× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 119309a045d3c2573ace407c7a3be129b24a970c0b6e621f7e91a62b269db727
File name: 119309a045d3c2573ace407c7a3be129b24a970c0b6e621f7e91a62b269db727
Detection ratio: 42 / 62
Analysis date: 2017-03-28 20:39:20 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.20528889 20170328
AegisLab Troj.Banker.W32!c 20170328
ALYac Trojan.Generic.20528889 20170328
Antiy-AVL Trojan[Banker]/Win32.CoreBot 20170328
Arcabit Trojan.Generic.D1393EF9 20170328
AVG Crypt7.YQX 20170328
Avira (no cloud) TR/Crypt.Xpack.btkaa 20170328
AVware Trojan.Win32.Generic!BT 20170328
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170328
BitDefender Trojan.Generic.20528889 20170328
CAT-QuickHeal Backdoor.Drixed 20170327
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.QQAH-7149 20170328
Emsisoft Trojan.Dridex (A) 20170328
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Dridex.AX 20170328
F-Secure Trojan.Generic.20528889 20170328
Fortinet W32/CoreBot.AX!tr 20170328
GData Trojan.Generic.20528889 20170328
Ikarus Trojan.Win32.Dridex 20170328
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
K7AntiVirus Trojan ( 004feef81 ) 20170328
K7GW Trojan ( 004feef81 ) 20170328
Kaspersky Trojan-Banker.Win32.CoreBot.dx 20170328
Malwarebytes Trojan.Dridex 20170328
McAfee RDN/PWS-Banker 20170328
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20170328
Microsoft Backdoor:Win32/Drixed 20170328
eScan Trojan.Generic.20528889 20170328
NANO-Antivirus Trojan.Win32.CoreBot.emusna 20170328
nProtect Banker/W32.CoreBot.120316 20170328
Palo Alto Networks (Known Signatures) generic.ml 20170328
Panda Trj/CI.A 20170328
Qihoo-360 Win32/Trojan.BO.28c 20170328
Rising Malware.Generic.2!tfe (cloud:E04kbgXuORV) 20170328
Sophos AV Mal/Generic-S 20170328
Symantec Trojan.Gen.2 20170328
Tencent Win32.Trojan-banker.Corebot.Lpvx 20170328
VIPRE Trojan.Win32.Generic!BT 20170328
ViRobot Trojan.Win32.Z.Dridex.120316[h] 20170328
Webroot W32.Trojan.Gen 20170328
ZoneAlarm by Check Point Trojan-Banker.Win32.CoreBot.dx 20170328
AhnLab-V3 20170328
Alibaba 20170328
Avast 20170328
Bkav 20170328
ClamAV 20170328
CMC 20170328
Comodo 20170328
DrWeb 20170328
F-Prot 20170328
Jiangmin 20170328
Kingsoft 20170328
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170328
Symantec Mobile Insight 20170328
TheHacker 20170327
TotalDefense 20170328
TrendMicro 20170328
TrendMicro-HouseCall 20170328
Trustlook 20170328
VBA32 20170328
WhiteArmor 20170327
Yandex 20170327
Zillya 20170328
Zoner 20170328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PDH.DLL
Internal name PDH.DLL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Performance Data Helper DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2023-08-22 16:42:06
Entry Point 0x0001C4E0
Number of sections 10
PE sections
PE imports
EnumServicesStatusA
CryptAcquireContextA
RegisterServiceCtrlHandlerW
OpenEncryptedFileRawA
CryptGenRandom
LookupPrivilegeDisplayNameA
RegEnumKeyA
RegRestoreKeyW
GetLengthSid
MakeDragList
ImageList_DrawEx
GetColorAdjustment
CreateBitmap
CreateFontIndirectExA
OffsetRgn
CreateDIBitmap
TextOutA
AbortPath
GetKerningPairsA
EnumICMProfilesW
SetPixelFormat
WidenPath
GetUserDefaultUILanguage
EnumUILanguagesA
LCMapStringW
SetCommBreak
LoadLibraryW
ScrollConsoleScreenBufferA
VirtualAllocEx
GetTimeFormatW
DeleteTimerQueueEx
GetThreadLocale
MoveFileWithProgressA
FlushFileBuffers
GlobalUnfix
VirtualQuery
SystemTimeToTzSpecificLocalTime
GetVolumePathNamesForVolumeNameW
SetDefaultCommConfigW
HeapAlloc
IsBadWritePtr
GetFirmwareEnvironmentVariableW
GetEnvironmentStrings
CompareFileTime
LocalAlloc
VirtualQueryEx
SetTapePosition
GlobalAddAtomW
HeapQueryInformation
GetCurrentDirectoryA
lstrcpynW
SetErrorMode
UnregisterWait
FreeEnvironmentStringsW
GetConsoleTitleA
CreateActCtxA
GetProcAddress
GetThreadContext
SetSystemTimeAdjustment
GetComputerNameW
CreateHardLinkA
GetTempPathA
CheckRemoteDebuggerPresent
ReadProcessMemory
lstrcmpA
FindNextFileW
GetFirmwareEnvironmentVariableA
FindResourceExW
GetConsoleDisplayMode
EnumResourceNamesA
GetExitCodeThread
OpenMutexW
FindFirstFileW
GlobalMemoryStatusEx
DuplicateHandle
GetDiskFreeSpaceA
CreateConsoleScreenBuffer
GetModuleHandleW
InterlockedExchange
SetLocaleInfoW
GetModuleHandleExW
IsValidCodePage
GetTempPathW
GetCommState
DebugActiveProcess
AllocConsole
EnumLanguageGroupLocalesA
SetFileAttributesW
ReadFileEx
GetProcessVersion
GetProcessTimes
OutputDebugStringA
LeaveCriticalSection
InterlockedIncrement
LPSAFEARRAY_UserSize
VarR8FromBool
PathIsContentTypeW
SHRegOpenUSKeyW
SHEnumValueW
PathRemoveFileSpecW
PathUnExpandEnvStringsW
PathIsDirectoryEmptyW
PathFindOnPathW
SHLoadIndirectString
wnsprintfW
SHGetViewStatePropertyBag
PathRemoveBlanksW
SHRegSetPathA
EndDialog
FindWindowW
GetPropA
GetNextDlgGroupItem
MessageBoxExA
InSendMessageEx
CreateDesktopA
IsRectEmpty
TranslateMessage
GetSysColor
SetWindowsHookW
InternalGetWindowText
DefFrameProcW
CreateMDIWindowW
GetLastActivePopup
GetClassInfoW
MoveWindow
UnionRect
GetNextDlgTabItem
GetClassLongA
CreateMenu
GetClassNameW
CopyRect
DlgDirListW
EnumDesktopWindows
TabbedTextOutW
ExitWindowsEx
PostThreadMessageA
OpenClipboard
memmove
vwprintf
_sprintf_l
qsort
fgetc
wcsncat
fgets
strncpy
PdhOpenQueryA
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
6144

LinkerVersion
0.0

ImageVersion
1.65535

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Performance Data Helper DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1c4e0

OriginalFileName
PDH.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2023:08:22 17:42:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDH.DLL

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24064

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 3fedcaf38fbaeaa0a31c553098c3e9ec
SHA1 ef04aab6d1906d5c724c4792dedba01f67c2a182
SHA256 119309a045d3c2573ace407c7a3be129b24a970c0b6e621f7e91a62b269db727
ssdeep
3072:7LvZQkXvjp5geqd0AL8bmjmtrPo5xe6VbAXuzYVEuIo:rXsZqCFqGxnV0+zYV3

authentihash 271f9fb39f6d6be302c1d07e8d7bdc071a894c3632b5f7e1e15a003fee9ce684
imphash 5d24055f4bb42804076100831283abf8
File size 117.5 KB ( 120316 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-23 20:41:15 UTC ( 2 years, 1 month ago )
Last submission 2017-08-19 01:08:08 UTC ( 1 year, 8 months ago )
File names 022.xor
PDH.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!