× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1beda47146b1dd7a2ca7210e83bec3b1bc45c51f9eb97ece446983e6324741cc
File name: 6t45eyv.exe
Detection ratio: 2 / 52
Analysis date: 2015-11-10 11:00:51 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AVware LooksLike.Win32.Dridex.e (v) 20151110
VIPRE LooksLike.Win32.Dridex.e (v) 20151110
AegisLab 20151110
Yandex 20151109
AhnLab-V3 20151110
Alibaba 20151110
ALYac 20151110
Antiy-AVL 20151110
Arcabit 20151110
Avast 20151110
AVG 20151110
Baidu-International 20151110
BitDefender 20151110
Bkav 20151109
ByteHero 20151110
CAT-QuickHeal 20151110
ClamAV 20151109
CMC 20151109
Comodo 20151110
Cyren 20151110
DrWeb 20151110
Emsisoft 20151110
ESET-NOD32 20151110
F-Prot 20151110
F-Secure 20151110
Fortinet 20151110
GData 20151110
Ikarus 20151110
Jiangmin 20151109
K7AntiVirus 20151110
K7GW 20151110
Kaspersky 20151110
Malwarebytes 20151110
McAfee 20151110
McAfee-GW-Edition 20151110
Microsoft 20151110
eScan 20151110
NANO-Antivirus 20151110
nProtect 20151110
Panda 20151109
Qihoo-360 20151110
Rising 20151109
SUPERAntiSpyware 20151110
Symantec 20151109
Tencent 20151110
TheHacker 20151110
TrendMicro 20151110
TrendMicro-HouseCall 20151110
VBA32 20151109
ViRobot 20151110
Zillya 20151109
Zoner 20151110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1992-2001 Microsoft Corp.

Product DirectShow
Original name EncDec.dll
Internal name EncDec.dll
File version 6.05.2600.6161
Description XDSCodec & Encypter/Decrypter Tagger Filters.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1991-09-25 09:38:58
Entry Point 0x00026670
Number of sections 11
PE sections
PE imports
LocalCompact
WriteProfileStringA
CreateTimerQueueTimer
GetDriveTypeW
GetConsoleOutputCP
ScrollConsoleScreenBufferA
GetVolumePathNameA
GetTapeParameters
CreatePipe
SetTimeZoneInformation
DebugActiveProcessStop
GetTapePosition
GetCommModemStatus
EnumCalendarInfoExW
ReleaseActCtx
EnumDateFormatsW
InterlockedPushEntrySList
GlobalCompact
SetConsoleWindowInfo
FindClose
TlsGetValue
FindFirstVolumeMountPointA
DeviceIoControl
GetUserDefaultLangID
RemoveDirectoryW
DeleteTimerQueueEx
FindNextVolumeW
UpdateResourceA
EnumSystemLocalesA
LoadLibraryExA
CancelDeviceWakeupRequest
SetProcessAffinityMask
GetSystemPowerStatus
EnumSystemLanguageGroupsA
GetFirmwareEnvironmentVariableA
CreateDirectoryExA
IsProcessorFeaturePresent
ExitThread
SetHandleInformation
SetPriorityClass
WaitForMultipleObjectsEx
GlobalMemoryStatus
GetNumberFormatA
VirtualQuery
BackupSeek
WriteConsoleW
ReadConsoleOutputA
CreateToolhelp32Snapshot
GetSystemWow64DirectoryW
SetTapeParameters
GetSystemWow64DirectoryA
SetConsoleTextAttribute
GlobalSize
ConvertFiberToThread
GetDateFormatA
DecodePointer
GetFileSize
GetPrivateProfileIntA
GenerateConsoleCtrlEvent
GetProcAddress
WriteFileGather
lstrcpyW
SetCriticalSectionSpinCount
GetFileSizeEx
EnumDateFormatsExA
FindFirstFileExA
lstrcpyA
GetTimeFormatA
FreeConsole
FindNextFileA
GetBinaryTypeA
LocalSize
ExitProcess
PrepareTape
RemoveVectoredExceptionHandler
GetDefaultCommConfigW
GetEnvironmentStringsW
GetDevicePowerState
SetupComm
GetCPInfoExW
VirtualFreeEx
GetCurrentActCtx
EnumResourceTypesA
GetSystemDefaultLangID
QueryPerformanceFrequency
VirtualUnlock
PulseEvent
SetConsoleTitleA
CloseHandle
ReadConsoleOutputCharacterA
GetGeoInfoW
OpenEventW
VarR4FromCy
DragQueryFileA
wnsprintfW
OpenInputDesktop
IsWindow
TabbedTextOutW
wsprintfA
cos
sscanf
tolower
isleadbyte
memmove
isgraph
wprintf
memset
wcscmp
swscanf
isspace
iscntrl
fwprintf
abort
strspn
ungetc
vprintf
vsprintf
memcpy
GetClassFileOrMime
CreateURLMonikerEx
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
UninitializedDataSize
5632

InitializedDataSize
124928

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.5.2600.6161

LanguageCode
English (U.S.)

DirectShow
Core

FileDescription
XDSCodec & Encypter/Decrypter Tagger Filters.

CharacterSet
Windows, Latin1

LinkerVersion
0.23

EntryPoint
0x26670

OriginalFileName
EncDec.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1992-2001 Microsoft Corp.

FileVersion
6.05.2600.6161

TimeStamp
1991:09:25 10:38:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EncDec.dll

OLESelfRegister
DXM20

ProductVersion
6.05.2600.6161

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
28160

ProductName
DirectShow

ProductVersionNumber
6.5.2600.6161

FileTypeExtension
exe

ObjectFileType
Dynamic link library

FileFlagsMask
0x30003f

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
PCAP parents
File identification
MD5 2845499946fd5882f94cc9a4375b364a
SHA1 fba236dfd48974f79826d66575b1518744a3da0a
SHA256 1beda47146b1dd7a2ca7210e83bec3b1bc45c51f9eb97ece446983e6324741cc
ssdeep
3072:01/LsPEgqqvzNj8PySQu2s8zaPT0jZGm2RwXVmS:0hs1nJ8Kk62bIYtwXE

authentihash 28c4333e325eb192971174a7abfc5873e74c50fb673822e18ee81b38edaf7abd
imphash 8c7840326261e5b258e98cbd5c8dca32
File size 153.0 KB ( 156672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-10 10:29:22 UTC ( 2 years, 9 months ago )
Last submission 2016-12-16 17:42:57 UTC ( 1 year, 8 months ago )
File names qhdssbko.gvu
fz5r35pq.3z0
fe1i1nb1.ruf
wcy31rv1.tgp
ox1nedtw.2z2
naiuprgh.zic
3yvkbklv.sbh
kzc0b5ut.x2u
m52bhshw.qjv
gcmfwz15.wmu
gdjqk0e0.odu
ekluoluh.q2y
5eovjtli.xrj
ct3owbsn.njt
jxlvc5mx.jys
f0z52g4s.z4x
td2vanvi.2r3
d2r0ccte.3ut
u533qd0y.hha
g0ve41fl.h0c
13qkj1x2.xkc
i54bcx3o.pab
q2bjhgvb.5na
zrqi2b1l.14x
pixby3w3.qi2
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections