× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc
File name: Sysinternals installer
Detection ratio: 48 / 63
Analysis date: 2018-06-29 17:56:46 UTC ( 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Duqu.F 20180629
AegisLab Troj.W32.Duqu2.gen!c 20180629
AhnLab-V3 Trojan/Win32.Duqu.C881965 20180629
ALYac Trojan.Agent.duqu 20180629
Antiy-AVL Trojan/Win32.Duqu2 20180629
Arcabit Trojan.Duqu.F 20180629
Avast Win32:Duqu-M [Trj] 20180629
AVG Win32:Duqu-M [Trj] 20180629
Avira (no cloud) TR/Spy.A.2370 20180629
AVware Trojan.Win32.Generic!BT 20180629
BitDefender Trojan.Duqu.F 20180629
Bkav W32.CanluximF.Trojan 20180629
CAT-QuickHeal TrojanAPT.Duqu.A2 20180629
Comodo .UnclassifiedMalware 20180629
Cyren W32/Duqu.ASPL-4507 20180629
DrWeb Trojan.Duqu.4 20180629
Emsisoft Trojan.Duqu.F (B) 20180629
Endgame malicious (moderate confidence) 20180612
ESET-NOD32 Win32/Duqu.D 20180629
F-Prot W32/Duqu2.F 20180629
F-Secure Trojan:W32/DuquLoader.A 20180629
Fortinet W32/Duqu.A!tr 20180629
GData Win32.Trojan.Duqu.C 20180629
Ikarus Trojan.Win32.Duqu 20180629
K7AntiVirus Trojan ( 004c57c41 ) 20180629
K7GW Trojan ( 004c57c41 ) 20180629
Kaspersky Trojan.Win32.Agent.ifye 20180629
Malwarebytes Backdoor.Duqu.VT 20180629
MAX malware (ai score=100) 20180629
McAfee PWS-Duqu.b 20180629
McAfee-GW-Edition PWS-Duqu.b 20180629
Microsoft Trojan:Win32/Duqu!dha 20180629
eScan Trojan.Duqu.F 20180629
NANO-Antivirus Trojan.Win32.Duqu2.dsryvc 20180629
Palo Alto Networks (Known Signatures) generic.ml 20180629
Panda Trj/Duqu.C 20180629
Sophos AV Troj/Duqu-I 20180629
Symantec Trojan.Gen.MBT 20180629
TACHYON Trojan/W32.Duqu2.13312 20180629
Tencent Win32.Trojan.Duqu2.Homh 20180629
TheHacker Trojan/Duqu.d 20180628
VBA32 OScope.Trojan.Duqu2 20180629
VIPRE Trojan.Win32.Generic!BT 20180629
ViRobot Trojan.Win32.Duqu.13312 20180629
Webroot W32.Trojan.Duqu 20180629
Yandex Trojan.Duqu2! 20180629
Zillya Trojan.Duqu2.Win32.5 20180629
ZoneAlarm by Check Point Trojan.Win32.Agent.ifye 20180629
Avast-Mobile 20180629
Babable 20180406
Baidu 20180628
ClamAV 20180629
CMC 20180629
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180629
Sophos ML 20180601
Jiangmin 20180629
Kingsoft 20180629
Qihoo-360 20180629
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180629
Symantec Mobile Insight 20180629
TotalDefense 20180629
Trustlook 20180629
Zoner 20180629
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2014 Mark Russinovich

Product Process Explorer
Original name svcmsi_32.dll
Internal name Sysinternals installer
File version 16.0
Description Sysinternals Process Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-02-11 21:15:12
Entry Point 0x00002E79
Number of sections 5
PE sections
PE imports
RegQueryValueExW
VirtualProtect
VirtualFree
VirtualAlloc
wsprintfW
Ord(120)
Ord(49)
Ord(114)
Ord(159)
Ord(74)
Ord(32)
Ord(26)
Ord(8)
Ord(160)
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Copyright (C) 1998-2014 Mark Russinovich

SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Sysinternals Process Explorer

CharacterSet
Windows, Latin1

InitializedDataSize
4608

EntryPoint
0x2e79

OriginalFileName
svcmsi_32.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2014 Mark Russinovich

FileVersion
16.0

TimeStamp
2004:02:11 22:15:12+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Sysinternals installer

ProductVersion
16.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
8192

ProductName
Process Explorer

ProductVersionNumber
16.0.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 c04724afdb6063b640499b52623f09b5
SHA1 288ebfe21a71f83b5575dfcc92242579fb13910d
SHA256 2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc
ssdeep
192:Qs919jyGUboXIQ2EuqGMzSaYy4P79XqaecAIDiyKgj5u8uz:9y4iEurMzSaYy4PonIeyFu8uz

authentihash b31bd8b597f70ca8447f07d5482b2ae5c5a31bb6079ed4cea0f74d6a1729d327
imphash 3577846f316ab0bf133e8557a16a63d7
File size 13.0 KB ( 13312 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2015-06-10 07:19:33 UTC ( 3 years, 1 month ago )
Last submission 2018-05-01 17:42:27 UTC ( 2 months, 2 weeks ago )
File names 2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc
c04724afdb6063b640499b52623f09b5
Sysinternals installer
svcmsi_32.dll
2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc.infected
2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc
2796a119171328e91648a73d95eb297edc220e8768f4bbba5fb7237122a988fc
C04724AFDB6063B640499B52623F09B5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!