Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-Jun-17 17:53:43 |
Detected languages |
Process Default Language
|
Debug artifacts |
O7hSBMeQeIfm.pdb
|
Malicious | VirusTotal score: 63/73 (Scanned on 2019-12-31 13:36:24) |
MicroWorld-eScan:
Trojan.GenericKD.30968176
CAT-QuickHeal: Trojan.Emotet.X4 Qihoo-360: HEUR/QVM20.1.D02D.Malware.Gen ALYac: Trojan.Agent.Emotet Cylance: Unsafe VIPRE: Trojan.Win32.Generic!BT SUPERAntiSpyware: Trojan.Agent/Gen-Downloader Sangfor: Malware K7AntiVirus: Trojan ( 00549d461 ) Alibaba: Trojan:Win32/Emotet.12c885b0 K7GW: Trojan ( 00549d461 ) Cybereason: malicious.b20375 Arcabit: Trojan.Generic.D1D88970 Invincea: heuristic BitDefenderTheta: Gen:NN.ZexaF.33558.huW@aiAQaZbG Cyren: W32/Emotet.BZ.gen!Eldorado Symantec: Trojan.Gen.2 APEX: Malicious Avast: Win32:MalwareX-gen [Trj] ClamAV: Win.Trojan.Emotet-6748801-0 Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Trojan.GenericKD.30968176 NANO-Antivirus: Trojan.Win32.Dovs.feeoxy Paloalto: generic.ml ViRobot: Trojan.Win32.S.Agent.122880.FIX Ad-Aware: Trojan.GenericKD.30968176 Emsisoft: Trojan.Emotet (A) Comodo: Malware@#pm19w81jd8fi F-Secure: Trojan.TR/AD.Emotet.T DrWeb: Trojan.Emotet.240 Zillya: Trojan.Dovs.Win32.5239 TrendMicro: TSPY_EMOTET.NSFACAH McAfee-GW-Edition: BehavesLike.Win32.Ransomware.ch Fortinet: W32/Kryptik.GIII!tr FireEye: Generic.mg.ba963c5b203753f9 Sophos: Troj/Emotet-QO Ikarus: Trojan-Banker.Emotet F-Prot: W32/Emotet.BZ.gen!Eldorado Jiangmin: Trojan.Dovs.fda Webroot: W32.Trojan.Emotet Avira: TR/AD.Emotet.T MAX: malware (ai score=99) Antiy-AVL: Trojan/Win32.Dovs Endgame: malicious (high confidence) Microsoft: Trojan:Win32/Emotet.AD!ibt AegisLab: Trojan.Win32.Generic.4!c ZoneAlarm: HEUR:Trojan.Win32.Generic AhnLab-V3: Win-Trojan/Emotet.Gen Acronis: suspicious McAfee: GenericRXFV-FF!BA963C5B2037 TACHYON: Trojan/W32.Emotet.122880 VBA32: BScope.Trojan.EmotetENT Malwarebytes: Trojan.Downloader ESET-NOD32: a variant of Win32/Kryptik.GHSP TrendMicro-HouseCall: TSPY_EMOTET.NSFACAH Rising: Trojan.Dovs!8.EB4C (TFE:5:5H4my05aBMQ) Yandex: Trojan.Dovs! SentinelOne: DFI - Malicious PE eGambit: Unsafe.AI_Score_98% GData: Win32.Trojan-Spy.Emotet.RI AVG: Win32:MalwareX-gen [Trj] Panda: Trj/Genetic.gen CrowdStrike: win/malicious_confidence_90% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xc0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2014-Jun-17 17:53:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x6000 |
SizeOfInitializedData | 0 |
SizeOfUninitializedData | 0xd000 |
AddressOfEntryPoint | 0x000016C3 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1f000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WinSCard.dll |
SCardGetCardTypeProviderNameW
|
---|---|
SHLWAPI.dll |
PathGetDriveNumberA
|
RPCRT4.dll |
NdrClientInitializeNew
|
USER32.dll |
GetClipboardViewer
IsWindowUnicode GetDoubleClickTime IsWindowVisible SetClipboardViewer GetMessageTime |
ADVAPI32.dll |
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA GetEventLogInformation GetNumberOfEventLogRecords GetServiceKeyNameW |
KERNEL32.dll |
GetProcessIoCounters
GetFileSize CloseHandle GetNumberOfConsoleInputEvents _lclose SetConsoleDisplayMode GetLastError ApplicationRecoveryFinished GetCurrentProcess GetSystemTimeAsFileTime |
GDI32.dll |
GetPaletteEntries
GetRasterizerCaps |
Are you sure you want to delete the '%s' toolbar? |
All Commands |
This will delete the record of the commands you've used in this application and restore the default set of visible commands to the menus and toolbars. It will not undo any explicit customizations. Are you sure you want to do this? |
This is not a valid number. |
The number must be between 1 and 1638. |
Are you sure you want to reset the changes made to the '%s' toolbar? |
Built-in Menus |
Are you sure you want to reset the key assignments? This action will remove all custom key assignments at the text level. |
This shortcut is currently assigned. |
Do you want to re-assign this shortcut? |
Due to a software update the toolbar '%s' has changed. Would you like to reset your customized toolbar and load the new one? |
All Picture Files|*.bmp;*.wmf;*.emf;*.ico;*.dib;*.png;*.cur;*.gif;*.jpg|Bitmaps (*.bmp;*.dib;*.png;*.gif;*.jpg)|*.bmp;*.dib;*.png;*.gif;*.jpg|Metafiles (*.wmf;*.emf)|*.wmf;*.emf|Icons (*.ico;*.cur)|*.ico;*.cur|All Files (*.*)|*.*|| |
(System default) |
Random |
Unfold |
Slide |
Fade |
Set active window |
Select file full path |
File not found, try sel |
ct another file or try again later. Error window does not exist.Not data to stream$Error creating win |
ow device contextError creating window class+Cannot focus a disabled or invisible window!Control '% |
' has no parent windowCannot hide an MDI Child Form)Cannot change Visible in OnShow or OnHide"Cannot make a visibl |
window modalMenu index out of rangeMenu inserted twiceSub-menu is not in menuNot enough timers a |
ailable Can notdo write to %sInvalid stream format$''%s'' is not a valid component fileError prop |
rty fileError property valueInvalid data type for '%s' File capacity out of bounds (%d)File coun |
out of bounds (%d)List index out of bounds (%d)+Out of memory while expanding memory streamError reading %s%s%s: |
sStream read errorProperty is read- |
nlyFailed to get data for '%s'Failed to set data for '%s'Resource %s not found |
Can notdo write to %s |
Invalid stream format |
''%s'' is not a valid component file |
Error property file |
Error property value |
Invalid data type for '%s' |
File capacity out of bounds (%d) |
File count out of bounds (%d) |
List index out of bounds (%d) |
Out of memory while expanding memory stream |
Error reading %s%s%s: %s |
Stream read error |
Property is read-only |
Failed to get data for '%s' |
Failed to set data for '%s' |
Resource %s not found |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jun-13 15:41:17 |
Version | 0.0 |
SizeofData | 40 |
AddressOfRawData | 0x6e28 |
PointerToRawData | 0x6e28 |
Referenced File | O7hSBMeQeIfm.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jun-13 15:41:17 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x6ea4 |
PointerToRawData | 0x6ea4 |