× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a7f3fe337fffb769bf32e8559bb53fe7cc0d846a27c3af454435d7f415ab6f7
File name: malware.exe
Detection ratio: 7 / 54
Analysis date: 2016-02-17 09:25:28 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.10503 20160217
AhnLab-V3 Trojan/Win32.Dridex 20160216
Arcabit Trojan.Jaik.D2907 20160217
Kaspersky UDS:DangerousObject.Multi.Generic 20160217
McAfee Suspect-AN!388BE67BFB53 20160217
Qihoo-360 QVM19.1.Malware.Gen 20160217
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160216
AegisLab 20160217
Yandex 20160216
Alibaba 20160217
ALYac 20160217
Antiy-AVL 20160217
Avast 20160217
AVG 20160217
Avira (no cloud) 20160217
Baidu-International 20160216
BitDefender 20160217
Bkav 20160215
ByteHero 20160217
CAT-QuickHeal 20160216
ClamAV 20160217
CMC 20160216
Comodo 20160217
Cyren 20160217
DrWeb 20160217
Emsisoft 20160217
ESET-NOD32 20160217
F-Prot 20160217
F-Secure 20160217
Fortinet 20160217
GData 20160217
Ikarus 20160217
Jiangmin 20160217
K7AntiVirus 20160217
K7GW 20160217
Malwarebytes 20160217
McAfee-GW-Edition 20160217
Microsoft 20160216
eScan 20160217
NANO-Antivirus 20160217
nProtect 20160216
Panda 20160216
Sophos AV 20160217
SUPERAntiSpyware 20160217
Symantec 20160216
Tencent 20160217
TheHacker 20160217
TrendMicro 20160217
TrendMicro-HouseCall 20160217
VBA32 20160216
VIPRE 20160217
ViRobot 20160217
Zillya 20160217
Zoner 20160217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PORTABLEDEVICECLASSEXTENSION.DLL
File version 6.3.7600.16385 (win7_rtm.090713-1255)
Description Windows Portable Device Class Extension Component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x000226F0
Number of sections 9
PE sections
PE imports
GetPrivateProfileStructA
GetProfileSectionW
CreateJobObjectW
EnumUILanguagesW
SetThreadPriorityBoost
GetHandleInformation
SetInformationJobObject
VerifyVersionInfoW
DisconnectNamedPipe
Heap32Next
MapViewOfFileEx
GetConsoleCursorInfo
lstrcatW
QueryMemoryResourceNotification
GetThreadContext
FindResourceExA
GetCPInfo
lstrcmpiA
WaitForDebugEvent
WriteConsoleOutputA
FindResourceExW
ReleaseActCtx
GetFullPathNameA
LocalLock
FatalExit
GetLogicalDriveStringsW
VirtualQueryEx
FindFirstVolumeMountPointA
GetEnvironmentVariableW
ReplaceFileW
GetUserDefaultUILanguage
CopyFileW
CopyFileA
ExitProcess
VerLanguageNameW
RemoveDirectoryA
SetConsoleWindowInfo
FindNextVolumeW
LoadLibraryExA
CreateActCtxW
GetCalendarInfoW
WritePrivateProfileSectionW
WriteConsoleInputW
CreateMutexA
CreateDirectoryExW
TlsSetValue
SetNamedPipeHandleState
Module32Next
CreateDirectoryExA
SetConsoleTextAttribute
IsProcessorFeaturePresent
ExitThread
DecodePointer
ReadConsoleA
GlobalAddAtomA
WaitForMultipleObjectsEx
FindAtomW
VirtualQuery
FindAtomA
GetNumberFormatW
ReadConsoleOutputA
LocalCompact
lstrcatA
FillConsoleOutputCharacterA
SetConsoleMode
IsBadWritePtr
UnlockFileEx
WriteConsoleOutputAttribute
SetThreadIdealProcessor
GlobalFindAtomW
Process32First
GetNamedPipeHandleStateA
GetDateFormatW
GetProcAddress
GetProcessHeap
GetTempFileNameW
EnumResourceNamesW
CompareStringW
WTSGetActiveConsoleSessionId
GetProcessWorkingSetSize
TerminateProcess
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
FindFirstVolumeA
SetConsoleActiveScreenBuffer
SetMessageWaitingIndicator
CreateFileA
AttachConsole
LocalReAlloc
Heap32ListFirst
GetShortPathNameW
SetComputerNameExA
GetSystemInfo
lstrlenA
GetProfileStringW
GetTapeStatus
GetSystemWindowsDirectoryW
GetDevicePowerState
WinExec
GetEnvironmentStrings
CreateIoCompletionPort
GetConsoleTitleW
GetProcessHeaps
HeapSize
QueryActCtxW
GetConsoleTitleA
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
ReadConsoleOutputCharacterW
CloseHandle
ReadConsoleOutputCharacterA
DeleteVolumeMountPointA
OpenWaitableTimerA
ResetWriteWatch
OpenSemaphoreA
PostQueuedCompletionStatus
MprAdminServerConnect
MprAdminDeviceEnum
VarR4FromCy
LPSAFEARRAY_UserSize
VarR8FromBool
VarBstrFromR8
DuplicateIcon
SHQueryRecycleBinW
ExtractAssociatedIconExW
ExtractAssociatedIconW
wnsprintfW
GetWindowLongA
SetWindowTextA
wsprintfA
EnableWindow
RemovePropW
wsprintfW
GetProcessWindowStation
ScreenToClient
PostMessageW
InvalidateRect
rename
fgetpos
getc
swscanf
getenv
exit
putwc
vfprintf
putc
setbuf
fflush
wcsxfrm
wcstod
wcstombs
memset
wcscpy
isalpha
wcsncat
toupper
islower
towupper
GetErrorInfo
PdhRemoveCounter
PdhAddCounterA
RevokeBindStatusCallback
URLOpenBlockingStreamA
CoInternetCombineUrl
HlinkGoBack
CreateURLMoniker
CoInternetCreateSecurityManager
WriteHitLogging
Number of PE resources by type
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.17

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.7600.16385

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42752

EntryPoint
0x226f0

OriginalFileName
PORTABLEDEVICECLASSEXTENSION.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.7600.16385 (win7_rtm.090713-1255)

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.3.7600.16385

FileDescription
Windows Portable Device Class Extension Component

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 388be67bfb539017d673ace4011a9294
SHA1 248c94feab67ee5e294415618d86510d7f55083c
SHA256 1a7f3fe337fffb769bf32e8559bb53fe7cc0d846a27c3af454435d7f415ab6f7
ssdeep
3072:ErVECoa+d/65cN07hjH4LclfJDGCxNiUuFXo83:ErVECr+/McN010L8Jdx14XB

authentihash e18670da4d8513d4ff34eff1dbcce7ad1f2aeac5edec373454a80c2d7bd8acac
imphash f7039009dbf5182787d926fb094405d8
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-17 08:41:03 UTC ( 3 years, 3 months ago )
Last submission 2017-11-29 08:59:42 UTC ( 1 year, 5 months ago )
File names 388be67bfb539017d673ace4011a9294DROPPE
565645.exe
ware.exe
%7BBE59EE9F-773A-418C-8326-C743D8D01714%7D
PORTABLEDEVICECLASSEXTENSION.DLL
malware.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications