× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1de486939fe6356584d1489b87d48e1c49f3ee6fb52e887e7f0621e9655440b5
File name: 746c05a395af341a33be7a78be9d43c6.virus
Detection ratio: 33 / 56
Analysis date: 2016-02-28 02:00:41 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BQSW 20160228
Yandex Trojan.Agent!A/nw8ZGJ/Y0 20160227
ALYac Trojan.Agent.BQSW 20160228
Arcabit Trojan.Agent.BQSW 20160228
Avast Win32:Evo-gen [Susp] 20160228
AVG Crypt5.AAVM 20160228
Avira (no cloud) TR/Agent.96256.228 20160227
AVware Trojan.Win32.Generic!BT 20160228
BitDefender Trojan.Agent.BQSW 20160228
Cyren W32/Threat-HLLAU-based!Maximus 20160228
DrWeb Trojan.Dridex.288 20160228
Emsisoft Trojan.Agent.BQSW (B) 20160228
ESET-NOD32 Win32/Dridex.AA 20160227
F-Prot W32/Threat-HLLAU-based!Maximus 20160228
F-Secure Trojan.Agent.BQSW 20160227
Fortinet W32/Cridex.AA!tr.bdr 20160227
GData Trojan.Agent.BQSW 20160228
Ikarus Trojan.Win32.Dusvext 20160227
Jiangmin Trojan.Agent.rvx 20160228
K7AntiVirus Riskware ( f15000051 ) 20160227
K7GW Riskware ( f15000051 ) 20160228
Kaspersky Backdoor.Win32.Cridex.cu 20160228
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nc 20160228
eScan Trojan.Agent.BQSW 20160228
NANO-Antivirus Trojan.Win32.Cridex.eaoijy 20160228
nProtect Trojan.Agent.BQSW 20160226
Panda Trj/Dridex.B 20160227
Qihoo-360 HEUR/QVM13.0.Malware.Gen 20160228
Sophos AV Mal/Zbot-EZ 20160227
Symantec Suspicious.Cloud.7.L 20160227
TrendMicro TROJ_GEN.R011C0RBR16 20160227
VBA32 Trojan.Agent 20160226
VIPRE Trojan.Win32.Generic!BT 20160227
AegisLab 20160227
AhnLab-V3 20160227
Alibaba 20160227
Antiy-AVL 20160228
Baidu-International 20160227
Bkav 20160227
ByteHero 20160228
CAT-QuickHeal 20160227
ClamAV 20160228
CMC 20160225
Comodo 20160228
Malwarebytes 20160228
McAfee 20160228
Microsoft 20160227
Rising 20160225
SUPERAntiSpyware 20160227
Tencent 20160228
TheHacker 20160227
TotalDefense 20160227
TrendMicro-HouseCall 20160227
ViRobot 20160228
Zillya 20160227
Zoner 20160227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name WIASERVC.DLL
Internal name WIASERVC
File version 5.1.2600.5512 (xpsp.080413-0852)
Description ?????? ????????? ????????? ??????????? ???????????
Packers identified
F-PROT UPX_LZMA
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-11 22:49:02
Entry Point 0x0003C001
Number of sections 5
PE sections
PE imports
ClusterResourceTypeCloseEnum
GetProcAddress
GetModuleHandleA
LoadLibraryA
ExtractIconExA
wsprintfW
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
UninitializedDataSize
147456

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x3c001

OriginalFileName
WIASERVC.DLL

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2016:01:11 23:49:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WIASERVC

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
90112

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 746c05a395af341a33be7a78be9d43c6
SHA1 54ff004070a319a72d6b4695cc6ff79d2b001b2d
SHA256 1de486939fe6356584d1489b87d48e1c49f3ee6fb52e887e7f0621e9655440b5
ssdeep
1536:M5e1/iEyaQ2B4MljkAp041f4Wub/YIRcGChuFxYsomNoKG1LnvPdXWijiwLpPfie:r1/Ga1iMJxr1fQrBcG9FxYsomdOnNXHV

authentihash d36754dea01ea2d3b35ad293a42449850857af35c2f9ba85b4ac318c41ee669e
imphash 78d25400e142de42e55d55067a4a82d2
File size 94.0 KB ( 96256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (66.9%)
Win32 Dynamic Link Library (generic) (14.4%)
Win32 Executable (generic) (9.8%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe aspack

VirusTotal metadata
First submission 2016-02-28 02:00:41 UTC ( 3 years, 1 month ago )
Last submission 2016-02-28 02:00:41 UTC ( 3 years, 1 month ago )
File names 746c05a395af341a33be7a78be9d43c6.virus
WIASERVC
WIASERVC.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications