× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b6d1a178966f4fe33e778a2dd7990730c552613bb1c5dbdef97b7be04321e33
File name: zbetcheckin_tracker_herbalife.exe
Detection ratio: 16 / 68
Analysis date: 2018-09-14 10:22:08 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware09 20180912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.214fe6 20180225
Cylance Unsafe 20180914
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Malwarebytes Backdoor.Tofsee 20180914
McAfee GenericRXGL-DZ!C7D6E5F214FE 20180914
McAfee-GW-Edition BehavesLike.Win32.Emotet.ct 20180914
Microsoft Trojan:Win32/Fuerboos.C!cl 20180914
Qihoo-360 HEUR/QVM19.1.DBC7.Malware.Gen 20180914
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazpR3tj9whnNtNKPHqgjGDjE) 20180914
SentinelOne (Static ML) static engine - malicious 20180830
Symantec Packed.Generic.493 20180914
TrendMicro Mal_Dalexis 20180914
TrendMicro-HouseCall Mal_Dalexis 20180914
Ad-Aware 20180913
AegisLab 20180914
AhnLab-V3 20180914
Alibaba 20180713
ALYac 20180914
Antiy-AVL 20180913
Arcabit 20180914
Avast 20180914
Avast-Mobile 20180914
AVG 20180914
Avira (no cloud) 20180914
AVware 20180914
Babable 20180907
Baidu 20180914
BitDefender 20180914
CAT-QuickHeal 20180912
ClamAV 20180914
CMC 20180913
Comodo 20180914
Cyren 20180914
DrWeb 20180914
eGambit 20180914
Emsisoft 20180914
ESET-NOD32 20180914
F-Prot 20180914
F-Secure 20180914
Fortinet 20180914
GData 20180914
Ikarus 20180914
Jiangmin 20180914
K7AntiVirus 20180914
K7GW 20180914
Kaspersky 20180914
Kingsoft 20180914
MAX 20180914
eScan 20180914
NANO-Antivirus 20180914
Palo Alto Networks (Known Signatures) 20180914
Panda 20180913
Sophos AV 20180914
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180914
Tencent 20180914
TheHacker 20180914
TotalDefense 20180914
Trustlook 20180914
VBA32 20180914
VIPRE 20180914
ViRobot 20180914
Webroot 20180914
Yandex 20180912
Zillya 20180913
ZoneAlarm by Check Point 20180914
Zoner 20180913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WUDFHost.exe
Internal name WUDFHost.exe
File version 10.0.17134.1 (WinBuild.160101.0800)
Description Windows Driver Foundation - User-mode Driver Framework Host Process
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-01 09:27:31
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
Ctl3dGetVer
Ctl3dEnabled
InterlockedDecrement
HeapFree
LoadLibraryExA
OpenFileMappingA
OpenJobObjectW
GetModuleHandleA
FindResourceW
GetCommandLineW
lstrcat
SearchPathA
CopyFileA
IsBadReadPtr
CreateWaitableTimerA
CreateFileA
GetVersionExA
GetProcAddress
GetStartupInfoA
LoadLibraryExW
Number of PE resources by type
RT_RCDATA 17
RT_VERSION 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:04:01 02:27:31-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26624

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1000

InitializedDataSize
171008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c7d6e5f214fe6876c90cabf3f02f1d69
SHA1 acb544dced58893403a4360d0cf26bef31201684
SHA256 0b6d1a178966f4fe33e778a2dd7990730c552613bb1c5dbdef97b7be04321e33
ssdeep
3072:U50eEFIXbL44eN0VBVrrrrrrrrrrrrrrrr:U50egC44DJrrrrrrrrrrrrrrrr

authentihash 34aaa7bae4619da82841505e7615b020663d01b0d0c3c6d112097c3906d41faa
imphash 80ef9cc2553b2bc34ed236d16857bdf0
File size 194.0 KB ( 198656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-14 10:22:08 UTC ( 7 months, 1 week ago )
Last submission 2018-09-14 10:22:08 UTC ( 7 months, 1 week ago )
File names zbetcheckin_tracker_herbalife.exe
WUDFHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.