× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06766efc3dcef4154492d88b1c63c2e5776440e3578ce9c684507789f30957c2
File name: 50752cba6ac343b18c750d8ad5e8d8ee
Detection ratio: 14 / 57
Analysis date: 2016-11-27 11:37:23 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Spy]/Win32.Ursnif 20161127
AVG Crypt6.OWP 20161127
Avira (no cloud) TR/Crypt.ZPACK.cevso 20161127
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161126
Comodo Heur.Packed.Unknown 20161127
DrWeb Trojan.PWS.Papras.2518 20161127
ESET-NOD32 a variant of Win32/Kryptik.FKMQ 20161127
Sophos ML generic.a 20161018
K7GW Trojan ( 004fedc01 ) 20161127
Kaspersky UDS:DangerousObject.Multi.Generic 20161127
McAfee Artemis!50752CBA6AC3 20161127
McAfee-GW-Edition Artemis 20161127
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161127
Rising Malware.Generic!8X5QUzbFpkE@2 (thunder) 20161127
Ad-Aware 20161127
AegisLab 20161127
AhnLab-V3 20161126
Alibaba 20161125
ALYac 20161127
Arcabit 20161127
Avast 20161127
AVware 20161127
BitDefender 20161127
Bkav 20161126
CAT-QuickHeal 20161126
ClamAV 20161127
CMC 20161127
CrowdStrike Falcon (ML) 20161024
Cyren 20161127
Emsisoft 20161127
F-Prot 20161127
F-Secure 20161127
Fortinet 20161127
GData 20161127
Ikarus 20161127
Jiangmin 20161124
K7AntiVirus 20161127
Kingsoft 20161127
Malwarebytes 20161127
Microsoft 20161127
eScan 20161127
NANO-Antivirus 20161127
nProtect 20161127
Panda 20161127
Sophos AV 20161127
SUPERAntiSpyware 20161127
Symantec 20161127
Tencent 20161127
TheHacker 20161126
TotalDefense 20161127
TrendMicro 20161127
TrendMicro-HouseCall 20161127
Trustlook 20161127
VBA32 20161125
VIPRE 20161127
ViRobot 20161127
WhiteArmor 20161125
Yandex 20161126
Zillya 20161125
Zoner 20161127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Nasri Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name framedyn.dll
Internal name framedyn.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description WMI SDK Provider Framework
Signature verification Signed file, verified signature
Signing date 3:40 PM 11/26/2016
Signers
[+] For Ai Studio
Status Valid
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 12:27 PM 11/10/2016
Valid to 12:27 PM 11/11/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E03C6E146251CB6A47761322A7C64AC5AFCDFBA3
Serial number 43 1A 6A 87 EC 42 D5 2D B1 CB F8 D2
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 1:00 AM 6/15/2016
Valid to 1:00 AM 6/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 5/24/2016
Valid to 1:00 AM 6/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-26 15:40:05
Entry Point 0x00002980
Number of sections 7
PE sections
Overlays
MD5 a48fd93113156f9463507a61902759ce
File type data
Offset 188416
Size 7104
Entropy 7.42
PE imports
GetUserDefaultUILanguage
AreFileApisANSI
GetLastError
FreeConsole
DosDateTimeToFileTime
VirtualAllocEx
GetSystemInfo
lstrlenA
RequestDeviceWakeup
GetProfileSectionW
GetDriveTypeA
ExitProcess
GetThreadLocale
CallNamedPipeA
IsDBCSLeadByte
GetCPInfoExW
SizeofResource
FindClose
GetSystemDefaultLCID
GetCommandLineA
GetUserDefaultLCID
GetNamedPipeHandleStateW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
GetMailslotInfo
SetHandleInformation
SetFileAttributesA
WriteProfileSectionA
GetThreadSelectorEntry
SetCommConfig
AllocateUserPhysicalPages
GetProcessShutdownParameters
HeapCreate
GetCurrentConsoleFont
WriteConsoleOutputCharacterA
FindAtomA
IsBadCodePtr
GetStringTypeExA
GetVersion
GetNumberFormatW
GetShellWindow
GetClassNameA
GetSysColor
CharNextA
SelectCMM
SetColorProfileElementReference
CheckBitmapBits
GetCMMInfo
UninstallColorProfileW
GetColorDirectoryW
CreateColorTransformA
InstallColorProfileA
RegisterCMMW
RegisterCMMA
GetStandardColorSpaceProfileW
GetColorProfileElementTag
SetStandardColorSpaceProfileA
SetColorProfileElementSize
IsColorProfileTagPresent
IsColorProfileValid
GetPS2ColorSpaceArray
GetColorProfileElement
ConvertColorNameToIndex
Ord(74)
Ord(93)
Ord(154)
Ord(60)
Ord(76)
Ord(89)
Ord(231)
Ord(174)
Ord(85)
Ord(160)
Ord(161)
Ord(22)
Ord(96)
Ord(133)
Ord(70)
Ord(81)
Ord(17)
Ord(28)
Ord(113)
Ord(58)
Ord(64)
Ord(204)
Ord(80)
Ord(147)
Ord(59)
Ord(220)
Ord(119)
Ord(63)
Ord(102)
Ord(151)
Ord(124)
Ord(114)
Ord(34)
Ord(170)
Ord(47)
Ord(53)
Ord(206)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x2980

OriginalFileName
framedyn.dll

MIMEType
application/octet-stream

LegalCopyright
Nasri Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2016:11:26 16:40:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
framedyn.dll

ProductVersion
6.1.7601.17514

FileDescription
WMI SDK Provider Framework

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Nasri Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 50752cba6ac343b18c750d8ad5e8d8ee
SHA1 76841295b641499f75cc3e5d29535e219c3f17d7
SHA256 06766efc3dcef4154492d88b1c63c2e5776440e3578ce9c684507789f30957c2
ssdeep
3072:nTSC2gWgkJ+hWLd4cLKgW2TpnkKN9ZQ3S4Xi1s4+g:nTSC29sQJ4cL3Wyky96CYo

authentihash f02a62b4c9606afd11e0f8463b8a6b9c0b6f9d3434072d71f3d4a54e28b07090
imphash 8234b09f458fd6c24589450a67c81d50
File size 190.9 KB ( 195520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-11-27 11:37:23 UTC ( 2 years, 4 months ago )
Last submission 2016-11-27 11:37:23 UTC ( 2 years, 4 months ago )
File names 50752cba6ac343b18c750d8ad5e8d8ee
framedyn.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications