× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 750c0f24ca1af67a235c9344c15ccdf8495bb5adf10b37fc084974bad9474e71
Dateiname: vHsZK.exe
Erkennungsrate: 13 / 64
Analyse-Datum: 2017-08-21 16:43:57 UTC ( vor 1 Jahr, 9 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170817
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170821
Endgame malicious (high confidence) 20170721
Sophos ML heuristic 20170818
Malwarebytes Trojan.FakeMS 20170821
McAfee Trojan-FNVF!206AF33D07CE 20170821
Palo Alto Networks (Known Signatures) generic.ml 20170821
Qihoo-360 HEUR/QVM20.1.5047.Malware.Gen 20170821
Rising Spyware.Ursnif!8.1DEF (tfe:2:Ew2uNpEU8xP) 20170821
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170821
Webroot Trojan.Emotet.Gen 20170821
Ad-Aware 20170821
AegisLab 20170821
AhnLab-V3 20170821
Alibaba 20170821
ALYac 20170821
Antiy-AVL 20170821
Arcabit 20170821
Avast 20170821
AVG 20170821
Avira (no cloud) 20170821
AVware 20170821
BitDefender 20170821
Bkav 20170821
CAT-QuickHeal 20170821
ClamAV 20170821
CMC 20170821
Comodo 20170821
Cyren 20170821
DrWeb 20170821
Emsisoft 20170821
ESET-NOD32 20170821
F-Prot 20170821
F-Secure 20170821
Fortinet 20170821
GData 20170821
Ikarus 20170821
Jiangmin 20170821
K7AntiVirus 20170821
K7GW 20170821
Kaspersky 20170821
Kingsoft 20170821
MAX 20170821
McAfee-GW-Edition 20170821
Microsoft 20170821
eScan 20170821
NANO-Antivirus 20170821
nProtect 20170821
Panda 20170821
Sophos AV 20170821
SUPERAntiSpyware 20170821
Symantec Mobile Insight 20170818
Tencent 20170821
TheHacker 20170821
TrendMicro 20170821
TrendMicro-HouseCall 20170821
Trustlook 20170821
VBA32 20170821
VIPRE 20170821
ViRobot 20170821
WhiteArmor 20170817
Yandex 20170818
Zillya 20170821
ZoneAlarm by Check Point 20170821
Zoner 20170821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name dpwsockx.dll
Internal name dpwsockx.dll
File version 5.03.2600.5512 (xpsp.080413-0845)
Description Internet TCP/IP and IPX Connection For DirectPlay
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-21 08:22:48
Entry Point 0x00001720
Number of sections 7
PE sections
PE imports
LookupAccountNameW
ImmDisableTextFrameService
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleA
lstrcmpA
GetVolumeInformationW
GetConsoleDisplayMode
FreeConsole
GetCommandLineA
GetModuleFileNameA
GetPrivateProfileIntW
GetBinaryTypeA
LZStart
SHGetFileInfoA
DeletePrintProcessorA
CoInitializeEx
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.3.2600.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Internet TCP/IP and IPX Connection For DirectPlay

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x1720

OriginalFileName
dpwsockx.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.03.2600.5512 (xpsp.080413-0845)

TimeStamp
2017:08:21 01:22:48-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
dpwsockx.dll

ProductVersion
5.03.2600.5512

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12288

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.3.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 206af33d07ce9176bc92c589de9dce7a
SHA1 f835df53800384f7d444336eafe37c88623113bd
SHA256 750c0f24ca1af67a235c9344c15ccdf8495bb5adf10b37fc084974bad9474e71
ssdeep
1536:jMRpIQdYrbMy7TDaBjObrJ5LfS/uGOv4NXlEHs:wRp0YfjObvLaGGoHs

authentihash c5b8f8ec28b64cb8e07f5865a2ea92459e14b0834dd4aa1427dc8c6856bc9dca
imphash b90924a0ba9dcee1bb0e029b4b9a56bb
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-21 16:27:32 UTC ( vor 1 Jahr, 9 Monate )
Last submission 2017-10-23 17:53:49 UTC ( vor 1 Jahr, 7 Monate )
Dateinamen 8Qg3B.exe
brr.exe
20376024.EXE
vswZj.exe
40626648.exe
vHsZK.exe
certstorage.exe
dpwsockx.dll
jba.exe
18672088.EXE
qQjP.exe
40495576.exe
14412248.exe
21031384.exe
34335192.exe
206af33d07ce9176bc92c589de9dce7a.exe
35514840.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!