× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 285e2e969d12855bbe85783d9eace0f720019dfa42676f2de7faeba72b24d69b
File name: 620efb6639e12acfed86e10060405e87
Detection ratio: 34 / 57
Analysis date: 2016-05-01 03:23:17 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.40380 20160501
AhnLab-V3 Win-Trojan/Cerber.Gen 20160430
ALYac Gen:Variant.Razy.40380 20160501
Arcabit Trojan.Razy.D9DBC 20160501
Avast Win32:Trojan-gen 20160501
AVG Inject3.AJZM 20160501
Avira (no cloud) TR/Crypt.Xpack.gfxv 20160430
AVware Trojan.Win32.Generic!BT 20160501
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160429
BitDefender Gen:Variant.Razy.40380 20160501
CAT-QuickHeal Ransom.Crowti.G4 20160430
Cyren W32/Trojan.BEEB-2291 20160501
Emsisoft Gen:Variant.Razy.40380 (B) 20160501
ESET-NOD32 Win32/TrojanDownloader.Agent.CEF 20160430
F-Secure Gen:Variant.Razy.40380 20160501
Fortinet W32/Agent.CEF!tr.dldr 20160501
GData Gen:Variant.Razy.40380 20160501
K7AntiVirus Riskware ( 0040eff71 ) 20160430
K7GW Riskware ( 0040eff71 ) 20160501
Kaspersky Trojan-Dropper.Win32.Injector.otbs 20160501
McAfee Artemis!620EFB6639E1 20160501
McAfee-GW-Edition BehavesLike.Win32.PackedAP.cm 20160430
Microsoft Trojan:Win32/Dynamer!ac 20160501
eScan Gen:Variant.Razy.40380 20160501
Panda Trj/GdSda.A 20160430
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160501
Rising Dropper.Injector!8.DC-PwXCJgQ6LRC (Cloud) 20160501
Sophos AV Mal/Tinba-T 20160430
Symantec Trojan.Gen.2 20160501
Tencent Win32.Trojan.Inject.Auto 20160501
TrendMicro TROJ_GEN.R011C0DDG16 20160501
TrendMicro-HouseCall Ransom_CRYPTESLA.SMCQ 20160501
VIPRE Trojan.Win32.Generic!BT 20160501
Yandex Trojan.DR.Injector!k5gSl8P2gGw 20160501
AegisLab 20160430
Alibaba 20160429
Antiy-AVL 20160501
Baidu-International 20160430
Bkav 20160429
ClamAV 20160430
CMC 20160429
Comodo 20160501
DrWeb 20160501
F-Prot 20160501
Ikarus 20160430
Jiangmin 20160501
Kingsoft 20160501
Malwarebytes 20160430
NANO-Antivirus 20160501
nProtect 20160429
SUPERAntiSpyware 20160430
TheHacker 20160430
TotalDefense 20160430
VBA32 20160430
ViRobot 20160430
Zillya 20160430
Zoner 20160501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2009, mst software GmbH.

