× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 207b4ae38b3a5c51614aacd6b9d09bff242b23fab777446e9f752eefde57bac8
File name: VHJvasd.PiF_
Detection ratio: 40 / 54
Analysis date: 2016-07-20 21:25:33 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3408750 20160720
AegisLab Uds.Dangerousobject.Multi!c 20160720
AhnLab-V3 Trojan/Win32.Drixed.N2048364731 20160720
ALYac Trojan.GenericKD.3408750 20160720
Arcabit Trojan.Generic.D34036E 20160720
Avast Win32:Malware-gen 20160720
AVG Generic37.CGYE 20160720
Avira (no cloud) TR/Crypt.Xpack.zday 20160720
AVware Trojan.Win32.Generic!BT 20160720
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160720
BitDefender Trojan.GenericKD.3408750 20160720
CAT-QuickHeal Trojan.Razy 20160720
Cyren W32/Trojan.LWZR-8857 20160720
DrWeb Trojan.Dridex.433 20160720
Emsisoft Trojan.GenericKD.3408750 (B) 20160720
ESET-NOD32 a variant of Win32/Kryptik.FCIP 20160720
F-Secure Trojan.GenericKD.3408750 20160720
Fortinet W32/Malicious_Behavior.VEX 20160720
GData Trojan.GenericKD.3408750 20160720
Ikarus Trojan.Win32.Crypt 20160720
K7AntiVirus Trojan ( 004f43c01 ) 20160720
K7GW Trojan ( 004f43c01 ) 20160720
Kaspersky Trojan.Win32.Razy.bdk 20160720
Malwarebytes Trojan.Crypt 20160720
McAfee Artemis!52FAAD132ECC 20160720
McAfee-GW-Edition BehavesLike.Win32.Downloader.dm 20160720
Microsoft Backdoor:Win32/Drixed 20160720
eScan Trojan.GenericKD.3408750 20160720
NANO-Antivirus Trojan.Win32.Dridex.eelhjc 20160720
nProtect Trojan.GenericKD.3408750 20160720
Panda Trj/CI.A 20160720
Qihoo-360 HEUR/QVM20.1.7AA7.Malware.Gen 20160720
Sophos AV Troj/Agent-ASTZ 20160720
Symantec Trojan.Cridex 20160720
Tencent Win32.Trojan.Bp-generic.Wpav 20160720
TrendMicro TROJ_KRYPTIK.XXUAZ 20160720
TrendMicro-HouseCall TROJ_KRYPTIK.XXUAZ 20160720
VIPRE Trojan.Win32.Generic!BT 20160720
ViRobot Trojan.Win32.Z.Kryptik.270492[h] 20160720
Yandex Trojan.Razy! 20160717
Alibaba 20160720
Antiy-AVL 20160720
Bkav 20160720
ClamAV 20160720
CMC 20160715
Comodo 20160720
F-Prot 20160720
Jiangmin 20160720
Kingsoft 20160720
SUPERAntiSpyware 20160720
TheHacker 20160720
VBA32 20160720
Zillya 20160720
Zoner 20160720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SensorsApi.dll
Internal name Sensor API
File version 6.3.9605.17415 (winblue_r4.141028-1500)
Description Sensor API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2036-06-02 10:53:44
Entry Point 0x0003EB80
Number of sections 14
PE sections
PE imports
ObjectPrivilegeAuditAlarmA
ImageList_LoadImageA
ExpandEnvironmentStringsW
ActivateActCtx
GetCurrentDirectoryA
FreeConsole
GetComputerNameA
IsBadCodePtr
LoadLibraryA
GetWindowLongA
isprint
atan
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
8192

LinkerVersion
3.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sensor API

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x3eb80

OriginalFileName
SensorsApi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9605.17415 (winblue_r4.141028-1500)

TimeStamp
2036:06:02 03:53:44-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sensor API

ProductVersion
6.3.9605.17415

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 52faad132ecc0a103d368640db9274b7
SHA1 4af210a9c7c7c5d62dfac90de213c559bd04295c
SHA256 207b4ae38b3a5c51614aacd6b9d09bff242b23fab777446e9f752eefde57bac8
ssdeep
3072:CIqrT1xx0WHi7y92InMr8/uIJvc6i0fj2Z7:7qrTiWiO92kMrIuqvhKR

authentihash fcac42c43351de1bc06b992cac030656363dd41bd1a04910b6514cf4fe82fbd1
imphash e3ded39841d68648981a46a9cc89892d
File size 264.2 KB ( 270492 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-15 10:32:43 UTC ( 2 years, 7 months ago )
Last submission 2016-12-16 04:44:14 UTC ( 2 years, 2 months ago )
File names VHJvasd.PiF_
207b4ae38b3a5c51614aacd6b9d09bff242b23fab777446e9f752eefde57bac8.exe.bin
home-logo.exe
home-logo.png
ogo.exe
nautilus.exe
M A L W A R E (13).exe
Sensor API
207b4ae38b3a5c51614aacd6b9d09bff242b23fab777446e9f752eefde57bac8.exe
M A L W A R E (13).exe
SensorsApi.dll
M A L W A R E (13).exe
207b4ae38b3a5c51614aacd6b9d09bff242b23fab777446e9f752eefde57bac8
home-logo.exe
VHJvasd.PiF
home-logo.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications