Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jan-24 23:00:05 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. |
Unusual section name found: CONST
Unusual section name found: .crt2 |
Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
Malicious | VirusTotal score: 52/70 (Scanned on 2019-02-08 14:26:08) |
MicroWorld-eScan:
Trojan.GenericKD.40991140
CAT-QuickHeal: Trojan.Emotet.X4 ALYac: Trojan.Agent.Emotet Malwarebytes: Trojan.Emotet.Generic K7GW: Trojan ( 0053c4bc1 ) K7AntiVirus: Trojan ( 0053c4bc1 ) TrendMicro: TrojanSpy.Win32.EMOTET.THOBEAI Cyren: W32/Trojan.RAMG-2034 Symantec: Trojan.Emotet TrendMicro-HouseCall: TrojanSpy.Win32.EMOTET.THOBEAI Paloalto: generic.ml Kaspersky: Trojan-Banker.Win32.Emotet.cbst BitDefender: Trojan.GenericKD.40991140 NANO-Antivirus: Trojan.Win32.Emotet.fmlqbv Avast: Win32:Dropper-gen [Drp] Tencent: Win32.Trojan-banker.Emotet.Htlu Ad-Aware: Trojan.GenericKD.40991140 Emsisoft: Trojan.GenericKD.40991140 (B) Comodo: Malware@#19i56f1c0vy3y F-Secure: Trojan.TR/AD.Emotet.yhvhw DrWeb: Trojan.DownLoader27.26274 Zillya: Trojan.Emotet.Win32.12579 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Generic.dh Trapmine: malicious.high.ml.score Ikarus: Trojan-Banker.Emotet Webroot: W32.Trojan.Emotet Avira: TR/AD.Emotet.yhvhw Fortinet: W32/Emotet.BN!tr Antiy-AVL: Trojan[Banker]/Win32.Emotet Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D27179A4 ViRobot: Trojan.Win32.Z.Emotet.222208.C ZoneAlarm: Trojan-Banker.Win32.Emotet.cbst Microsoft: Trojan:Win32/Emotet.EF Sophos: Troj/Emotet-AWQ AhnLab-V3: Malware/Gen.Generic.C2971356 Acronis: suspicious McAfee: Emotet-FLT!9676B403AE91 MAX: malware (ai score=96) VBA32: BScope.Trojan.Refinka Cylance: Unsafe ESET-NOD32: Win32/Emotet.BN Rising: Trojan.Emotet!8.B95 (TFE:1:KvvtajH4ZtE) SentinelOne: static engine - malicious eGambit: Unsafe.AI_Score_99% GData: Trojan.GenericKD.40991140 AVG: Win32:Dropper-gen [Drp] Cybereason: malicious.3ae912 Panda: Trj/Genetic.gen CrowdStrike: malicious_confidence_100% (W) Qihoo-360: Win32/Trojan.Dropper.c9f |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2019-Jan-24 23:00:05 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_SYSTEM
|
Magic | PE32 |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x1a200 |
SizeOfInitializedData | 0x1e400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00013F6F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1c000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3c000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
Secur32.dll |
FreeCredentialsHandle
|
---|---|
ole32.dll |
CoUninitialize
CoInitialize CoCreateInstance CoInitializeEx |
SHELL32.dll |
ExtractAssociatedIconA
ExtractIconExA ExtractIconA |
msvcrt.dll |
ungetwc
towupper system mbtowc strcspn strncmp |
mscms.dll |
GetColorDirectoryW
GetColorProfileHeader GetColorProfileElement |
GDI32.dll |
StrokePath
GetPixel GetRasterizerCaps GetTextCharset DeleteColorSpace GetTextExtentExPointI CreateCompatibleBitmap GetPolyFillMode GetTextExtentExPointW GetCharWidthW ExtEscape GetLogColorSpaceA GetTextExtentPointA GetTextCharsetInfo GetRegionData GetFontData GdiSetBatchLimit GetCurrentPositionEx GetCharWidthFloatA GetBkColor GetClipBox GetLayout InvertRgn SetROP2 DescribePixelFormat |
WINSPOOL.DRV |
DeletePrinterDriverW
FindClosePrinterChangeNotification DeletePrinter |
OLEAUT32.dll |
#309
#162 #183 |
WININET.dll |
