× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0167e7fd7403b9ff6822b8135926b643cbbe8e5b1bf824a67082fa2a206c6344
File name: 08.vir
Detection ratio: 44 / 56
Analysis date: 2016-11-05 06:55:51 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3620153 20161105
AhnLab-V3 Trojan/Win32.Generic.N2140805926 20161104
ALYac Trojan.GenericKD.3620153 20161105
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161105
Arcabit Trojan.Generic.D373D39 20161105
Avast Win32:Malware-gen 20161105
AVG Generic38.TOL 20161105
Avira (no cloud) TR/Crypt.Xpack.zknoq 20161104
AVware Trojan.Win32.Generic!BT 20161105
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20161104
BitDefender Trojan.GenericKD.3620153 20161105
Bkav W32.Clod851.Trojan.a2fd 20161104
CAT-QuickHeal Trojan.Skeeyah 20161104
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.HFRJ-3395 20161105
DrWeb Trojan.Dridex.459 20161105
Emsisoft Trojan.GenericKD.3620153 (B) 20161105
ESET-NOD32 a variant of Win32/Kryptik.FIGG 20161105
F-Secure Trojan.GenericKD.3620153 20161105
Fortinet W32/Generic!tr 20161105
GData Trojan.GenericKD.3620153 20161105
Ikarus Trojan.Win32.Dridex 20161104
Sophos ML backdoor.win32.prosti.l 20161018
K7AntiVirus Riskware ( 0040eff71 ) 20161105
K7GW Riskware ( 0040eff71 ) 20161105
Kaspersky HEUR:Trojan.Win32.Generic 20161105
Malwarebytes Trojan.Dridex 20161105
McAfee Generic.amo 20161105
McAfee-GW-Edition BehavesLike.Win32.Suspect.nc 20161105
Microsoft Trojan:Win32/Skeeyah.A!rfn 20161105
eScan Trojan.GenericKD.3620153 20161105
NANO-Antivirus Trojan.Win32.Xpack.ehvtjp 20161105
Panda Trj/CI.A 20161104
Qihoo-360 HEUR/QVM19.1.B809.Malware.Gen 20161105
Rising Malware.Generic!buIEpND3FbH@1 (thunder) 20161105
Sophos AV Mal/Generic-S 20161105
Symantec Trojan.Cridex 20161105
Tencent Win32.Trojan.Kryptik.Lmuz 20161105
TrendMicro TROJ_GEN.R021C0CJS16 20161105
TrendMicro-HouseCall TROJ_GEN.R021C0CJS16 20161105
VBA32 Trojan.Yakes 20161104
VIPRE Trojan.Win32.Generic!BT 20161105
ViRobot Trojan.Win32.Z.Agent.98454[h] 20161105
Yandex Trojan.Agent!MvR5DY1GsAs 20161104
AegisLab 20161105
Alibaba 20161104
ClamAV 20161105
CMC 20161105
Comodo 20161105
F-Prot 20161105
Jiangmin 20161105
Kingsoft 20161105
nProtect 20161105
SUPERAntiSpyware 20161105
TheHacker 20161104
Zillya 20161104
Zoner 20161105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdtuq.dll
Internal name kbdtuq (3.13)
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Turkish Q Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1985-07-09 01:11:34
Entry Point 0x0001A9F0
Number of sections 13
PE sections
Overlays
MD5 d3d9446802a44259755d38e6d163e820
File type ASCII text
Offset 98452
Size 2
Entropy 1.00
PE imports
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetWindowLongA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
2

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
6144

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1a9f0

OriginalFileName
kbdtuq.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
1985:07:09 02:11:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdtuq (3.13)

ProductVersion
6.1.7601.17514

FileDescription
Turkish Q Keyboard Layout

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
19968

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 39c9462fd933ed0e3c841ab8acd8341f
SHA1 8fbfc072312971778f53feea7c480eeb7354cb41
SHA256 0167e7fd7403b9ff6822b8135926b643cbbe8e5b1bf824a67082fa2a206c6344
ssdeep
1536:xmO3UXhc380A95Nv4dBC2L2pwTUNoqtR8yjWF46siAKBCCLTnqY:IsUXhc33A95Nv4dBC2JT+7kJFlsyC4eY

authentihash c28f69cbfa2857b98ba2793303b4e9a0b43f469fcf4f6858651c887869749920
imphash ba8e7fd2ec4c4137d53bc6b41d3c29e3
File size 96.1 KB ( 98454 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-28 14:04:52 UTC ( 2 years, 3 months ago )
Last submission 2016-12-15 18:43:05 UTC ( 2 years, 2 months ago )
File names 08.vir
kbdtuq.dll
kbdtuq (3.13)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications