr 20180108
GData Trojan.Emotet.Gen.1 20180108
Ikarus Trojan.Win32.Crypt 20180108
Sophos ML heuristic 20170914
Jiangmin Trojan.Dovs.w 20180108
K7AntiVirus Trojan ( 005149251 ) 20180108
K7GW Trojan ( 005149251 ) 20180109
Kaspersky HEUR:Trojan.Win32.Generic 20180108
Malwarebytes Spyware.PasswordStealer 20180108
MAX malware (ai score=100) 20180108
McAfee Trojan-FMGH!062E3892E479 20180108
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20180108
Microsoft Trojan:Win32/Emotet.O!bit 20180108
eScan Trojan.Emotet.Gen.1 20180108
NANO-Antivirus Trojan.Win32.Kryptik.eryszi 20180108
Palo Alto Networks (Known Signatures) generic.ml 20180109
Panda Trj/Emotet.A 20180108
Qihoo-360 Win32/Trojan.7b2 20180109
Rising Trojan.Kryptik!8.8 (TFE:5:hVsCV8OsoSO) 20180106
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Troj/Emotet-EB 20180108
SUPERAntiSpyware Trojan.Agent/Gen-Emotet 20180108
Symantec Trojan.Emotet 20180108
Tencent Win32.Trojan.Generic.Dbi 20180109
TrendMicro TSPY_EMOTET.SMD3 20180108
TrendMicro-HouseCall TSPY_EMOTET.SMD3 20180109
VBA32 Trojan.Dovs 20180108
VIPRE Trojan.Win32.Generic!BT 20180109
Webroot W32.Trojan.Gen 20180109
Yandex Trojan.Dovs! 20171229
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180109
Alibaba 20180108
Avast-Mobile 20180108
Bkav 20180106
ClamAV 20180108
CMC 20180108
Comodo 20180108
eGambit 20180109
Kingsoft 20180109
nProtect 20180108
TheHacker 20180108
TotalDefense 20180108
Trustlook 20180109
ViRobot 20180108
WhiteArmor 20171226
Zillya 20180108
Zoner 20180108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-16 20:56:18
Entry Point 0x00001E99
Number of sections 5
PE sections
PE imports
GetMapMode
StretchBlt
GetGraphicsMode
LocalCompact
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
lstrlenA
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
SetConsoleCtrlHandler
HeapDestroy
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameA
RtlUnwind
GetACP
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
LocalAlloc
SetHandleCount
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetUserDefaultLCID
AddAtomW
EncodePointer
GetStartupInfoW
LeaveCriticalSection
GetCPInfo
GetModuleFileNameW
TlsFree
LocalFlags
LocalFree
GetSystemTimeAsFileTime
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
IsProcessorFeaturePresent
IsValidLocale
ExitThread
HeapReAlloc
GetStringTypeW
GetProcAddress
FreeLibrary
GetSystemTimeAdjustment
TerminateProcess
InterlockedDecrement
IsValidCodePage
HeapCreate
FatalAppExitA
FindAtomA
DeleteCriticalSection
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
SetLastError
InterlockedIncrement
UpdateWindow
GetMessageExtraInfo
GetMonitorInfoA
ShowWindow
GetDC
WindowFromDC
Number of PE resources by type
RT_ICON 8
RT_BITMAP 3
CYTH 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 13
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:16 21:56:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74240

LinkerVersion
10.0

EntryPoint
0x1e99

InitializedDataSize
148992

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 062e3892e4799d99973b086810d45745
SHA1 b345a3adea2f2efd380e095e0ec4e0afcbf8c0ee
SHA256 faf046e5b8416cb21e819e6065b3673a5a53932771ab64d74213ccb373ac5c4e
ssdeep
6144:WEmG+Zyz3z0eNgRrJXvgYt/PtozPtoiPtnE:WLG4yz3QIXE

authentihash 297a5d38069125070d0beb5df46521c5541ba610674721fd33cb8b13e7f7fa51
imphash 4b6ee8d7c9e29ba91f77cc02fba0e195
File size 204.5 KB ( 209408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-17 11:53:06 UTC ( 6 months ago )
Last submission 2018-01-09 00:52:59 UTC ( 1 month, 1 week ago )
File names MIb.exe
faf046e5b8416cb21e819e6065b3673a5a53932771ab64d74213ccb373ac5c4e.exe
26274264.exe
AcfX.exe
nscW.exe
13363672.exe
19524056.exe
27388360.exe
devicesearch.exe
24308168.exe
WGlRG.exe
27912648.exe
11004360.exe
24177096.exe
12970456.exe
12118640.exe
agentlookup.exe
25487816.exe
lpOY.exe
FFcaA.exe
18999768.exe
26601928.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications