× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 187f22704803e853a4bdd2542cc2a25b0dd2e4b0cf3dda1a8309869c453c8e15
File name: 5c0904e7ede84040e3b1f172e4892c31
Detection ratio: 8 / 67
Analysis date: 2018-05-01 22:02:00 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180428
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180501
eGambit Unsafe.AI_Score_100% 20180501
Endgame malicious (high confidence) 20180402
Sophos ML heuristic 20180120
Qihoo-360 HEUR/QVM40.1.E16B.Malware.Gen 20180501
Symantec ML.Attribute.HighConfidence 20180501
Ad-Aware 20180501
AegisLab 20180501
AhnLab-V3 20180501
Alibaba 20180428
ALYac 20180501
Antiy-AVL 20180501
Arcabit 20180501
Avast 20180501
Avast-Mobile 20180501
AVG 20180501
Avira (no cloud) 20180501
AVware 20180428
Babable 20180406
BitDefender 20180501
Bkav 20180426
CAT-QuickHeal 20180501
ClamAV 20180501
CMC 20180501
Comodo 20180501
Cybereason None
Cyren 20180501
DrWeb 20180501
Emsisoft 20180501
ESET-NOD32 20180501
F-Prot 20180501
F-Secure 20180501
Fortinet 20180501
GData 20180501
Ikarus 20180501
Jiangmin 20180501
K7AntiVirus 20180501
K7GW 20180501
Kaspersky 20180501
Kingsoft 20180501
Malwarebytes 20180501
MAX 20180501
McAfee 20180501
McAfee-GW-Edition 20180425
Microsoft 20180501
eScan 20180501
NANO-Antivirus 20180501
nProtect 20180501
Palo Alto Networks (Known Signatures) 20180501
Panda 20180501
Rising 20180501
SentinelOne (Static ML) 20180225
Sophos AV 20180501
SUPERAntiSpyware 20180501
Symantec Mobile Insight 20180501
Tencent 20180501
TheHacker 20180430
TotalDefense 20180501
TrendMicro 20180501
TrendMicro-HouseCall 20180501
Trustlook 20180501
VBA32 20180428
VIPRE 20180501
ViRobot 20180501
Webroot 20180501
Yandex 20180428
Zillya 20180430
ZoneAlarm by Check Point 20180501
Zoner 20180430
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Microsoft.Assessments.dll
Internal name Microsoft.Assessments.dll
File version 6.2.9200.16384 (win8_rtm.120725-1247)
Description Microsoft Assessments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-01 14:42:31
Entry Point 0x00001610
Number of sections 6
PE sections
PE imports
EnumServicesStatusA
LogonUserExW
IsTokenRestricted
GetClusterFromResource
PolyPolyline
CreateRectRgn
LineDDA
DeleteColorSpace
GetDIBits
DeleteObject
GetVolumePathNameW
GlobalFindAtomW
IsValidCodePage
GetStringTypeExW
FindAtomA
DebugBreak
FormatMessageA
GetTapePosition
lstrlenW
GetProcessHeap
wglGetProcAddress
ExtractIconA
FindExecutableA
wnsprintfW
InitializeSecurityContextW
DestroyIcon
GetCursorInfo
GetKeyboardLayout
GetWindowPlacement
GetClassInfoW
GetCaretPos
GetKeyboardType
GetUrlCacheEntryInfoExA
DeletePrinterDriverW
GetPrintProcessorDirectoryW
GetColorProfileElement
GetClassFileOrMime
Number of PE resources by type
WEVT_TEMPLATE 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.2.9200.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Assessments

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
dll

OriginalFileName
Microsoft.Assessments.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.2.9200.16384 (win8_rtm.120725-1247)

TimeStamp
2018:05:01 14:42:31+00:00

FileType
Win32 DLL

PEType
PE32

InternalName
Microsoft.Assessments.dll

ProductVersion
6.2.9200.16384

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
2063370106

FileSubtype
0

ProductVersionNumber
6.2.9200.16384

EntryPoint
0x1610

ObjectFileType
Dynamic link library

File identification
MD5 5c0904e7ede84040e3b1f172e4892c31
SHA1 c2f1bd7d1ccc59149c25fb23b489f35ef9490ffd
SHA256 187f22704803e853a4bdd2542cc2a25b0dd2e4b0cf3dda1a8309869c453c8e15
ssdeep
6144:eQ/ZtjwCNXn7DmirGNX/cT/+gQ7rQQ9oyE2DqRLjI0NonabvTtt8QLrwXY:TfwKrDmEGNaWgQkyE2DqRdNJTtqwN

authentihash fdd06699c69d1ceb6ab2db91c46b7789558ba2e211307a459b18382fdcb87507
imphash cf9c363702aedd0e2c126abbdd7233f2
File size 492.0 KB ( 503808 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-05-01 22:02:00 UTC ( 7 months, 1 week ago )
Last submission 2018-05-01 22:02:00 UTC ( 7 months, 1 week ago )
File names Microsoft.Assessments.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!