FindNextUrlCacheGroup
GetUrlCacheEntryInfoA DeleteUrlCacheEntryW FindFirstUrlCacheEntryW |
KERNEL32.dll |
IsThreadAFiber
LocaleNameToLCID GetPrivateProfileStringA GetUserDefaultLangID DefineDosDeviceW GetSystemWindowsDirectoryA GetSystemTimes CreateFileMappingW GlobalFindAtomA GetTimeFormatW GetModuleHandleW NotifyUILanguageChange TransmitCommChar GetConsoleMode GetSystemInfo LocalAlloc GlobalAddAtomW GetFileAttributesExW EnumResourceNamesW CreateThread FindActCtxSectionStringW FindAtomW WriteProfileSectionA GetProfileStringW EnumSystemGeoID lstrcpynA GetTempFileNameA GetAtomNameA VirtualFree lstrcpynW GetCurrentProcess WriteProfileStringW lstrcatW GetConsoleOutputCP FileTimeToDosDateTime GlobalHandle GetConsoleCursorInfo lstrcmpW MapViewOfFile DeviceIoControl GetSystemDirectoryA GetThreadSelectorEntry GetTempFileNameW GlobalFree GetTapeStatus GetDiskFreeSpaceExA MultiByteToWideChar GetPrivateProfileStructW GetCommTimeouts VirtualAlloc DeactivateActCtx GlobalGetAtomNameA GetProfileSectionA FindResourceExA GetStringTypeExW GetCurrentDirectoryA LoadLibraryExW GetPrivateProfileSectionNamesW EraseTape WriteProfileStringA FindVolumeClose FindNextFileA GetLocalTime GetCompressedFileSizeA GetShortPathNameA GetAtomNameW GlobalAddAtomA VirtualQuery GetSystemTime LocalFree UnmapViewOfFile GetConsoleDisplayMode EscapeCommFunction FindResourceA LoadLibraryW FormatMessageW FindFirstFileExW GetPrivateProfileSectionW |
ADVAPI32.dll |
LookupAccountNameA
IsTextUnicode QueryUsersOnEncryptedFile CryptDestroyKey DecryptFileW GetFileSecurityW GetCurrentHwProfileA LookupPrivilegeDisplayNameW StartServiceA GetTokenInformation EnumServicesStatusExW GetCurrentHwProfileW GetSecurityDescriptorControl GetSidSubAuthorityCount GetSidIdentifierAuthority AccessCheckAndAuditAlarmA InitiateSystemShutdownA GetServiceDisplayNameA GetPrivateObjectSecurity GetUserNameA LookupPrivilegeNameW |
SHLWAPI.dll |
PathMakeSystemFolderW
GetMenuPosFromID |
CLUSAPI.dll |
GetClusterFromResource
|
NETAPI32.dll |
NetLocalGroupDel
|
USER32.dll |
FillRect
SetThreadDesktop BringWindowToTop CreateIconIndirect UnhookWindowsHookEx EnableScrollBar DrawStateW OpenClipboard SetWindowPos MessageBeep GetKeyboardLayout PostQuitMessage DestroyCaret FindWindowExW GetClassInfoExA RegisterClassExW GetSystemMetrics GetScrollPos GetMenuStringW DrawFocusRect FlashWindow GetWindowRect GetWindowPlacement FindWindowW CreateDialogParamW PhysicalToLogicalPoint GetPriorityClipboardFormat CreateIconFromResource DrawTextW SendMessageW LoadMenuIndirectA SetCursor LoadKeyboardLayoutW EnableMenuItem GetWindowLongW LockWindowUpdate EnumWindows CharNextW SetForegroundWindow GetWindowRgn DefWindowProcW GetSysColorBrush IsIconic DestroyWindow LoadImageA EnumWindowStationsA GetMessageExtraInfo SetActiveWindow GetMenuState InsertMenuItemA InvalidateRect DialogBoxParamW PeekMessageW IsRectEmpty GetProcessDefaultLayout GetShellWindow DeleteMenu GetCursorInfo CloseDesktop GetUpdateRect SetScrollPos GetMessageA GetForegroundWindow DrawIcon GetWindowTextW CreateWindowExW GetMenuStringA LockWorkStation LockSetForegroundWindow GetSubMenu UpdateWindow GetRawInputDeviceInfoW LookupIconIdFromDirectoryEx CharUpperW DestroyMenu EnableWindow GetMenuCheckMarkDimensions GetClipboardViewer LoadIconW LoadAcceleratorsW FreeDDElParam GetScrollInfo DestroyCursor GetDlgItem RegisterWindowMessageW GetSystemMenu GetWindowLongA MoveWindow LoadCursorW |