× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03a7986ae0b058e1471c549ea18dfe76a6ab162d7f696509a7f57e2abbafbdef
File name: edg1.exe
Detection ratio: 6 / 57
Analysis date: 2015-02-13 14:08:08 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Kazy.553760 20150213
ESET-NOD32 a variant of Win32/Kryptik.CYKI 20150213
McAfee Downloader-FAPK!5E53AFC30938 20150213
eScan Gen:Variant.Kazy.553760 20150213
Norman Dridex.K 20150213
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150212
Ad-Aware 20150213
AegisLab 20150213
Yandex 20150212
AhnLab-V3 20150213
Alibaba 20150213
ALYac 20150213
Antiy-AVL 20150213
Avast 20150213
AVG 20150213
Avira (no cloud) 20150213
AVware 20150213
Baidu-International 20150213
Bkav 20150213
ByteHero 20150213
CAT-QuickHeal 20150213
ClamAV 20150213
CMC 20150211
Comodo 20150213
Cyren 20150213
DrWeb 20150213
Emsisoft 20150213
F-Prot 20150213
F-Secure 20150213
Fortinet 20150213
GData 20150213
Ikarus 20150213
Jiangmin 20150212
K7AntiVirus 20150213
K7GW 20150213
Kaspersky 20150213
Kingsoft 20150213
Malwarebytes 20150213
McAfee-GW-Edition 20150213
Microsoft 20150213
NANO-Antivirus 20150213
nProtect 20150213
Panda 20150213
Qihoo-360 20150213
Sophos AV 20150213
SUPERAntiSpyware 20150213
Symantec 20150213
Tencent 20150213
TheHacker 20150212
TotalDefense 20150213
TrendMicro 20150213
TrendMicro-HouseCall 20150213
VBA32 20150213
VIPRE 20150213
ViRobot 20150213
Zillya 20150213
Zoner 20150213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Unpublished work. Copyright© Microsoft Corp. 1993-1996

Product Microsoft® Forms
Original name MSR2C.DLL
Internal name MSR2C
File version 1.00.4211.0
Description Microsoft® Forms DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-10 10:14:15
Entry Point 0x00005DE0
Number of sections 5
PE sections
PE imports
JetGetTableInfo
JetBeginTransaction
JetOpenFile
JetMove
JetGetIndexInfo
JetGetLock
JetRenameTable
JetAttachDatabase
JetRestore2
JetTerm2
JetUpdate
JetTruncateLog
JetGetCursorInfo
JetSetCurrentIndex
JetGetVersion
JetDupSession
JetSetCurrentIndex3
ExitProcess
FreeConsole
SetupGetLineTextW
SetupDiOpenDeviceInterfaceA
SetupQueueDefaultCopyA
SetupScanFileQueueA
SetupInstallFilesFromInfSectionA
SetupQueryInfFileInformationA
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailA
SetupDiInstallClassExA
SetupDiGetDeviceInfoListDetailA
SetupDiBuildClassInfoListExA
SetupDiRegisterCoDeviceInstallers
SetupDiGetDeviceInterfaceDetailA
SetupQueueDeleteSectionA
SetupDiInstallClassW
SetupDiGetINFClassW
SetupQueueDefaultCopyW
MessageBoxW
IsWindow
GetForegroundWindow
ChooseFontW
FindTextA
PageSetupDlgW
ReplaceTextW
ChooseColorA
Number of PE resources by type
RT_STRING 11
RT_BITMAP 4
RT_CURSOR 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 20
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

SubsystemVersion
5.0

LinkerVersion
6.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.4211.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Forms DLL

CharacterSet
Unicode

InitializedDataSize
90112

EntryPoint
0x5de0

OriginalFileName
MSR2C.DLL

MIMEType
application/octet-stream

LegalCopyright
Unpublished work. Copyright Microsoft Corp. 1993-1996

FileVersion
1.00.4211.0

TimeStamp
2012:11:10 11:14:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSR2C

ProductVersion
1.00.4211.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Forms

ProductVersionNumber
1.0.4211.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5e53afc3093834e187b5254ab2418e36
SHA1 81d49f069bb08912e004296b9ab838d9b6c8c805
SHA256 03a7986ae0b058e1471c549ea18dfe76a6ab162d7f696509a7f57e2abbafbdef
ssdeep
1536:oo6jFkgkBgaE4bhwll5mHcyu1mKPz8w7A64vHQK:oo6jWgkGE4rmd6mKbqvP

authentihash 7b8c1ca8f704fbaf6a30bc992bfe2c45e9c00dbb66e02c888df3b6ac92550ef2
imphash 5610c5b530138865117b260e5ca145b5
File size 106.0 KB ( 108544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-13 14:08:08 UTC ( 2 years, 7 months ago )
Last submission 2016-06-10 01:34:40 UTC ( 1 year, 3 months ago )
File names MSR2C.DLL
isheriff_5e53afc3093834e187b5254ab2418e36.bin
MSR2C
.01076b73
edg1.exe
fJXbOxFd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections
UDP communications