Product mst Defrag SDK
Original name mstDfSDK.exe
Internal name mstDfSDK.exe
File version 3,6,0,6165
Description mst Defrag SDK Service
Comments mst Defrag SDK Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-12 22:43:30
Entry Point 0x00002A90
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
LookupAccountSidW
OpenProcessToken
EnumServicesStatusExW
RegConnectRegistryW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
GetEnhMetaFileA
SetMetaRgn
AddFontResourceA
DeleteEnhMetaFile
PathToRegion
GetTextCharset
CreateMetaFileA
GetBkMode
SaveDC
EndPath
GetEnhMetaFileW
GetROP2
UpdateColors
GetObjectType
CreateMetaFileW
DeleteDC
GdiGetBatchLimit
GetMapMode
GetPixelFormat
GetTextColor
EndDoc
CreateSolidBrush
FillPath
CreateHalftonePalette
GetFontLanguageInfo
GetLayout
RealizePalette
GetDCBrushColor
GetColorSpace
DeleteColorSpace
GetStockObject
GetPolyFillMode
AbortPath
UnrealizeObject
GetDCPenColor
GetGraphicsMode
GdiFlush
CreateCompatibleDC
GetTextAlign
SwapBuffers
StrokePath
FlattenPath
EndPage
CloseFigure
DeleteObject
CloseMetaFile
CancelDC
GetSystemPaletteUse
GetStretchBltMode
WidenPath
BeginPath
AbortDoc
GetTextCharacterExtra
DeleteMetaFile
AddFontResourceW
GetLastError
HeapFree
GetSystemTimeAsFileTime
FileTimeToSystemTime
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
HeapAlloc
SetConsoleCursorPosition
lstrcmpiW
GetStdHandle
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetConsoleMode
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
MultiByteToWideChar
lstrcatW
GetConsoleScreenBufferInfo
GetLocaleInfoW
lstrcpynW
GetTimeFormatW
lstrcpyW
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
CloseHandle
GetComputerNameExW
lstrcmpW
HeapReAlloc
GetModuleHandleW
LocalFree
FormatMessageW
TerminateProcess
SetConsoleMode
GetNumberFormatW
InterlockedDecrement
SetLastError
ReadConsoleW
GetTickCount
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
LocalAlloc
WriteConsoleW
InterlockedIncrement
GetMessagePos
GetInputState
EnumDesktopsW
DestroyMenu
GetWindowContextHelpId
GetClipboardViewer
IsWindow
OpenIcon
VkKeyScanA
OpenWindowStationW
GetMessageTime
VkKeyScanW
GetClipboardSequenceNumber
GetDC
GetAsyncKeyState
GetDlgCtrlID
GetMenu
EndMenu
AnyPopup
IsClipboardFormatAvailable
SetThreadDesktop
GetThreadDesktop
InSendMessage
GetWindowTextLengthA
GetActiveWindow
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
GetTopWindow
EnumWindowStationsW
GetMenuContextHelpId
DestroyWindow
EnumWindows
GetListBoxInfo
IsCharAlphaW
CharUpperW
IsCharAlphaA
IsWindowEnabled
GetWindow
CharUpperA
PaintDesktop
GetQueueStatus
OpenDesktopW
IsCharLowerA
CharLowerA
LoadStringW
CloseWindow
DrawMenuBar
IsCharLowerW
IsIconic
CreateMenu
GetKeyboardLayout
CharNextA
GetSysColorBrush
GetDialogBaseUnits
GetWindowLongW
CharNextW
GetOpenClipboardWindow
CopyIcon
GetClipboardOwner
IsGUIThread
GetSystemMetrics
ReleaseCapture
GetMessageExtraInfo
CharLowerW
SetProcessWindowStation
GetProcessWindowStation
GetCursor
CreatePopupMenu
ShowCaret
GetLastActivePopup
GetForegroundWindow
GetMenuCheckMarkDimensions
CloseWindowStation
CountClipboardFormats
GetMenuItemCount
GetDesktopWindow
FindWindowExW
WindowFromDC
GetCaretBlinkTime
GetCapture
GetShellWindow
GetWindowThreadProcessId
GetKBCodePage
IsWindowUnicode
LoadCursorFromFileA
IsCharUpperW
GetWindowDC
DestroyCursor
LoadCursorFromFileW
GetSysColor
GetKeyState
IsCharAlphaNumericA
GetDoubleClickTime
DestroyIcon
OemKeyScan
IsWindowVisible
IsCharAlphaNumericW
IsCharUpperA
CloseDesktop
IsMenu
GetFocus
wsprintfW
CloseClipboard
GetKeyboardType
__wgetmainargs
__p__fmode
realloc
_wcsnicmp
wcstok
wcstol
fflush
wcstod
__winitenv
_cexit
_wcsdup
_c_exit
strtok
fprintf
_wcsicmp
wcslen
exit
_XcptFilter
__setusermatherr
_wtoi64
__p__commode
__CxxFrameHandler
_CxxThrowException
wcschr
_adjust_fdiv
free
wcsncmp
_except_handler3
calloc
_controlfp
wcscpy
wcsstr
_initterm
_exit
_iob
__set_app_type
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 10
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
mst Defrag SDK Service

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.6.0.6165

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
150016

EntryPoint
0x2a90

OriginalFileName
mstDfSDK.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2009, mst software GmbH.

FileVersion
3,6,0,6165

TimeStamp
2016:04:12 23:43:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mstDfSDK.exe

SubsystemVersion
5.0

FileDescription
mst Defrag SDK Service

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
mst software GmbH, Germany

CodeSize
13824

ProductName
mst Defrag SDK

ProductVersionNumber
3.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 620efb6639e12acfed86e10060405e87
SHA1 1beb031d6fd3ec48778e8262f509be84017f7ce4
SHA256 285e2e969d12855bbe85783d9eace0f720019dfa42676f2de7faeba72b24d69b
ssdeep
1536:HAGIFdq13yaNgr3OHr2KYUJjlY/RSpDn2iIVayUdtbqOpj+h+1vmKc:g/nq3BHrzJxY/RCD2dcHb3s

authentihash 979bb21a2dd7a745459bd1272f5ac1b532cc8b7adaaef438b73786daae37da49
imphash 71ffd8e721c66499a0f926b8186b3878
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-01 03:23:17 UTC ( 2 years, 10 months ago )
Last submission 2016-05-01 03:23:17 UTC ( 2 years, 10 months ago )
File names mstDfSDK.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs