× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: db7985d2eb8a59b7667b5b64e2163c3bf7a5df745829660e8ad60b46bf83e314
Dateiname: vti-rescan
Erkennungsrate: 22 / 54
Analyse-Datum: 2016-02-18 09:34:54 UTC ( vor 3 Jahre, 3 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Gen:Variant.Jaik.10503 20160218
AhnLab-V3 Trojan/Win32.Dridex 20160217
Avast Win32:Malware-gen 20160218
Avira (no cloud) TR/Crypt.Xpack.404101 20160218
BitDefender Gen:Variant.Jaik.10503 20160218
Emsisoft Gen:Variant.Jaik.10503 (B) 20160218
ESET-NOD32 Win32/Dridex.AA 20160218
F-Secure Gen:Variant.Jaik.10503 20160218
Fortinet PossibleThreat.P0 20160218
GData Gen:Variant.Jaik.10503 20160218
Ikarus Trojan.Win32.Dridex 20160218
Kaspersky Trojan.Win32.Yakes.pbew 20160218
Malwarebytes Trojan.Dridex 20160217
McAfee Artemis!EF08832F922D 20160218
McAfee-GW-Edition BehavesLike.Win32.Suspect.ch 20160218
Microsoft VirTool:Win32/Visky.A 20160218
eScan Gen:Variant.Jaik.10503 20160218
Panda Trj/Dridex.B 20160217
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160218
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160217
Sophos AV Troj/Dridex-PB 20160218
VIPRE Trojan.Win32.Generic!BT 20160218
AegisLab 20160218
Yandex 20160217
Alibaba 20160218
ALYac 20160218
Antiy-AVL 20160218
Arcabit 20160218
AVG 20160218
Baidu-International 20160218
Bkav 20160217
ByteHero 20160218
CAT-QuickHeal 20160218
ClamAV 20160217
CMC 20160216
Comodo 20160218
Cyren 20160218
DrWeb 20160218
F-Prot 20160218
Jiangmin 20160218
K7AntiVirus 20160217
K7GW 20160218
NANO-Antivirus 20160218
nProtect 20160217
SUPERAntiSpyware 20160218
Symantec 20160217
Tencent 20160218
TheHacker 20160217
TrendMicro 20160218
TrendMicro-HouseCall 20160218
VBA32 20160217
ViRobot 20160218
Zillya 20160218
Zoner 20160218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PORTABLEDEVICECLASSEXTENSION.DLL
File version 6.3.7600.16385 (win7_rtm.090713-1255)
Description Windows Portable Device Class Extension Component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x000223E0
Number of sections 9
PE sections
PE imports
GetPrivateProfileStructA
GetProfileSectionW
CreateJobObjectW
EnumUILanguagesW
SetThreadPriorityBoost
GetHandleInformation
SetInformationJobObject
VerifyVersionInfoW
DisconnectNamedPipe
Heap32Next
MapViewOfFileEx
GetConsoleCursorInfo
lstrcatW
QueryMemoryResourceNotification
GetThreadContext
FindResourceExA
GetCPInfo
lstrcmpiA
WaitForDebugEvent
WriteConsoleOutputA
FindResourceExW
ReleaseActCtx
GetFullPathNameA
LocalLock
FatalExit
GetLogicalDriveStringsW
VirtualQueryEx
FindFirstVolumeMountPointA
GetEnvironmentVariableW
ReplaceFileW
GetUserDefaultUILanguage
CopyFileW
CopyFileA
ExitProcess
VerLanguageNameW
RemoveDirectoryA
SetConsoleWindowInfo
FindNextVolumeW
LoadLibraryExA
CreateActCtxW
GetCalendarInfoW
WritePrivateProfileSectionW
WriteConsoleInputW
CreateMutexA
CreateDirectoryExW
TlsSetValue
SetNamedPipeHandleState
Module32Next
CreateDirectoryExA
SetConsoleTextAttribute
IsProcessorFeaturePresent
ExitThread
DecodePointer
ReadConsoleA
GlobalAddAtomA
WaitForMultipleObjectsEx
FindAtomW
VirtualQuery
FindAtomA
GetNumberFormatW
ReadConsoleOutputA
LocalCompact
lstrcatA
FillConsoleOutputCharacterA
SetConsoleMode
IsBadWritePtr
UnlockFileEx
WriteConsoleOutputAttribute
SetThreadIdealProcessor
GlobalFindAtomW
Process32First
GetNamedPipeHandleStateA
GetDateFormatW
GetProcAddress
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
WTSGetActiveConsoleSessionId
GetProcessWorkingSetSize
TerminateProcess
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
FindFirstVolumeA
SetConsoleActiveScreenBuffer
SetMessageWaitingIndicator
CreateFileA
AttachConsole
LocalReAlloc
Heap32ListFirst
GetShortPathNameW
SetComputerNameExA
GetSystemInfo
lstrlenA
GetProfileStringW
GetTapeStatus
GetSystemWindowsDirectoryW
GetDevicePowerState
WinExec
GetEnvironmentStrings
CreateIoCompletionPort
GetConsoleTitleW
GetProcessHeaps
HeapSize
QueryActCtxW
GetConsoleTitleA
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
ReadConsoleOutputCharacterW
CloseHandle
ReadConsoleOutputCharacterA
DeleteVolumeMountPointA
OpenWaitableTimerA
ResetWriteWatch
OpenSemaphoreA
PostQueuedCompletionStatus
MprAdminServerConnect
MprAdminDeviceEnum
VarR4FromCy
LPSAFEARRAY_UserSize
VarR8FromBool
VarBstrFromR8
DuplicateIcon
SHQueryRecycleBinW
ExtractAssociatedIconExW
ExtractAssociatedIconW
wnsprintfW
GetWindowLongA
SetWindowTextA
wsprintfA
EnableWindow
RemovePropW
wsprintfW
GetProcessWindowStation
ScreenToClient
PostMessageW
InvalidateRect
rename
fgetpos
getc
swscanf
getenv
exit
putwc
vfprintf
putc
setbuf
fflush
wcsxfrm
wcstod
wcstombs
memset
wcscpy
isalpha
wcsncat
toupper
islower
towupper
GetErrorInfo
PdhRemoveCounter
PdhAddCounterA
RevokeBindStatusCallback
URLOpenBlockingStreamA
CoInternetCombineUrl
HlinkGoBack
CreateURLMoniker
CoInternetCreateSecurityManager
WriteHitLogging
Number of PE resources by type
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.17

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.7600.16385

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42752

EntryPoint
0x223e0

OriginalFileName
PORTABLEDEVICECLASSEXTENSION.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.7600.16385 (win7_rtm.090713-1255)

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.3.7600.16385

FileDescription
Windows Portable Device Class Extension Component

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
53248

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ef08832f922db1a6a0e2977ad771165c
SHA1 2e3d020fd866433ce3a32b40691687eab7cc1717
SHA256 db7985d2eb8a59b7667b5b64e2163c3bf7a5df745829660e8ad60b46bf83e314
ssdeep
3072:lDOMFJmioOKh/oYeojP0qcIg3ZXcp+qDMxzzGxeWXo83:lDxLmioONqcIUSpHvJXB

authentihash 27afdda80b3694eb493204e6722333da014c2c910cb13ec1c468d5c3dfe2b59b
imphash f7039009dbf5182787d926fb094405d8
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-17 08:24:46 UTC ( vor 3 Jahre, 3 Monate )
Last submission 2016-02-18 09:34:54 UTC ( vor 3 Jahre, 3 Monate )
Dateinamen 262611.exe
PORTABLEDEVICECLASSEXTENSION.DLL
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications