× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 15aaf28c04af14689448459d5ff62d27debe7ef2d1d7ba7a31618cfb9781b2e8
File name: 385efae1db903d31dfac4782cdab3982
Detection ratio: 42 / 67
Analysis date: 2017-10-19 22:25:23 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12499707 20171019
AegisLab Ml.Attribute.Gen!c 20171019
AhnLab-V3 Trojan/Win32.Dovs.R210784 20171019
Antiy-AVL Trojan/Win32.TSGeneric 20171019
Arcabit Trojan.Generic.DBEBAFB 20171019
Avast Win32:Malware-gen 20171019
AVG Win32:Malware-gen 20171019
Avira (no cloud) TR/Crypt.ZPACK.npjoq 20171019
AVware Trojan.Win32.Generic!BT 20171019
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9943 20171019
BitDefender Trojan.GenericKD.12499707 20171019
ClamAV Win.Trojan.Emotet-6350518-0 20171019
Comodo UnclassifiedMalware 20171019
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171019
Cyren W32/Trojan.JPKJ-5505 20171019
Emsisoft Trojan.GenericKD.12499707 (B) 20171019
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/Kryptik.FXWK 20171019
F-Secure Trojan.GenericKD.12499707 20171019
Fortinet W32/GenKryptik.AVMQ!tr 20171019
GData Win32.Trojan-Spy.Emotet.DU 20171019
Ikarus Trojan.Win32.Krypt 20171019
Sophos ML heuristic 20170914
K7GW Trojan ( 00519c7f1 ) 20171019
Kaspersky Trojan.Win32.Refinka.fpg 20171019
Malwarebytes Trojan.Emotet 20171019
McAfee RDN/Generic.grp 20171019
McAfee-GW-Edition BehavesLike.Win32.Expiro.nc 20171019
Microsoft Trojan:Win32/Emotet.P 20171019
eScan Trojan.GenericKD.12499707 20171019
Palo Alto Networks (Known Signatures) generic.ml 20171019
Panda Trj/Genetic.gen 20171019
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171019
Symantec Ransom.Kovter 20171019
Tencent Win32.Trojan.Refinka.Ljuk 20171019
TrendMicro TROJ_GEN.R011C0DJJ17 20171019
TrendMicro-HouseCall TROJ_GEN.R011C0DJJ17 20171019
VIPRE Trojan.Win32.Generic!BT 20171019
Webroot W32.Trojan.Emotet 20171019
ZoneAlarm by Check Point Trojan.Win32.Refinka.fpg 20171019
Alibaba 20170911
ALYac 20171019
Avast-Mobile 20171019
Bkav 20171019
CAT-QuickHeal 20171019
CMC 20171018
DrWeb 20171019
eGambit 20171019
F-Prot 20171019
Jiangmin 20171019
K7AntiVirus 20171019
Kingsoft 20171019
MAX 20171019
NANO-Antivirus 20171019
nProtect 20171019
Qihoo-360 20171019
Rising 20171019
SUPERAntiSpyware 20171019
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171019
Trustlook 20171019
VBA32 20171019
ViRobot 20171019
WhiteArmor 20171016
Yandex 20171018
Zillya 20171019
Zoner 20171019
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdsw09.dll
Internal name kbdsw09 (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Sinhala - Wij 9 Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-18 07:10:31
Entry Point 0x00001970
Number of sections 8
PE sections
PE imports
CloseServiceHandle
OpenSCManagerW
RegOpenKeyExW
RegCreateKeyW
QueryServiceConfigW
IsTextUnicode
GetDeviceCaps
DeleteObject
CreateFontW
SetAbortProc
FreeLibrary
AreFileApisANSI
ConvertFiberToThread
RaiseException
GetConsoleAliasA
LocalAlloc
RemoveDirectoryW
LocalFree
InterlockedExchange
UnregisterApplicationRestart
RegisterApplicationRestart
GenerateConsoleCtrlEvent
LoadLibraryA
GetProcAddress
GetLastError
QueryPathOfRegTypeLib
RpcServerInqCallAttributesW
ExtractAssociatedIconA
SHGetFileInfoW
CryptCATAdminReleaseCatalogContext
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53504

EntryPoint
0x1970

OriginalFileName
kbdsw09.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:10:18 08:10:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdsw09 (3.13)

ProductVersion
6.1.7600.16385

FileDescription
Sinhala - Wij 9 Keyboard Layout

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 385efae1db903d31dfac4782cdab3982
SHA1 b3f4b59161e7f71c4704dc9a1dd581f3dd093178
SHA256 15aaf28c04af14689448459d5ff62d27debe7ef2d1d7ba7a31618cfb9781b2e8
ssdeep
1536:wIJiO3jdXBpWyx0cwN1QItWQFzBVhPTWAS50X/Y:wILBXBp1x5wN1QItD0n

authentihash 41543e2a54dc97f90331f449e1f4413c2a1adc01904ee31460d649b3aa2383d1
imphash 7e3efa845e7824171273ad0896107677
File size 95.0 KB ( 97280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-17 22:12:21 UTC ( 1 year ago )
Last submission 2018-05-10 17:38:22 UTC ( 5 months, 2 weeks ago )
File names kbdsw09 (3.13)
ilC69R.exe
16835600.exe
kbdsw09.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!