× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a4373d60797a60210fa72dbe7565b19b369b86b02e988d92eb29021dd3c5dd3
File name: bf91a9159929614de2f9dc95c59de516
Detection ratio: 35 / 67
Analysis date: 2017-10-19 17:54:21 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.72718 20171019
Arcabit Trojan.Mikey.D11C0E 20171019
Avast Win32:Evo-gen [Susp] 20171019
AVG Win32:Evo-gen [Susp] 20171019
AVware Trojan.Win32.Generic!BT 20171019
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171019
BitDefender Gen:Variant.Mikey.72718 20171019
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171019
Cyren W32/Trojan.BJIX-9284 20171019
eGambit malicious_confidence_78% 20171019
Emsisoft Gen:Variant.Mikey.72718 (B) 20171019
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAGR 20171019
F-Secure Gen:Variant.Mikey.72718 20171019
Fortinet W32/GenKryptik.AXZB!tr 20171019
GData Gen:Variant.Mikey.72718 20171019
Ikarus Trojan.Win32.Krypt 20171019
Sophos ML heuristic 20170914
K7GW Trojan ( 00519bd71 ) 20171019
Kaspersky Trojan.Win32.Refinka.euy 20171019
Malwarebytes Trojan.Dridex 20171019
MAX malware (ai score=82) 20171019
eScan Gen:Variant.Mikey.72718 20171019
Panda Trj/CI.A 20171019
Qihoo-360 HEUR/QVM40.1.9CE9.Malware.Gen 20171019
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171019
Symantec ML.Attribute.HighConfidence 20171019
Tencent Win32.Trojan.Refinka.Pjnd 20171019
TrendMicro TROJ_GEN.R011C0RJJ17 20171019
TrendMicro-HouseCall TROJ_GEN.R011C0RJJ17 20171019
VIPRE Trojan.Win32.Generic!BT 20171019
Webroot W32.Trojan.Gen 20171019
ZoneAlarm by Check Point Trojan.Win32.Refinka.euy 20171019
AegisLab 20171019
AhnLab-V3 20171019
Alibaba 20170911
ALYac 20171019
Antiy-AVL 20171019
Avast-Mobile 20171019
Avira (no cloud) 20171019
Bkav 20171019
CAT-QuickHeal 20171019
ClamAV 20171019
CMC 20171018
Comodo 20171019
DrWeb 20171019
F-Prot 20171019
Jiangmin 20171019
K7AntiVirus 20171019
Kingsoft 20171019
McAfee 20171019
McAfee-GW-Edition 20171019
Microsoft 20171019
NANO-Antivirus 20171019
nProtect 20171019
Palo Alto Networks (Known Signatures) 20171019
Rising 20171019
SUPERAntiSpyware 20171019
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171019
Trustlook 20171019
VBA32 20171019
ViRobot 20171019
WhiteArmor 20171016
Yandex 20171018
Zillya 20171019
Zoner 20171019
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All right

Product Microsoft® Windows® Operat
Original name dssenh.dl
Internal name dssenh.dl
File version 6.1.7600.163
Description Microsoft Enhanced DSS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-12 23:31:56
Entry Point 0x000014A0
Number of sections 8
PE sections
PE imports
CryptSIPCreateIndirectData
CryptHashCertificate
GetGlyphIndicesW
FindFirstVolumeW
MprAdminMIBEntryCreate
wsprintfA
GetInputState
ClientToScreen
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operat

FileVersionNumber
9.24.950.2656

LanguageCode
English (U.S.)

FileFlagsMask
0x30003f

FileDescription
Microsoft Enhanced DSS

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
dll

OriginalFileName
dssenh.dl

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7600.163

TimeStamp
2017:10:13 00:31:56+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
dssenh.dl

ProductVersion
6.1.7600.163

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Microsoft Corporation. All right

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
12288

FileSubtype
0

ProductVersionNumber
9.24.950.2656

EntryPoint
0x14a0

ObjectFileType
Dynamic link library

File identification
MD5 bf91a9159929614de2f9dc95c59de516
SHA1 afaf614a7dcffd35d54bf8b6252601bbb10493ac
SHA256 1a4373d60797a60210fa72dbe7565b19b369b86b02e988d92eb29021dd3c5dd3
ssdeep
6144:61Q9w3LX2TtGri6G1GWFQmwQeGHF5HgLSVrGvXfm3mLadoKGFGnoxzGfgLgGq:NAX2TtGr81GWFQxI7CyqvXfvLaNGsYqz

authentihash 2e94942bbbfc9a30f5891a748236a0a07294777eacbb3a2fed81580ecd840012
imphash d6cbbb2a2c641d1aa8a98bfc89e65214
File size 340.0 KB ( 348160 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2017-10-19 17:54:21 UTC ( 1 year, 1 month ago )
Last submission 2018-07-20 23:15:57 UTC ( 4 months, 3 weeks ago )
File names dssenh.dl
bf91a9159929614de2f9dc95c59de516.vir
bf91a9159929614de2f9dc95c59de516
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!