× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1139d1e661fcca94fe699a96f0e83ce6fce2d077d18eb8048eee1f4e0fef6784
File name: 1139d1e661fcca94fe699a96f0e83ce6fce2d077d18eb8048eee1f4e0fef6784
Detection ratio: 42 / 67
Analysis date: 2017-10-24 23:34:04 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.72116 20171025
AegisLab Troj.W32.Refinka!c 20171024
ALYac Gen:Variant.Johnnie.72116 20171024
Antiy-AVL Trojan/Win32.Refinka 20171024
Arcabit Trojan.Johnnie.D119B4 20171024
Avast Win32:Malware-gen 20171024
AVG Win32:Malware-gen 20171024
Avira (no cloud) TR/AD.Dridex.hbymy 20171025
AVware Trojan.Win32.Generic!BT 20171024
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171024
BitDefender Gen:Variant.Johnnie.72116 20171024
CAT-QuickHeal Trojan.Refinka 20171024
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171025
Cyren W32/Trojan.UBZA-8670 20171024
eGambit Unsafe.AI_Score_98% 20171025
Emsisoft Gen:Variant.Johnnie.72116 (B) 20171024
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYBA 20171024
F-Secure Gen:Variant.Johnnie.72116 20171024
Fortinet W32/Kryptik.FXXN!tr 20171024
GData Gen:Variant.Johnnie.72116 20171024
Ikarus Trojan.Win32.Crypt 20171024
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00519f4d1 ) 20171024
K7GW Trojan ( 00519f4d1 ) 20171024
Kaspersky Trojan.Win32.Refinka.gdf 20171024
MAX malware (ai score=100) 20171024
McAfee Artemis!CE82508DECE9 20171024
McAfee-GW-Edition BehavesLike.Win32.Expiro.fc 20171024
eScan Gen:Variant.Johnnie.72116 20171024
Palo Alto Networks (Known Signatures) generic.ml 20171025
Panda Trj/GdSda.A 20171024
Qihoo-360 Win32/Trojan.695 20171025
Rising Malware.Heuristic!ET#81% (RDM+:cmRtazpf0RayI7LEbsCwz4Z/zAsq) 20171024
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171024
Symantec Trojan.Gen 20171024
Tencent Win32.Trojan.Refinka.Tbsc 20171025
TrendMicro-HouseCall TROJ_GEN.R002H0CJN17 20171024
VIPRE Trojan.Win32.Generic!BT 20171024
ZoneAlarm by Check Point Trojan.Win32.Refinka.gdf 20171025
AhnLab-V3 20171024
Avast-Mobile 20171024
Bkav 20171024
ClamAV 20171024
CMC 20171024
Comodo 20171024
DrWeb 20171024
F-Prot 20171024
Jiangmin 20171024
Kingsoft 20171025
Malwarebytes 20171024
Microsoft 20171024
NANO-Antivirus 20171024
nProtect 20171024
SUPERAntiSpyware 20171024
Symantec Mobile Insight 20171011
TheHacker 20171024
TotalDefense 20171024
TrendMicro 20171025
Trustlook 20171025
VBA32 20171024
ViRobot 20171024
Webroot 20171025
WhiteArmor 20171024
Yandex 20171024
Zillya 20171024
Zoner 20171024
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name TSErrRedir.DLL
Internal name TSErrRedir.DLL
File version 6.1.7601.23403 (win7sp1_ldr.160325-0600)
Description Remote Desktop Services Logon Error Redirector
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-20 15:54:32
Entry Point 0x00003480
Number of sections 8
PE sections
PE imports
AddAccessDeniedAceEx
AddAuditAccessAceEx
SetNamedSecurityInfoA
GetSidIdentifierAuthority
AVIStreamStart
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Set_DevNode_Registry_PropertyW
PrintDlgA
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertStrToNameW
GetTextCharsetInfo
ExcludeClipRect
DeleteColorSpace
TextOutA
Escape
GetCharWidth32A
CreateMetaFileW
ImmNotifyIME
GetFullPathNameA
BuildCommDCBA
GetFileTime
GetModuleHandleA
FindAtomW
GetConsoleAliasExesLengthA
EraseTape
GetNumaHighestNodeNumber
GetCurrentProcessId
ReleaseSemaphore
GetModuleFileNameW
ProcessIdToSessionId
CreateProcessW
UnhandledExceptionFilter
EnumCalendarInfoW
SetFilePointerEx
GetCurrentThreadId
GetModuleFileNameA
GetBinaryTypeA
ResumeThread
MprInfoBlockSet
NetServerGetInfo
NetLocalGroupAddMembers
BSTR_UserSize
VarCyFromR8
wglGetProcAddress
NdrSimpleTypeMarshall
RpcServerRegisterIf
I_RpcMapWin32Status
SetupDiCreateDeviceInfoA
PathCreateFromUrlW
StrToIntA
StrCmpNA
PathSearchAndQualifyW
RevertSecurityContext
EmptyClipboard
CreatePopupMenu
MapDialogRect
ImpersonateDdeClientWindow
GetKBCodePage
LoadMenuW
DefMDIChildProcA
LoadImageA
GetFocus
DrawTextW
WinHelpA
GetMonitorInfoA
InvertRect
OpenDesktopA
waveInAddBuffer
OpenPrinterA
EnumJobsW
vprintf
memcmp
HPALETTE_UserUnmarshal
IIDFromString
HICON_UserMarshal
OleFlushClipboard
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.23403

UninitializedDataSize
107702811

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
339968

EntryPoint
0x3480

OriginalFileName
TSErrRedir.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.23403 (win7sp1_ldr.160325-0600)

TimeStamp
2017:10:20 16:54:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
TSErrRedir.DLL

ProductVersion
6.1.7601.23403

FileDescription
Remote Desktop Services Logon Error Redirector

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.23403

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 ce82508dece9d26ce3fb84ea826a9eff
SHA1 4097b38ed84edfbbd074bbbc1ae8cba77a9a4f0f
SHA256 1139d1e661fcca94fe699a96f0e83ce6fce2d077d18eb8048eee1f4e0fef6784
ssdeep
6144:oYn/LkNfJWl0MEWVMbQEb2P7Lft6OtbQ5f0W3QsoZ5cBzF29WXTs:T/MfAcbVbG7xztbQ50tsowNwkTs

authentihash 5c6fa16acd3d177377bdcac21e1c0d798b223a28c79ca1299dc5cb516d6170c7
imphash 0ea9471daef54d307b46cc240aa62465
File size 348.0 KB ( 356352 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
pedll

VirusTotal metadata
First submission 2017-10-23 23:23:01 UTC ( 1 year, 1 month ago )
Last submission 2018-07-21 08:50:55 UTC ( 4 months, 4 weeks ago )
File names TSErrRedir.DLL
ce82508dece9d26ce3fb84ea826a9eff.vir
4097b38ed84edfbbd074bbbc1ae8cba77a9a4f0f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!